Each August, America's major computer manufacturers flood the airwaves with commercials urging college students heading off to school and leaving the family computer behind to purchase brand X, Y, or Z.
Today, many schools actually require their students to show up on campus with laptops, most of which are equipped with wireless cards. The "millennials," no strangers to technology, love the convenience of laptops. They require less space in cramped dorm rooms than desktop units, and their wireless cards allow students to connect to a school's network from a dorm room, library, student lounge, classroom, and even off campus.
Peter M. Siegel, associate provost and chief information officer, University of Illinois at Urbana-Champaign, says that, each year, he adds about 10,000 new students to the school's network. "Increasingly, students are expecting to be able to join the campus network from wherever they happen to be studying," he says.
Although wireless technology is the most convenient way to connect to a school's network, with convenience comes security risks. Wireless technology is extraordinarily vulnerable to computer hackers, some of whom want to spread malicious viruses and others who just want to borrow a computer for illegal activity.
Andrew Marshall, chief technology officer and executive VP, Campus Technologies Inc., a firm that specializes in telecommunications for students living off campus, experienced such a breach of a network's security firsthand.
"We found several computers a year or so ago that had been unknowingly hijacked, had hidden files set up on them, and were acting as servers for black-market pornography DVDs" and PlayStation 2 games, says Marshall. Marshall discovered the situation while monitoring outbound bandwidth, which he found to be rather excessive.
The students who were the unwitting accomplices were living off campus, connecting to the Campus Technologies network via an Ethernet connection. Marshall noticed that their outbound bandwidth usage was 10 times their inbound (normally it is the other way around when one is surfing the Web). Marshall brought the computers to his lab for examination and found a Trojan horse. Trojan horses can enter a user's computer undetected, giving the attacker who planted the Trojan unrestricted access to the data stored on the computer. Trojans can transmit credit card information and other confidential data to a waiting computer or can turn a computer into a server. The Trojan found on the students' computers allowed the attackers to control the computer remotely and serve about 20GB of illegal material in hidden folders to other clients.
According to Marshall, school networks are very inviting targets to computer miscreants trying to spread malicious codes or hijack computers for illegal activity. Campus networks, Marshall says, have what is called, in computer parlance, "big pipes," which means they offer very fast public Internet connections. Plus they have numerous unsuspecting targets for Trojans. Attackers scan school IP address ranges for vulnerabilities on a regular basis. "Hackers love setting up illegal servers on unsuspecting students' computers to serve illegal content," says Marshall.
And it's the collegiate culture that makes campus networks so vulnerable. Siegel says that because college and university campuses have traditionally been open environments, unlike corporations, which restrict access to all except their trusted employees, college and university networks have been soft targets for hackers.
The issue of network and computer security falls squarely upon the shoulders of all involved - the school's network administrator, the students, and the school's faculty. Luckily, there are a number of steps all users can take to make certain the network and the computers on a campus do not serve illegal material across the globe.
Network Threats
Networks are susceptible to two major types of threats - virus attacks and copyright protection. If illegal file-sharing is detected, the network owner, which is the school, receives the violation and is obliged to locate and terminate that violation. "This makes it essential to be able to identify owners of individual computers back to authentication again," says Marshall. The most important step a campus can take to make sure that its network is secure, says Marshall, is to design it properly. "The challenge of connecting unknown devices, like student-provided computers, to a network should not be underestimated. This is a significant source of threats to the overall network," he says.
Whether they are desktops or laptops and whether they connect to a network through wires or wirelessly, all computers can host Trojans, worms, and other viral threats. Unfortunately, some college networks require password access only for protected content, not for initial network access. These networks will allow unauthenticated devices to connect to them. A properly designed network will lessen these threats, according to Marshall.
Network administrators can use segmentation and firewalls to contain such threats. Also, they can use specialized tools designed to detect and shut down computers exhibiting threatening behavior, like port scans and network access authentication. Marshall also advises network administrators to mandate the use of school-funded, anti-virus software.
At the University of Illinois at Urbana-Champaign, Siegel's wireless network requires authentication. This means all students who attempt to access the network must type in their network ID and their password. He says that, from a security standpoint, he manages the wireless network as he does the wired network. "Consequently, we don't see any more security incidents via wireless than we do the wired network," he says. But the school does provide students with free anti-virus software and other tools to ensure that their systems are as safe as possible.
On a typical day at the Urbana-Champaign campus, about 2,000 unique users will log onto the campus network, with many more logging on during those periods right before mid-terms and finals. These kinds of numbers offer computer villains plenty of opportunities to perform their dastardly deeds. To make sure that those logging on to the network - whether they be faculty, administration, or students - know how to keep their computers safe and are aware of the dangers of computing, Siegel's office has set up a Web site on which he and his staff offer a boatload of information on keeping both the network and one's computer safe.
While he and his staff offer the standard technical advice, like running the campus-provided anti-virus and anti-spyware software, updating one's operating system, and using strong passwords, he says the best advice they can offer is to be a savvy computer user.
