August 18, 2005 4:00 AM PDT

Schooled in security

For universities, network security is a tricky balancing act.

Academic institutions want to maintain the free exchange of ideas and information between faculty, students and researchers, both on campus and from university to university. That presents a challenge for keeping networks secure. Unlike businesses, schools can't rely on using the typical firewall to keep threats out.

"Universities try to foster a more open environment, so individuals have freedom to do things like collaborate on research or do things with other universities," said Michael Gavin, a senior analyst at Forrester Research. "Universities, as a result, are reluctant to put in security that would prevent people from collaborating."

News.context

What's new:
Universities are suffering attacks as they try to balance sharing of information on networks with the need to secure data.

Bottom line:
New approaches to security could mitigate the problem--and be a lesson for corporations looking for ways to protect information without having to shut out an increasingly mobile work force.

It adds up to a dilemma that could be putting college systems at risk. Earlier this month, the University of North Texas was hit by hackers who accessed the housing and financial aid records of nearly 39,000 students and alumni. California State Polytechnic University in Pomona and the University of Colorado also reported breaches in August--the latest in a spate of incidents at academic institutions.

As they face these attacks, IT professionals at college campuses are developing specialized means to keep information and data secure. They're coming up with ways to let a variety of users with different machines and different levels of authorization connect easily to their networks. That's striking a chord for companies coming to terms with an increasingly mobile work force, and corporate America is finding it can learn a thing or two from universities about managing security matters.

Academic institutions have a long history of operating open networks, which has fueled the belief that compared with companies, they receive a higher dose of spam, along with viruses and other security attacks, experts said.

"Universities do seem to be big targets for would-be intruders," said RuthAnne Bevier, a computer security specialist in ITS network systems security at the California Institute of Technology. "I think this is probably for several reasons. One is that universities often intentionally have open networks with no perimeter firewall."

So if computers on a university network are running vulnerable software, the odds are good that outside attackers can reach the machines and exploit any flaws, she said. The high-speed connections typically used on campus systems also contribute to making attacks easier, security experts said.

Bevier added that though companies may also have some of the same issues as universities, the key difference is that computers used in an academic setting aren't necessarily configured with security in mind. Partly that's due to an institution's mixed community of staff, students and visiting researchers, all of whom often use their own computers on the network, with varying degrees of security software loaded on them.

"While many universities may have a central organization for managing computers, that organization generally does not have control over all, or even most, of the computers on the network," Bevier said. "Or its role may be in more of an advisory capacity, with little ability to enforce security measures or policies."

Opposite approaches
To meet their particular needs, universities and colleges take security measures that are based on letting everything enter the network unless there's a need to keep it out. That's in contrast to the typical corporate

CONTINUED:
Page 1 | 2 | 3

18 comments

Join the conversation!
Add your comment
Share This, Comrade
Corporate America is not socialist laboratory nor a democracy.
There are valid reasons to keep valuable information out of the
hands of competitors. There can be no open door policy without
wide eyed watch dogs.

To paint universities, our great bastions of anarchistic chaos, as
having the right idea when is comes to information sharing is
absurd. Just ask the music and software companies how they
feel about "information" sharing on campus. They have several
instances where nuclear information has been so shared they
can't remember where they left it.
Posted by cjohn17 (268 comments )
Reply Link Flag
Share This, Comrade
Corporate America is not socialist laboratory nor a democracy.
There are valid reasons to keep valuable information out of the
hands of competitors. There can be no open door policy without
wide eyed watch dogs.

To paint universities, our great bastions of anarchistic chaos, as
having the right idea when is comes to information sharing is
absurd. Just ask the music and software companies how they
feel about "information" sharing on campus. They have several
instances where nuclear information has been so shared they
can't remember where they left it.
Posted by cjohn17 (268 comments )
Reply Link Flag
How hard...
...would it be for these schools to protect business-critical information while allowing access to stuff to which everyone *should* have access?
Posted by sjsobol (115 comments )
Reply Link Flag
But Steve, You Know...
It is apparently extremely hard considering the students and faculty
in leftist universities believe there should be no such thing a
corporate secret.

