Catch a clue from an EDU: Universities that get security right
In these days of consumer gadgets and mobile access, corporations can learn a lot from how universities deploy multiple layers of security.
Computerworld - Professor Corey Schou was working in his school's library when he realized his computer was picking up a particularly strong Wi-Fi signal.
Normally that would be welcome news. But Schou knew that spot was usually a dead zone, which meant something was probably amiss. So Schou, a professor of informatics at Idaho State University, set out with some of the school's IT workers to solve the mystery.
Turns out a young man in a nearby coffee shop was causing trouble. "He was running an access point and broadcasting without credentials on the same address as the university's access point, and people were logging in," Schou says.
Fortunately, the offender didn't access any protected information. That's because Idaho State, like a number of increasingly tech-savvy institutions of higher learning, had gone beyond deploying routine security systems, such as email filters and firewalls, and had adopted better, smarter and quicker ways to detect and repel would-be hackers.
Universities have no choice but to be on the forefront of IT security, Schou says. They simply have too many user constituencies to serve, too many different types of sensitive data to protect, too many computing and handheld platforms to support, and too many people trying, either for sport or for ill intent, to break down the their digital defenses.
Higher ed, hackers' dream
Typical educational institutions house a treasure trove of material -- from HR records and student files to research data, much of which is proprietary and some of which may even be classified if it's related to work done on behalf of the U.S. government. They also have financial data, such as credit card numbers from students, alumni, parents and visitors. And if they have health clinics, as most colleges and universities do, they have medical records, too.
Moreover, would-be hackers aren't just attracted to all of that valuable data. Some have their eyes on the vast and powerful computer systems that universities maintain -- infrastructure that they can use (and have used) for their own purposes if they're smart and stealthy enough.
"At any given time, I'll have 30 or 40 folks doing things [on our network] that might be moving toward antisocial. They're looking at what I've got, seeing what's open," says Schou, who serves as Idaho State's security adviser and as the associate dean of the college of business.
This all happens in an IT environment that's typically supporting tens of thousands of devices of all makes and models, with a mandate to be as open as possible to facilitate communication, cooperation and collaboration.
It's not surprising, therefore, that breaches happen with some regularity on university campuses. According to data analyzed by Application Security, a database security company, there have been 435 reported breaches that affected 8.5 million records at U.S. institutions of higher education since 2005, the year that the Privacy Rights Clearinghouse and other organizations started tracking such events.
- Top 10 Reasons to Strengthen Information Security with Desktop Virtualization Regain control and reduce risk without sacrificing business productivity and growth
- Preventing Sophisticated Attacks: Anti-Evasion & Advanced Evasion Techniques McAfee Next Generation Firewall applies sophisticated analysis techniques specifically to detect advanced evasion techniques (AET).
- The Security Industry's Dirty Little Secret The debate over advanced evasion techniques (AETs) This report summarizes the findings of a McAfee commissioned research group to determine the level of understanding IT security professionals have about AETs...
- Demand More, Get the Most from the Move to a Next-Generation Firewall Beyond the basics in a next generation firewall, to protect your investment you should demand other valuable features: intrusion prevention, contextual rules, advanced...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!