Click here to receive your FREE subscription to Campus Technology
Opinion
The (Campus) Empire Strikes Back
7/1/2008
Adding to the slew of data security issues already plaguing college and university campuses is an onslaught of stealth malware and botnet attacks. What's a beleaguered network manager to do? Here, from UC-Berkeley's own network pro, a cache of helpful advice.
WHEN IT COMES TO ANTI-MALWARE protection,
today's university IT departments have their
work cut out for them. Network managers must
walk the fine line between enabling a highly collaborative,
non-restrictive environment, and ensuring
the confidentiality, integrity, and availability of data and
computing resources. This is no easy task, especially if we
survey the state of the academic network, the current
threat landscape, and common user practices. Intrusions
can lead to huge productivity losses, strains on already
tight budgets, and blemishes on hard-earned reputations.
However, with good old-fashioned ingenuity and the right
tools in place, universities can succeed at malware detection
and prevention to improve network security.
STATE OF THE ACADEMIC NETWORK: Balancing Integrity, Mobility, and Resources
Networks have steadily advanced in their capabilities, their uses, and their misuses as well, with academic networks often providing a glimpse into the future. Preventing security incidents in this advanced network environment presents challenges for universities, which have unique tenets to uphold. IT security professionals within higher ed are under incredible pressure to remain one step ahead of the next destructive incident, while preserving the integrity of university resources and data, and protecting the privacy of users.
Securing open academic networks. By its very nature, the academic network is a uniquely collaborative, open network environment; within education we refrain from imposing too many restrictions, so as to best support unbridled academic research and discovery. Fast-flowing networks and ready access to high-end computing infrastructures are critical for students, faculty, and staff, if they are to succeed in their pursuits.
Another unique characteristic of academic networks: While the university owns the network infrastructure, individuals frequently own the endpoint devices such as laptops and smart phones. This creates very real challenges to maintain a desired level of security within the infrastructure. Given the broad range of platforms and applications in use among students, faculty, staff, and guests, there are few commonalities that can be leveraged in implementing new security controls. And taking into account the sheer volume and variety of users and devices accessing university resources, plus the reality that IT has limited visibility into those endpoints, means that deploying and provisioning (let alone enforcing) any new agent-based security controls are difficult at best.
Many users, especially students, are suspicious of any software additions that might slow down or restrict the usability of their devices. Even if they agree to install the security software, ensuring that installations are done correctly and in a timely manner is yet another issue altogether. For example, many security solutions today-- including popular antivirus software products-- assume machines are "clean" prior to installation. Because of this, they may not function properly when installed on machines that are already compromised in some way. They also may inadvertently allow infected machines to access network resources. In fact, by unloading drivers or stopping signature updates, today's malware and spyware now actively prevent the proper installation of security software and/or disable it, even though users believe they have successfully completed installation. And the roadblocks to installing agentbased security controls constitute only a fraction of the client support issues that consume a large percentage of limited IT resources.
Recommended Reading
- Get Users on Board
- Greening IT
- It's a Zinch
- Meeting up Virtually
- Online Tutorials to the Rescue
Now's the time to use online tutorials to streamline professional development and help desk management.
- Retention Rx