The only thing corporate secret I'm interested in is the Colonel's
chicken recipe.
Posted by cjohn17 (268 comments )
Link Flag
How hard...
...would it be for these schools to protect business-critical information while allowing access to stuff to which everyone *should* have access?
Posted by sjsobol (115 comments )
Reply Link Flag
But Steve, You Know...
It is apparently extremely hard considering the students and faculty
in leftist universities believe there should be no such thing a
corporate secret.

The only thing corporate secret I'm interested in is the Colonel's
chicken recipe.
Posted by cjohn17 (268 comments )
Link Flag
Lessons to protect ID
Lessons to protect ID


Mr. AT Alishtari, POA and Founder EDI Secure LLLP, finds schools that are training the next generation of IT, IP and encryption experts are woefully inadequate at protecting the parents and the students ID from intrusion, theft and fraud. It was not seen as important however cyberthieves have borrowed from or stolen property alledging they were this or that person from property stolen online. Schools in their financial aid process collect enough information to be a scammer's paradise.

Schools will have to go with data offline as a platform approach at some point using Company technology or they will not have to keep it online in their database that is the same thing. Regardless, the future belongs to Company type technologies us U.S. Commerce Department NIST level 4 authentication. U.S. authentication and encryption standards were submitted to U.S. Congress Privacy Bill and U.S. Senate Cybercrime Treaty.
Posted by (66 comments )
Reply Link Flag
I agree with and add to the statement the below
A year ago, January 2006, EDI Secure LLLP was purchased by IDPixie LLC which owns the patent US 6,598,031 B1 granted on July 22, 2003 for APPARATUS AND METHOD FOR ROUTING ENCRYPTED TRANSACTION CARD IDENTIFYING DATA THROUGH A PUBLIC TELEPHONE NETWORK from inventor Jeffrey Ice. So to update EDI Secure LLLP's place in the marketplace, I add the above and below data.

My Pledge

I, Mr. Abdul Tawala Ibn Ali Alishtari, pledge my Foundation to halt child slavery activities including his Global Peace Film Festival, Inc., at www.peacefilmfest.org. I pledge moral support of legal, peaceful activities and my non-profit gifts offshore, onshore and globally, primarily with philantrophy from my personal investment to help halt all fraud, violence and scams hurting innocent children, women and families so help me God.
Posted by Abdul Tawala Ibn Ali Ali (53 comments )
Link Flag
To update comments, I must add the below...
This is so the data makes sense from anyone looking it up on my company...

A year ago, January 2006, EDI Secure LLLP was purchased by IDPixie LLC which owns the patent US 6,598,031 B1 granted on July 22, 2003 for APPARATUS AND METHOD FOR ROUTING ENCRYPTED TRANSACTION CARD IDENTIFYING DATA THROUGH A PUBLIC TELEPHONE NETWORK from inventor Mr. Jeffrey Ice. So to update EDI Secure LLLP's place in the marketplace, I add the above and below data.

My Pledge

I, Mr. Abdul Tawala Ibn Ali Alishtari, pledge my Foundation to halt child slavery activities including his Global Peace Film Festival, Inc., at www.peacefilmfest.org. I pledge moral support of legal, peaceful activities and my non-profit gifts offshore, onshore and globally, primarily with philantrophy from my personal investment to help halt all fraud, violence and scams hurting innocent children, women and families so help me God.
Posted by Abdul Tawala Ibn Ali Ali (53 comments )
Link Flag
In order to have this data be relevant the below update is added...
A year ago, January 2006, EDI Secure LLLP was purchased by IDPixie LLC which owns the patent US 6,598,031 B1 granted on July 22, 2003 for APPARATUS AND METHOD FOR ROUTING ENCRYPTED TRANSACTION CARD IDENTIFYING DATA THROUGH A PUBLIC TELEPHONE NETWORK from inventor Mr. Jeffrey Ice. So to update EDI Secure LLLP's place in the marketplace, I add the above and below data.

