Click here to receive your FREE subscription to Campus Technology
Features
Mastering Mobile Security
12/27/2006
How can you address security challenges when your data is always on the move? Here are five secrets for success in 2007.
IS YOUR MOST vital information walking out the door or sneaking off campus?
That’s the question you must address in the age of mobile
computing. A decade ago, most university information was
safely protected in data centers or tucked away on departmental
servers. But e-mail, FTP software, USB thumb drives,
smart phones, notebook computers, and other mobile
devices mean your data is always on the move.
Sure, mobile technology and ubiquitous networks improve productivity and keep us all connected. But they also introduce new security challenges that universities must address. Consider this startling piece of information: More than 2.6 billion mobile devices now access online services, yet only 30 million of those devices have basic security safeguards in place, according to McAfee, the antivirus software maker.
Without proper security, mobile devices are easy targets for worms, viruses, and so-called robot (“bot”) networks. Hackers increasingly use bot networks to launch massive attacks against eCommerce websites—potentially targeting your online tuition payment or fundraising/financial development systems. How can you defend your mobile systems against such threats? There isn’t a single magic bullet solution, but the path to mobile security involves five basic steps for success.
Step 1: What’s Your Policy?
Most universities have security policies in place for desktop PCs, notebooks, servers, and overall network access. Progressive universities post these policies on their websites. Through automated e-mails and network alerts—typically sent once each semester—universities can prompt students, faculty, and staff to read and adhere to the written policies. Those policies, coupled with regular electronic software distribution, ensure that systems receive timely software patches and antivirus updates.
Still, a review and revamp of your security policies (to include smart phones, voice over IP devices, and other emerging mobile technologies that connect to your university network) may be overdue. Be sure to determine and communicate:
- Which smart phones and VoIP devices are approved for use on your network?
- What are the terms associated with using these devices?
- What specific security solutions must users embrace to safeguard these devices?
Although attacks directed at smart phones and VoIP devices have been minimal so far, you’ve got to remain proactive. VoIP devices and WiFi networks will increasingly come under attack in 2007; for instance, hackers are now flooding the web with new tools, such as the Metasploit Project, that specifically target WiFi systems. Overseen by an Austin, TX-based programmer, Metasploit is an open source, point-and-click attack tool that can wreak havoc on WiFi systems.
Your wireless LAN experts should look at Metasploit to get a feel for the types of wireless attacks your university may face in 2007. Meanwhile, it’s time to polish your written security policies, post them on the university website, and take steps to enforce the policies across your user base.
Step 2: Plug Information Leaks
So-called “information leakage” is another big concern facing CIOs today. Whether it’s financial data, student information, or faculty research, you have to ensure that intellectual property d'esn’t leak from your network onto the internet or mobile devices.
Some information leakage—such as an errant e-mail—can be accidental. But a great deal of leakage can be traced to unscrupulous staff, disgruntled employees, or students with too much time on their hands. USB storage devices, CDROMs, FTP software, fax machines, e-mail systems, and instant messaging software all are prime avenues for information leakage. With a few clicks of a mouse, gigabytes of data can easily be copied or stolen.
To combat such threats, companies such as Symantec and Websense are developing software that prevents information leakage. Websense, for one, has partnered with the startup PortAuthority Technologies to develop “deep content control” technology that helps control how sensitive data can leave an organization and under what circumstances. PortAuthority’s software monitors internal and outbound traffic, and detects when users attempt to make specific data available outside a university’s designated IT borders. In the first half of 2007, Websense plans to ship software—developed in partnership with PortAuthority —that prevents such leakage.
Websense isn’t alone. In October, Symantec introduced Mail Security 8300, an appliance with integrated content filtering that helps universities comply with internal policies related to e-mail content. The appliance also features antispam and antivirus capabilities, along with newly written code that mitigates information leakage.
Recommended Reading
- CT Industry
- eProcurement Success!
Today, it's clear to almost every campus executive that moving an institution from the traditional purchasing model to a strategic eProcurement program can greatly increase staff efficiency and save the institution money. Because eProcurement automates so many purchasing processes, it eliminates reams of paperwork and allows procurement staff to refocus their efforts on cutting costs and improving strategic partnerships.
- How to Be a Super Tech Leader
Mary Jo Gorney-Moreno didn't start out in IT. She joined San Jose State University (CA) in 1981 as an assistant professor in the school of nursing. But somewhere along the way, she realized her energy was focused on academic technology, and how it could help a variety of learners gain knowledge.
- James Morris
- Products :: Data Security
- Products :: Physical Security
