Home » Data Protection » Network Security

Crash Course: Information Security at Universities

How do universities cope each fall when students stream back to campus with infected, unpatched PCs? CISOs say it's (almost) all about the education.

August 01, 2004 — CSO — Fall 2003: There's a snap in the air and a backpack on every college-bound bod. Along with their minifridges and tabletop stereo systems, students returning to campuses from coast to coast are lugging their laptop or desktop computersmachines that decidedly did not spend the summer being patched, updated, or otherwise kept free of viruses, spyware and other sinister digitalia.

The sun is shining and the music's blaring as hundreds of thousands of students all over the country plug these compromised systems into their schools' dormitory networks.

And for good measure, around this time, Blaster, SoBig and Welchia all are hitting the Net.

In one day (Aug. 22, 2003) George Washington University's e-mail filters sifted out some 177,000 viruses (compared with about 11,000 per month, on average), but that was just the tip of the iceberg. "Oh, it was a mess," recalls George Washington University (GWU) CSO Krizi Trivisani. Trivisani recounts all this with the hard-earned cheerfulness of someone who's faced her worst fears and lived to tell the tale. But surviving the storm required a tremendous amount of work from the GWU infosecurity staff. "Usually, with a virus or a worm, it's a onesie-twosie situation, and we just disconnect that machine. Blaster and SoBig were so big, we had to create a whole process that was new to us," Trivisani says. (See "Battling Blaster," Page 42, for more on GWU's labors.)

The phrase "back to school" takes on new significance when viewed through the lens of information security. But last fall's confluence of security threats, according to Trivisani and infosecurity officers at other campuses around the country, turned out to be a pivotal event that gave them much needed clout to enhance the way computer security is handled on cam-pus. Increasingly, colleges keep residential networks isolated from research networks, shunt unpatched mobile systems onto virtual LANs until they are scanned and cleaned, and maintain detailed policies on how to respond to a virus outbreak. Perhaps more important, they also brainstorm continually for new methods and messages to educate the student population on keeping systems safe and secure. These are lessons worth considering for any company with a mobile user populationor indeed for any company that'll be finding tomorrow's employees on today's campuses.Campus, ConnectedThis is not your father's college campus, or yours either, for that matter. Today's halls of higher learning are wired to the maxor unwired, as Wi-Fi takes hold. At minimum, most residential students have dorm-room access to a university network and the Internet. Most schools also maintain a fleet of public machines in libraries, study halls and research centers.