Home » Data Protection » Network Security

Crash Course: Information Security at Universities

How do universities cope each fall when students stream back to campus with infected, unpatched PCs? CISOs say it's (almost) all about the education.

Following last year's assaults, Pescatore says he expects universities to tinker with their hands-off approach to student computers. For example, they still may not insist on a specific antivirus package, but may require that one of several choices be installed. Or they may still stop short of scanning content on student machines, but may require that students download a temporary, Active-X-type security agent for the duration of their online session.Pushing Patches and PezTemple University is ahead of the curve in moving toward more proactive security at the student computer level. Similar to Duke, Temple has a site license for antivirus software; maintains a separate website that scans, cleans and updates computers before they're connected to the residential network; and uses standard networking tools such as integrity verification, intrusion sensors and antivirus scanners to monitor traffic.

But unlike many of his colleagues at other institutes, Temple CISO Silverstone requires (rather than suggests) certain security elements on the approximately 7,500 computers attached to the residential network. If you're not running an updated version of Symantec's Norton antivirus software, you don't get on the network, period. Signature updates are delivered automatically, usually just once a weekbut as many as eight times a day during an attack like Blaster, Silverstone says. "The only way to avoid updates is to have your machine off or not connected to the network," he says.

At Brown University, IT Security Director Sadler is emphatic in drawing a distinction between traffic and content on the residential network. "We're very careful in terms of what we look at. We look at traffic, nothing on the machine," says Sadler. "If we see one workstation in a dorm taking 80 percent or more of our available bandwidth, which has happened, we apply a filter and restrict that computer's access," Sadler explains. "Usually it's a file-sharing issue."

Temple's Silverstone has another answer to that problem: Temple students who are found to have illegal file-sharing software on their machines can't get help desk support for any computing issue until they remove the files and the application. Repeat offenders can even find their network access completely terminated.

If that makes Silverstone sound like a first-class hardnose, let it be known that he's the same man who, to build students' general awareness of security issues, signed off on the distribution of Pez dispensers shaped like bugs. That's becausehis get-tough policies notwithstandingSilverstone is in complete agreement with his fellow security officers who say it's education, not technology, that has the best chance over time of teaching students how to be responsible computing citizens.