Click here to receive your FREE subscription to Campus Technology
Article
8 Spots for Tightening Security on Campus
2/2/2004
5. Sell Security to Management
Here's another challenge for all IT professionals, but that may be especially tough on campus because of tight funds: getting management on board for any security push. It's important that your school's top managers see security as the priority it is, and act accordingly - that is, that they allocate realistic funds for the software you need to lock down your systems, for education programs, and for adequate personnel.
Management responds to numbers, so putting together estimates on what security breaches are costing the school in terms of down time, hours spent by your staff repairing the damage, and so forth, can be effective. Damage to the school's reputation can also be a warning point; many large-scale cyber-attacks have made ample use of university computers.
For Susan Monsen, director of IT services at Yale University's Law School, lack of resources is definitely an issue. Her biggest challenge: Dealing with compromised student laptops on the network. "We don't have a way to scan and remove viruses" automatically system-wide yet, she says. "That's something we're working on." Regarding security in general, she says, "There are good tools out there, but they're very expensive."
"There are good tools out there, but they're very expensive."
The problem peaked in September at the law school, when a widely spread virus was attacking Microsoft operating systems and unsuspecting students returned to campus with infected laptops. Now, the problem is down to three or four laptops a week, she says.
Requiring students to register their network cards in order to get access outside
the campus on the university's network helps, she says - students can then be
tracked down through a database and contacted if necessary through their network
IDs.
6. Set and Enforce Testing Standards
As you continue to develop, integrate, and enforce working security policies for your organization, cooperation and communication among various groups on campus are key. Among other things, this becomes important in setting and enforcing testing standards for how new software is deployed. In examining how an SQL server was compromised, a case study from the University of Memphis highlights the importance of policies for making sure that testing is conducted in keeping with agreed-upon security policies. As the authors of the case study conclude in one of their findings after the security breach was closed, agreeing on what tests are required before deployment into the production environment is paramount:
"Equilibrium between experimentation and security standards must be established.
It may not be appropriate to deploy an application into a production environment
unless appropriate security testing has been performed… Service administrators
must understand the importance of securing, and keeping secure, the production
environments upon which services depend."
7. Review Data Retention Policies
With the enactment of the USA Patriot Act in 2001 ("Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001"), data retention has become a security hot spot.
Recommended Reading
- Fixed-Mobile Convergence: Dartmouth Beefs Up Cell Coverage, Cuts Costs
Problems with cell phone coverage aren't uncommon on college campuses. There are two main reasons: The beefy structure of historic buildings can block cellular reception within walls, and, on more remote campuses outside cities, signal coverage can be light.
- Thompson Rivers U Deploys Unified Digital Campus for ERP
Thompson Rivers University (TRU) in British Columbia has selected SunGard Higher Education's Banner Unified Digital Campus (UDC) to integrate its ERP systems.
- DV Kitchen Web Video Publishing System Released
DVcreators.net has released DV Kitchen, a new video encoding and publishing application for Mac OS X designed specifically for creating materials to be posted on the Web.
- NEC Debuts 4 Education Projectors
NEC this week debuted four new projectors targeted toward education applications, along with a new MultiSync LCD display. The new NP-series projectors are entry-level models started at $899 but are designed to provide high light output, support for closed captioning, and built-in networking capabilities.
- Security Researchers Uncover Spring Framework Vulnerability
Software frameworks are enjoying enormous popularity these days among a range of developers. It's popularity well earned; frameworks provide powerful tools for building more flexible and less error-prone applications. They generally enhance developer productivity with out-of-the-box functionality. And they can free developers to focus on features instead of common coding tasks.
- 3PAR Server Arrays Integrate Fat-to-Thin Processing
Utility storage provider 3PAR has announced the release of the 3PAR InServ T400 and T800 Storage Servers. The new hardware is built on the company's third-generation InSpire architecture, featuring the 3PAR Gen3 ASIC with integrated fat-to-thin processing.
