Lockdown on Campuses

Universities are leading the charge to secure networks.

After being stung by high-profile cases of data theft, prominent colleges and universities are at the forefront of efforts to improve network security while preserving the openness and unhindered use that have long characterized campus computing environments.

The techniques that schools are adopting may soon become commonplace on corporate networks, as well, as traditional network perimeters begin to disappear and IT departments look for less costly and complex alternatives to endpoint security programs such as Cisco Systems Inc.s NAC (Network Admission Control) and Microsoft Corp.s NAP (Network Access Protection).

At Colby-Sawyer College, in New London, N.H., almost 1,000 students will arrive on campus this week, most with one or more computers in tow. The influx will more than double the number of systems on the campus network, said Scott Brown, an information security analyst at the school.

"Imagine your population of computers doubles in 24 hours, and theyre all filled with spyware," said Brown.

All students are provided and required to install free copies of NOD32, a desktop anti-virus software product from Eset Software, and Webroot Software Inc.s Spy Sweeper anti-spyware software before they connect to the campus network.

To enforce that policy, Brown and his colleagues are using Campus Manager, a product from Bradford Networks that tracks student computers using their unique MAC (media access control) addresses. Students who attempt to connect to the campus network are directed by Campus Manager to a virtual LAN, where they can install the required software. Colby-Sawyer also removes existing anti-virus and anti-spam software from the student computers and connects the system to Microsofts Web site to obtain the latest Windows operating system patches, Brown said.

Before giving students access to campus resources, Colby-Sawyer also verifies that anti-virus and spyware definitions, as well as Windows patches, are up-to-date.

While such draconian techniques arent common in the corporate world, enterprise IT administrators may soon be looking to programs such as those at Cornell University and Colby-Sawyer to help deal with the influx of laptop computers and other portable computing devices in their environment, said Chris Novak, a senior security consultant at Cybertrust Inc., in Herndon, Va.

Cornell University, in Ithaca, N.Y., has implemented policies similar to Colbys. Network administrators used homegrown technology to quarantine systems belonging to about 6,500 students who arrived on campus last week. Before being granted network access, students must complete a computer-based registration with the university that checks for known security threats, said Steve Schuster, director of information technology security at Cornell.

Between 90 and 95 percent of students were able to use the system to fix the problems on their own PCs.

Security tips

Strategies to improve security, while preserving openness

  • Quarantining Students may be asked to update their operating system patches or even install anti-virus and anti-spyware software before being allowed to access the campus network
  • Asset databases Used to track down and fix compromised systems
  • Edge access-control lists IT administrators work with the heads of each department in the university to determine what their computing needs are and then implement access-control lists on edge routers for those departments that filter out any traffic that isnt needed by department staff

Source: Steve Schuster, Cornell