Source: [id: 41018; name: CSO; isActive: true; siteId: 3] -- CSO -- $content.altguid

Connie Sadler and EDUCAUSE: Higher Education Security

Connie Sadler, IT security director at Brown University, fears the spread of viruses. And the attitude of entitlement.

By

January 01, 2004CSO — Connie Sadler, IT security director at Brown University, fears the spread of viruses. And the attitude of entitlement. We spoke to her recently about the challenges that are unique to managing security in an academic setting. And about the challenges that aren't unique at all.

CSO: What are the challenges of managing security in academia?Connie Sadler: There are many folks in academia who are new to the security position. All the Ivy schools plus Stanford, Duke and the University of Chicago are in the Ivy Plus security group. It's a consortium of security officers that's less than two years old. A lot of this job involves rallying the troops. There's no way you can protect a university with a staff of two, so we do a lot of consulting. The consortium just had its first face-to-face meeting a month ago. We have common challenges, like a lack of hierarchical structure. So we had to identify some minimal security requirements, such as if you're part of the university computer network, you must buy in to certain things, like up-to-date virus protection. We're still struggling to determine what those minimal requirements should be.What do you struggle with most at Brown?Communicating with the student body is the biggest challenge we have. We're very sensitive about respecting their living space. But that presents a challenge because we need to communicate security risks to them. Brown prides itself on self-motivated students. So, by design, there aren't a lot of hierarchical structures in place. It's one of the nice things about Brown, but it's also one of the challenges. We are also a very diverse environment. It's open and collaborative, which is conducive to research. But it's challenging to keep these machines patched. If you don't, it's a matter of days before you have problems. In the past, individuals used the compromised machines to share music; now they're being used to send spam. If you have an unpatched machine, it's up for grabs. Which security threats keep you up at night?The rapid spread of viruses. We're seeing compromises now, and you can't get to a machine fast enough. When school started last year, we had to press thousands of CDs to deal with Sobig and others. These CDs are only good for a week until the next virus comes out. How do we keep these machines patched? With a large student body, you can't push patches. We do have firewalls in place. And if we see something happening in a particular dorm, we can quickly put filters in place. We're focused more on containmentlose a piece of the network but not all of it. It's a challenge just to keep the network up. And we don't provide computers like some universities do. Our students bring their own.How has Brown handled the music-sharing controversy? There's a generational issue at work here. Many of us who've been around awhile don't quite understand how young people see this as a right. But it's pervasive. We're trying to deal with it from a cultural and legal perspective. We're here to protect the students and Brown University, so we're looking at legal ways to provide students with the services they'd like to have. That said, we take complaints from the Recording Industry Association of America or Universal very seriously. These complaints get reported to the office of campus life. If we get repeat complaints about the same person, we'll have a hearing. We haven't had a lot of repeat offenders, but we're tracking these students and applying disciplinary action. The students get notified, and they get a copy of the complaint. Their machines get disconnected from the network until they've removed the offending material. We saw fewer complaints in the fall semester than we did last spring. The biggest problem is the attitude of entitlement, and the notion that "everyone else is doing it." But now we know this behavior is a security risk. We've had a half-dozen machines compromised from file sharing. These machines are being used for the production and distribution of spam. When you download music, you might be getting more than you bargain for.

Read more about network security in CSOonline's Network Security section.

Other stories by Kathleen Carr

RESOURCE CENTER