Universities face network security challenges

As legislative pressures force schools to be increasingly protective of data and as the costs of data breaches only escalate, there might be more parallels than differences between universities and enterprises.

MOUNTAIN VIEW, California (Help Net Security) August 27, 2010 -- NCP Engineering president Peter Felgentreff writes about striking a balance between an open yet secure university network. He cites several real-world examples of the challenges now faced:

• Last year, overseas hackers gained access to data on tens of thousands of people who have received healthcare from the University of California.
  
  
• The University of Florida faced a similar breach.
  
  
• George Washington University doesn't allow students to access its wireless network using an iPad because the device cannot pass the university's security standards.
  
  
• In April, Princeton University blocked about 20% of iPads on its network, and Cornell University has also encountered networking and connectivity snafus related to the iPad.

Felgentreff claims that the best way for universities to handle network breaches is to implement a well thought-out system of network access control and identity management.

Universities should be segmented into security zones, with some departments having relatively free and open access, but others being tightly enforced. University faculty, staff, and students should also be provisioned differently onto the network so the level of access granted is appropriate for each person's role inside the university. Further, visiting professor and students should be provisioned separately to ensure their access is discontinued upon their departure.

Requiring devices that will access the university network to be registered would also help IT departments maintain control and visibility of what's going on with the network.

IT regulation can also be achieved by facilitating more collaboration between university IT departments and the school registrar. Currently, idle email addresses or log-ins from students who have graduated or visiting professors who since departed, can remain active for months or semesters before they are provisioned off the system, providing an easy way for hackers to slip into the network.

As legislative pressures force schools to be increasingly protective of data and as the costs of data breaches only escalate, there might be more parallels than differences between universities and enterprises.

Link: http://www.net-security.org/article.php?id=1481

Source: DHS Daily Open Source Infrastructure Report and Help Net Security