In Depth
Crash Course: Information Security at Universities
How do universities cope each fall when students stream back to campus with infected, unpatched PCs? CISOs say it's (almost) all about the education.
By Tracy Mayor
August 01, 2004
—
CSO
—
Fall 2003: There's a snap in the air and a backpack on every college-bound bod. Along with their minifridges and tabletop stereo systems, students returning to campuses from coast to coast are lugging their laptop or desktop computers
The sun is shining and the music's blaring as hundreds of thousands of students all over the country plug these compromised systems into their schools' dormitory networks.
And for good measure, around this time, Blaster, SoBig and Welchia all are hitting the Net.
In one day (Aug. 22, 2003) George Washington University's e-mail filters sifted out some 177,000 viruses (compared with about 11,000 per month, on average), but that was just the tip of the iceberg. "Oh, it was a mess," recalls George Washington University (GWU) CSO Krizi Trivisani. Trivisani recounts all this with the hard-earned cheerfulness of someone who's faced her worst fears and lived to tell the tale. But surviving the storm required a tremendous amount of work from the GWU infosecurity staff. "Usually, with a virus or a worm, it's a onesie-twosie situation, and we just disconnect that machine. Blaster and SoBig were so big, we had to create a whole process that was new to us," Trivisani says. (See "Battling Blaster," Page 42, for more on GWU's labors.)
The phrase "back to school" takes on new significance when viewed through the lens of information security. But last fall's confluence of security threats, according to Trivisani and infosecurity officers at other campuses around the country, turned out to be a pivotal event that gave them much needed clout to enhance the way computer security is handled on cam-pus. Increasingly, colleges keep residential networks isolated from research networks, shunt unpatched mobile systems onto virtual LANs until they are scanned and cleaned, and maintain detailed policies on how to respond to a virus outbreak. Perhaps more important, they also brainstorm continually for new methods and messages to educate the student population on keeping systems safe and secure. These are lessons worth considering for any company with a mobile user population
Data Center Directions Virtual Conference
Attend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.
The Surest Path to Effective and Efficient Compliance
In this webcast, we explore why and how with best practices, practical tips and solutions that work to ease your compliance challenge.




