University network and IT environments are characterized by their diverse and constantly changing nature, large scale and wide scope. Today, that means weaving wireless networks, Voice over Internet Protocol, mobile phones and other digital gadgets into existing network and computing infrastructures.
It quickly becomes clear that university IT departments must have their hands full providing security for students and staff. Add to this the rapid growth in online courses — and the increasing number and complexity of security threats — and the task of defending the institution against potential attacks on campus or online becomes even more complicated.
“When you take into [account] that education is the second-most targeted vertical for malware attacks, this becomes a significant issue,” said David Feligno, education sales manager at San Diego-based security systems and services provider ESET.
“Schools want to know that they are being protected around the clock, which gives them added peace of mind and allows them to focus their efforts on other things. It is all about having a trusted vendor on your side that is looking out for you, and never stops improving their ability to be one step ahead of the game,” he added.
On the Job at ULCC
The University of London is one of the oldest and largest, as well as most progressive, institutions of higher learning in the United Kingdom. Founded by Royal Charter in 1836, it consists of 20 self-governing colleges, the prestigious School of Advanced Study, and a number of other central academic programs. The school’s on-campus student body numbers some 125,000, with another 24,000 enrolled in its distance learning program.
Supporting all of these students, as well as its entire staff, is UL’s Computer Center. The 40-year-old center employs more than 90 professionals including archivists, designers, e-learning advisers, programmers, network engineers and customer support specialists, said John Seymour, head of the university’s network services.
ULCC’s network and IT environment is large, diverse and geographically widespread. The Central University IP network alone supports some 1,500 staff and post-graduate researchers, as well as some 3,000 students in university residence halls. The computer center also supports and provides security for a large MPLS (Multi-Point Protocol Label Switching) network by hosting Sponsored Connections that link London-based educational organizations to the UK Joint Academic Network, or JANET.
As security threats continually evolve, so does the university’s network and IT environment. “The major changes are the increase in itinerant users across the university, the use of personal laptops, and the demands for wireless networking — in an Internet cafe style of operation — in public areas. The problem is controlling access, authenticating users, and authorizing them to only connect to services they have verified credentials to use,” Seymour explained.
UL, as is the case for nearly all large institutions of higher education, is faced with the necessity of protecting not only its networks, but also users’ computers against new, more-sophisticated security threats, including rootkit exploits and zero-day vulnerability attacks.
Multiple Threats and Guiding Principles
The number of new threats arriving at Moscow-based security systems provider Kaspersky Lab has been quite dramatic recently, according to Senior Technical Consultant Shane Coursen. “The most dramatic rise is in the number of new Trojan horse downloader programs and Trojan horse password stealers.”
In June 2005, Kaspersky received 617 Trojan horse downloader programs. One year later, in June 2006, that number nearly doubled to 1,223. Kaspersky likewise saw a big increase in the number of password stealers during that period — from about 372 per month in June 2005 to 540 per month in June of this year, Coursen reported.
Coursen added that the growing incidence of rootkit exploits, along with vulnerability attacks on the fast-growing installed base of wireless networks and smartphones, are current issues of concern among Kaspersky’s security experts.
“We’ve seen a slow but steady increase in the use of rootkit technologies by malware,” he said. “We’ve even seen malware taking advantage of commercial software that disappointingly implements rootkit-like technologies. Integration of new wireless technologies — specifically devices where security wasn’t a consideration — will prove to be another interesting challenge. Also, mobile malware on smartphones, already known to be a problem, will continue to increase as a threat.”
ESET has made similar observations regarding the nature and frequency of the security threats it has recently been tracking. “ESET receives 15,000 samples of potential new threats, on average, on a daily basis,” Education Sales Manager Feligno pointed out. “In order to achieve success in covering your machines against multiple types of threats, you need a vendor that is not only releasing signatures quickly, but also a vendor that can give you fast, effective, proactive detection against unknown threats,” he explained.
ULCC’s Seymour explained that the center has developed a guiding security paradigm, dubbed “Security in Depth,” that addresses six areas: security and acceptable use policies; user and staff education; end-system security software; server system security software and access control; network access control systems; and monitoring and testing.
Though unwilling to explicitly detail its network and IT environment or the security software and packages it uses, Seymour did say that the computer center uses a mix of homegrown, commercially licensed, and open source products and services to protect the university’s network, computers and data.
It has also integrated and developed a number of these into products that ULCC is testing, as well as others that are already being made available to its Sponsored Connection sites and university client institutions. These include a managed Wireless Access Point (WAP) service, a Netflow-based graphical traffic analysis and monitoring service, an enhanced IP filtering and bandwidth control service, and a security penetration and testing service.
The Human Factor
Despite their increasing number, sophistication, organization and resources, it’s not the technological exploits of hackers, crackers and other cybercriminals that pose the most worrisome security threats to ULCC.
“The complexity of authentication and authorization systems is bound to lead to loopholes,” Seymour explained. “[But] a particular threat is the ‘social engineering’ attempts to gain access to the services by the devious distillation of confidential or sensitive information from our users — and even IT staff. As our services are becoming more secure, we see this is on the increase: It’s easier to get in via backdoor knowledge than traditional front door attacks.”
Human foibles and errors, such as leaving passwords on Post-It notes, are not the only security risks students and staff may pose, Seymour continued. “I’ve mentioned ‘social engineering,’ but there’s also the complexity of the configurations, and the need to monitor, update and police the security services. You cannot install and forget.”
Along those lines, Seymour said that in addition to more robust, easier-to-use products, he would like to see vendors do more in the way of training. “It is essential that not only do people buy security products and services, but they know how to use them correctly — what to look for to spot undesirable activity, and what to do when they see a security breach.”
ULCC is fortunate in terms of the organizational support and resources it receives, as well as the quality of its staff, Seymour noted.
“The strength of our particular security services is the know-how we’ve developed in building and maintaining [our team]. By expanding our services to a larger user base, we’ve been able to afford to build a team of engineers expert and qualified in the products we use. The team then supplies these services to help our smaller academic sites and university institutions to protect themselves. The experience we gain from this wider user base is then fed back into further development of the products.”