Colleges Lead Charge for Secure, Open Networks

Campus IT administrators say security is moving to the forefront of campus IT efforts.

After being stung by high-profile cases of data theft, prominent colleges and universities are in the forefront of efforts to introduce effective security to networks, while preserving the openness and unhindered use that have long characterized campus computing environments.

Security is moving to the forefront of campus IT efforts, after decades as an afterthought at schools, according to interviews with campus IT administrators. The techniques that schools are adopting could soon become commonplace on corporate networks, as well, as traditional network perimeters begin to disappear, experts say.

/zimages/4/28571.gifClick here to read more about how Carroll College relies on Appliance to fight spam.

At Colby-Sawyer College in New London, New Hampshire, almost 1,000 students will arrive on campus this week, most with one or more computers in tow. The influx will more than double the number of systems on the campus network, which operates 50 or 60 Windows and Linux servers and around 650 desktops to support administration and other college employees, said Scott Brown, an information security analyst.

"Imagine your population of computers doubles in 24 hours, and theyre all filled with spyware," said Brown.

Administrators at Colby-Sawyer are better prepared for the onslaught this year than in the past. All students are provided and required to install free copies of NOD32, a desktop antivirus software product from ESET Software and with Webroot Software Inc.s Spy Sweeper antispyware software before they connect to the campus network.

To enforce that policy, Brown and his colleagues are using Campus Manager, a product from Bradford Networks Inc. that tracks student computers using their unique MAC (Media Access Control) address. Students who attempt to connect to the campus network are directed by Campus Manager to a virtual LAN where they can install the ESET Software and Webroot Software. Colby-Sawyer also removes existing antivirus and antispam software from the student computers and connects the system to Microsofts Web site to obtain the latest Windows operating system patches, Brown said.

Before giving students access to campus resources, Colby-Sawyer also uses a new CAT (client assessment tool) that scans the student computers and verifies that antivirus and spyware definitions, as well as Windows patches are up to date.

Its a harsh approach, but students who dont wish to go through it are free to use public workstations around campus, Brown said.

The story is similar at Cornell University, in Ithaca, New York, where network administrators used home-grown technology to quarantine systems belonging to about 6,500 students who arrived on campus last week.

Before being granted network access, students must complete a computer-based registration with the university that checks for known security threats, such as administrative accounts with no password, open Windows file sharing folders and up-to-date operating system patches, said Steve Schuster, director of information technology security at Cornell.

Cornell found 720 systems that were vulnerable to compromise during the registration process, and kept those systems quarantined until the problem or problems were corrected, he said.

Next Page: Fixing problems without the IT department.