Searching for the weak link in university network security

Searching for the weak link in university network security

Summary: With university networks often propping up governmental research and policies, should these networks be given a higher priority when it comes to security? Article

SHARE:

Which is more important in a network: the client machines or the system infrastructure? This could be debated until the cows come home and further debated to include the cows. Personally I would say the latter, but as we have seen this week, one single client machines can open up an almighty can of whoop-ass on the entire network.

One could debate whether it was the update server administrator who was at fault (they were, by the way) as opposed to the machine running Vista, which Microsoft had issued a patch and security advisory for months before. While you, the readers, jumped on the anti-Microsoft bandwagon, I still maintain it was down to the fault of the one individual and not the operating system.

With recent events, along with past and future issues each institution has to face, how do they get the balance right between allowing academic freedom, yet maintaining security of the work produced? Can they provide an open and secure learning environment without diminishing access or availability? There are a few things to take into account.

Every UK college/university are connected to each other

The US academic institution network works somewhat differently to the UK. Most institutions are independent and have no real link or connection to neither central government nor other institutions. Some divisions and departments will work closely with government and other universities on specific topics, but the UK takes the high road on this one.

Every college, university and academic unit in the UK (anything that ends with an .ac.uk domain name) connects through JANET, the national education and research network. All institutions are networked through fibre-optics and high speed cables. Yet the infrastructure, mostly hardware, keep the entire network flowing yet carefully cordoned off from each other, allowing massive data transfers and network load balancing, without the risk of spreading malicious malware or localised issues further.

Overall this works well and keeps institutions ticking over with this technological brilliance. But should malware never seen before - a version 2 of Conficker for example - manage to break through the wires, it could infect every other computer on every other educational network in the country.

Wifi networks: student freedom vs. interception of data

One of the wonders of JANET is the Eduroam service - the wireless network which spreads across every university campus in the UK. Though some universities in the US are beginning their new ventures with WiMAX, for now the wireless service that Eduroam provides isn't bad.

No wireless protocol is absolutely secure, but for the time being it's still relatively difficult for someone to hack into a wireless network through interception of waves and packet sniffing. Eduroam uses MSCHAPv2, WPA2/TKIP technology along with Active Directory integration (don't ask me how, I wouldn't know where to begin) which allows you to login using your university credentials, but on any university campus across the campus. Eduroam seems to be the world's largest wireless network, and it's completely dedicated to academia.

But wireless technology is necessary for the physical freedom the student needs. No longer should we be confined to the dusty corner of the library. There's grass outside; it's where I tend to gravitate towards when contemplating study.

Academics often work outside the university, you know

Believe it or not, unlike school teachers, academics and scholars don't spend three months of the year wallowing in their own papers and research studies considered "time off". The majority of them seem to work for governmental departments, aiming to improve their speciality field through research and additional understanding. In my eyes, it is the world's universities which keep our respective governments afloat.

As these academics working for governments often work together, a certain level of governmental support in the security perspective is naturally provided. Yet in the case of the server hacking of the Climatic Research Unit at the University of East Anglia in an attempt to destabilise the Copenhagen conference, this erupted a number of issues towards university network security in regards to governmental input.

Vulnerabilities, operating systems and preventing attacks

No operating system is entirely secure, and it more often than not relies on the update administrators to keep everything patched. Then again, we tend to use Windows primarily in academia and avoid specialist-only machines such as Mac's for multimedia and Linux for super-computing.

But each client computer is a giant hole waiting to be filled with malware, student stupidity and all kinds of other nasties. With group policies and back-end administration, client computers are drones just hooked into the network and often restrict flash drive access and whatnot.

The point is no network is entirely secure. We can try our best but there will always be a weak link in some area of the organisation - whether it is a client side update which failed, to an entire suite of computers not being patched due to the incompetence of an updates administrator.

More often than not, the client machines are the weak link due to the vast number of inputs into the network considering with the vast array of users actually using them. All we can do is learn from our, and others' mistakes.

Topics: Networking, Mobility, Security, Wi-Fi

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

15 comments
Log in or register to join the discussion
  • Really, ...

    <font color=#808080>"No operating system is entirely secure, .... The point is <font color=#000000>no network</font> is entirely secure."</font>

    For your point, I would say, no sh!t sherlock.

    This is always the Windows fanbois excuse, explanation or conclusion to a Windows security problem. Since <em>"no network is entirely secure"</em> or, I'm sure you have heard this one, 'its not only IE, all software have bugs' so therefor, it can not, most not, and will not be a Windows problem.