My Pledge

I, Mr. Abdul Tawala Ibn Ali Alishtari, pledge my Foundation to halt child slavery activities including his Global Peace Film Festival, Inc., at www.peacefilmfest.org. I pledge moral support of legal, peaceful activities and my non-profit gifts offshore, onshore and globally, primarily with philantrophy from my personal investment to help halt all fraud, violence and scams hurting innocent children, women and families so help me God.
Posted by Abdul Tawala Ibn Ali Ali (53 comments )
Link Flag
In order to have this data be relevant the below update is added...
A year ago, January 2006, EDI Secure LLLP was purchased by IDPixie LLC which owns the patent US 6,598,031 B1 granted on July 22, 2003 for APPARATUS AND METHOD FOR ROUTING ENCRYPTED TRANSACTION CARD IDENTIFYING DATA THROUGH A PUBLIC TELEPHONE NETWORK from inventor Mr. Jeffrey Ice. So to update EDI Secure LLLP's place in the marketplace, I add the above and below data.

My Pledge

I, Mr. Abdul Tawala Ibn Ali Alishtari, pledge my Foundation to halt child slavery activities including his Global Peace Film Festival, Inc., at www.peacefilmfest.org. I pledge moral support of legal, peaceful activities and my non-profit gifts offshore, onshore and globally, primarily with philantrophy from my personal investment to help halt all fraud, violence and scams hurting innocent children, women and families so help me God.
Posted by Abdul Tawala Ibn Ali Ali (53 comments )
Link Flag
Do adjust Mr. Alishtari's comments to the buyout of EDI Secure LLLP
Do adjust Mr. Alishtari's comments to the buyout of EDI Secure LLLP


A year ago, January 2006, EDI Secure LLLP was purchased by IDPixie LLC which owns the patent US 6,598,031 B1 granted on July 22, 2003 for APPARATUS AND METHOD FOR ROUTING ENCRYPTED TRANSACTION CARD IDENTIFYING DATA THROUGH A PUBLIC TELEPHONE NETWORK from inventor Jeffrey Ice. So to update EDI Secure LLLP's place in the marketplace, I add the above and below data.

My Pledge

I, Mr. Abdul Tawala Ibn Ali Alishtari, pledge my Foundation to halt child slavery activities including his Global Peace Film Festival, Inc., at www.peacefilmfest.org. I pledge moral support of legal, peaceful activities and my non-profit gifts offshore, onshore and globally, primarily with philantrophy from my personal investment to help halt all fraud, violence and scams hurting innocent children, women and families so help me God.
Posted by Abdul Tawala Ibn Ali Ali (53 comments )
Link Flag
Lessons to protect ID
Lessons to protect ID


Mr. AT Alishtari, POA and Founder EDI Secure LLLP, finds schools that are training the next generation of IT, IP and encryption experts are woefully inadequate at protecting the parents and the students ID from intrusion, theft and fraud. It was not seen as important however cyberthieves have borrowed from or stolen property alledging they were this or that person from property stolen online. Schools in their financial aid process collect enough information to be a scammer's paradise.

Schools will have to go with data offline as a platform approach at some point using Company technology or they will not have to keep it online in their database that is the same thing. Regardless, the future belongs to Company type technologies us U.S. Commerce Department NIST level 4 authentication. U.S. authentication and encryption standards were submitted to U.S. Congress Privacy Bill and U.S. Senate Cybercrime Treaty.
Posted by (66 comments )
Reply Link Flag
I agree with and add to the statement the below
A year ago, January 2006, EDI Secure LLLP was purchased by IDPixie LLC which owns the patent US 6,598,031 B1 granted on July 22, 2003 for APPARATUS AND METHOD FOR ROUTING ENCRYPTED TRANSACTION CARD IDENTIFYING DATA THROUGH A PUBLIC TELEPHONE NETWORK from inventor Jeffrey Ice. So to update EDI Secure LLLP's place in the marketplace, I add the above and below data.

My Pledge

I, Mr. Abdul Tawala Ibn Ali Alishtari, pledge my Foundation to halt child slavery activities including his Global Peace Film Festival, Inc., at www.peacefilmfest.org. I pledge moral support of legal, peaceful activities and my non-profit gifts offshore, onshore and globally, primarily with philantrophy from my personal investment to help halt all fraud, violence and scams hurting innocent children, women and families so help me God.
Posted by Abdul Tawala Ibn Ali Ali (53 comments )
Link Flag
To update comments, I must add the below...
This is so the data makes sense from anyone looking it up on my company...