"Securing a system is really no more difficult than installing a few pieces of software using common sense," he says. "Don't open e-mail attachments you aren't expecting; don't download files via Instant Messenger; and be selective about what Web sites you visit. A little common sense can go a long, long way."
Marshall agrees with Siegel about the dangers of downloading files. In his opinion, the most dangerous threats to a computer's well-being are the music-sharing sites that are so much a part of today's pop culture.
"The best thing to do to keep a computer sale - avoid the music-and file-sharing networks such as kazaa, Bearshare, Morpheus, and so on. In our experience, over 80 percent of all computer-related problems trace back to file-sharing activity," he says.
For those students who come to the University of Illinois with limited exposure to computing, the security office and representatives from every part of the academic computing organization participate in the annual orientation for new students. This event provides first-year students with information on all aspects of "digital life" on campus, says Siegel. Beyond the orientation, Siegel and his staff offer security-oriented training sessions throughout the year, some of which focus specifically on laptop security, including wireless.
"Many students learn to use wireless in coffee shops or other public sites, but, most of all, they learn very quickly from each other what works and what doesn't," says Siegel.
What Siegel hopes to impress upon students is that network security is everyone's responsibility. All too often, he hears students say. "If my computer gets infected, it hurts only me; I'll take the risk." But this is not entirely true. The campus network is a shared resource, and, if only one computer is infected with a virus, it can spread quickly to hundreds, maybe even thousands, of other computers.
"A lot of people believe that a security problem is theirs only, limited to their backyard. But, on a campus network, there is only one backyard, and it's shared by 50,000 other computers. Developing a responsible digital lifestyle within the campus computing environment is part of what we hope students take away from their time at the university," says Siegel.
Protect Social Security Numbers
Identity theft has been much upon the public's collective mind of late. Many schools still use a student's Social Security number as his or her student ID. But those who have had their identities stolen can attest that this nine-digit number is without a doubt the most valuable piece of information identity thieves can get their hand on. That's why the University of Illinois instituted a robust policy on the use of Social Security numbers in 2000.
"We've been working now for almost six years to reduce and eliminate Social Security numbers from our business process and electronic systems," says Siegel. But he admits this is not an easy task and requires buy-in. No matter their size, schools need to recognize that to effectively solve the problem that using Social Security numbers presents requires sincere involvement by leaders at the highest level of the institution. Only with their help will academic and business units be able to marshal the resources to remove these valuable pieces of information from business processes.
"Critical to success, however, is to move from the Social Security number to an ID number that has no use outside of the university. Once this number replaces Social Security numbers in all but a handful of electronic systems, the likelihood of an accidental release or theft of a Social Security number drops significantly," says Siegel.
All students should be asking their registrars specific questions about how secure their Social Security numbers are on the campus network. The student's first step should be to go out on the Web and check out his or her university's approach to privacy.
"Students should make sure they understand why they're being asked for their Social Security number whenever their institution tries to collect it," says Siegel. "When students are asked for the numbers, they should always see a disclosure statement that explains why and toward what end the number is being collected. Students should also make sure that the request uses best practices, which are trusted campus Web sites, not just links in e-mails sent to each student," says Siegel.
Marshall encourages network administrators to ensure that a student never has to key his or her Social Security number into the system, and, if the student must, the administrator should ensure that it is only on encrypted, or SSL, systems to avoid wireless "sniffing."
"Social Security numbers, dates of birth, and other personal identity information should always he kept secure, and anyone holding others' information should take suitable security steps to protect that confidential information," says Marshall.
Like students, a school's faculty must access the campus network. University hires its faculty to teach and perform research, and many faculty members do not view secure computing as a priority, says Siegel.
"We wish they didn't have to pay any attention to this, hut they do," says Siegel. The good news is that the attitudes of faculty members are changing as a result of the critical role that computing resources increasingly plays in all fields of study. Members of the faculty do not want their research results threatened by a hacker or their class presentations wiped out because of the latest virus.
"We now find some of our strongest allies in improving campus security coming from the faculty ranks," says Siegel. Siegel encourages IT security to view themselves as partners with the faculty, not enforcement. "Everyone appreciates people who help them learn how to protect their work," says Siegel.
In today's world, computer users do not need a degree in computer science to keep their computers safe. With a little common sense and easy-to-load software, college students and faculty can keep those computer miscreants at bay.
[Sidebar]
"The challenge of connecting unknown devices, like student-provided computers, to a network should not be underestimated. This is a significant source of threats."
ANDREW MARSHALL, CHIEF TECHNOLOGY OFFICER AND EXECUTIVE VP, CAMPUS TECHNOLOGIES INC.
[Sidebar]
"Don't open e-mail attachments you aren't expecting; don't download files via Instant Messenger; and be selective about what Web sites you visit."
PETER M. SIEGEL, ASSOCIATE PROVOST AND CHIEF INFORMATION OFFICER, UNIVERSITY OF ILLINOIS AT URBANA-CHAMPAIGN
Комментариев нет:
Отправить комментарий