A year ago, January 2006, EDI Secure LLLP was purchased by IDPixie LLC which owns the patent US 6,598,031 B1 granted on July 22, 2003 for APPARATUS AND METHOD FOR ROUTING ENCRYPTED TRANSACTION CARD IDENTIFYING DATA THROUGH A PUBLIC TELEPHONE NETWORK from inventor Mr. Jeffrey Ice. So to update EDI Secure LLLP's place in the marketplace, I add the above and below data.

My Pledge

I, Mr. Abdul Tawala Ibn Ali Alishtari, pledge my Foundation to halt child slavery activities including his Global Peace Film Festival, Inc., at www.peacefilmfest.org. I pledge moral support of legal, peaceful activities and my non-profit gifts offshore, onshore and globally, primarily with philantrophy from my personal investment to help halt all fraud, violence and scams hurting innocent children, women and families so help me God.
Posted by Abdul Tawala Ibn Ali Ali (53 comments )
Link Flag
In order to have this data be relevant the below update is added...
A year ago, January 2006, EDI Secure LLLP was purchased by IDPixie LLC which owns the patent US 6,598,031 B1 granted on July 22, 2003 for APPARATUS AND METHOD FOR ROUTING ENCRYPTED TRANSACTION CARD IDENTIFYING DATA THROUGH A PUBLIC TELEPHONE NETWORK from inventor Mr. Jeffrey Ice. So to update EDI Secure LLLP's place in the marketplace, I add the above and below data.

My Pledge

I, Mr. Abdul Tawala Ibn Ali Alishtari, pledge my Foundation to halt child slavery activities including his Global Peace Film Festival, Inc., at www.peacefilmfest.org. I pledge moral support of legal, peaceful activities and my non-profit gifts offshore, onshore and globally, primarily with philantrophy from my personal investment to help halt all fraud, violence and scams hurting innocent children, women and families so help me God.
Posted by Abdul Tawala Ibn Ali Ali (53 comments )
Link Flag
In order to have this data be relevant the below update is added...
A year ago, January 2006, EDI Secure LLLP was purchased by IDPixie LLC which owns the patent US 6,598,031 B1 granted on July 22, 2003 for APPARATUS AND METHOD FOR ROUTING ENCRYPTED TRANSACTION CARD IDENTIFYING DATA THROUGH A PUBLIC TELEPHONE NETWORK from inventor Mr. Jeffrey Ice. So to update EDI Secure LLLP's place in the marketplace, I add the above and below data.

My Pledge

I, Mr. Abdul Tawala Ibn Ali Alishtari, pledge my Foundation to halt child slavery activities including his Global Peace Film Festival, Inc., at www.peacefilmfest.org. I pledge moral support of legal, peaceful activities and my non-profit gifts offshore, onshore and globally, primarily with philantrophy from my personal investment to help halt all fraud, violence and scams hurting innocent children, women and families so help me God.
Posted by Abdul Tawala Ibn Ali Ali (53 comments )
Link Flag
Do adjust Mr. Alishtari's comments to the buyout of EDI Secure LLLP
Do adjust Mr. Alishtari's comments to the buyout of EDI Secure LLLP


A year ago, January 2006, EDI Secure LLLP was purchased by IDPixie LLC which owns the patent US 6,598,031 B1 granted on July 22, 2003 for APPARATUS AND METHOD FOR ROUTING ENCRYPTED TRANSACTION CARD IDENTIFYING DATA THROUGH A PUBLIC TELEPHONE NETWORK from inventor Jeffrey Ice. So to update EDI Secure LLLP's place in the marketplace, I add the above and below data.

My Pledge

I, Mr. Abdul Tawala Ibn Ali Alishtari, pledge my Foundation to halt child slavery activities including his Global Peace Film Festival, Inc., at www.peacefilmfest.org. I pledge moral support of legal, peaceful activities and my non-profit gifts offshore, onshore and globally, primarily with philantrophy from my personal investment to help halt all fraud, violence and scams hurting innocent children, women and families so help me God.
Posted by Abdul Tawala Ibn Ali Ali (53 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.