    Who have a vested interest in keeping the Windows ecosystem security just the way it is? If you answered hackers, your answer is wrong. The AV companies hence hackers don't have share holders. How else can some so call security companies get so rich off of known flaws and defects in <strong>one</strong> particular product (Windows).

    Denial is a much more <strong>serious</strong> problem in the Windows ecosystem than security. It starts at the top.

    <font color=#808080>"Searching for the weak link in university network security"</font>

    PS. My suggestion is to start with Windows and IE. Your network is only as strong as it's weakest link.


    ^o^
    <br>
    n0neXn0ne
    • Exactlly what I said!!!

      It's nice to see one of the brighter people here posting some common sense!!!!

      People like us know that Linux is UNHACKABLE and that it's about time that companies and schools start waking up to the fact that Windoze is the weak link. It doesn't matter how patched or up to date your M$ software is, it never really is, not like Linux. With MILLIONS of people working on Linux everyday, you can understand why it's the OS for smart people like us!
      Ron Bergundy
      • are you serious?

        Linux = Unhackable?

        Now I use and support linux and oss, but for anyone to say linux is UNHACKABLE is a joke. It is just as hackable as anything else if someone doesn't take the time to make it secure.

        In a Network Security class our finial project was to hack into Linux/Windows machines through any way that we could find. Our instructor set the boxes up as secure as he could and we went at it. I had a root level account in 2 hours. Seems pretty unhackable to me......
        hitchcock416
      • millions and hundreds of millions.

        http://blogs.techrepublic.com.com/hiner/?p=3372

        1% and climbing to 2% in a decade maybe
        MLHACK
        • I believe you might be mistaken

          Last time I checked the largest Internet properties were not running on windoze.

          I think you should revise your numbers if you can.
          The Mentalist
          • There Correct

            Numbers are correct for desktop usage...
            MLHACK
          • Irrelevant, the desktop market is vanishing

            Linux is growing fast where it matters.
            The Mentalist
          • Where does it matter ?

            Seems like an open ended statement. Where it matters is in the eyes of the CIO, systems admin etc... What the &uck are you talking about the desktop is vanishing that is the most stupid a&s statement i have every heard.
            MLHACK
  • RE: Searching for the weak link in university network security

    Surely its the network infrastructure thats imnportant.

    In todays world especially at an academic institution there will be many operating systems connected to the network. XP, Vista, 7, Macs up to 10.6, Ubuntu and others. Some are (supposedly) monitored and updated by the organisation, some will be used by sensible users who understand and do all they can to protect their machine but and this is the shocker (well it was for me when i started supporting students) some intelligent people will be running machines with no AV, no firewall and the user will click on anything and everything until the machine just slows to a crawl and implodes. Theres also the students studying IT who have little projects that sometimes get out of hand :-) .

    Surely you design your network so that the VOIP phone system is seperate from your essential business system servers and your data storage servers and your email and your virtual learning environment and your management information systems and your open access machines and your users machines.

    No matter the operating system of the machines, the network admins should not allow a threat in one of those networks to affect the entire organisations network adn bring everything to a halt.

    Just my $0.02
    fade2blackuk
  • A correction

    You wrote: <i>"The point is no network is entirely secure."</i>

    When you should have written: <i>"The point is no network <ins>that lets insecure clients in</ins> is <del>entirely</del> secure."</i>
    The Mentalist
  • The weak link was Windoze!

    How much more obvious can it be? Don't blame it on the admin, he can only do so much with the tools he's got to work with.

    When you are forced to use M$ software, you just do the best you can. Given that the admin had all the LATEST patches and antivirus software installed the firewalls configured correctly, and admins watching the network, this virus still took down the school, so don't blame anyone other then M$!!
    Ron Bergundy
  • RE: Searching for the weak link in university network security

    Since Linux doesn't get Viruses, all you have to worry about is hacks. This makes Linux inherently safer since time to check for security holes is the enemy of system admins.
    tburzio
    • ok so............

      As long as you have that train of thought i would love to come into your network and "play" around. viruses for linux exist. they are not as popular as windows. most people wont run into them but it is only a matter of time until the virus makers figure out that it will be a lot of fun to start going after linux and start mass producing them. Linux is only "Inherently" safer because people don't go out of their way to attack it.
      hitchcock416
      • re: ok so............

        <font color=#808080><em>"...but <font color=#000000>it is only a matter of time</font> until the virus makers figure out that it will be a lot of fun to start going after linux..."</em></font>

        Let's not deal in hypothetics.

        <font color=#808080><em>"Linux is only "Inherently" safer because people don't go out of their way to attack it."</em></font>

        Why should they <em>"go out of their way"</em> when there is a much easier target (All versions of Windows and IE) available.

        PS. So long as Microsoft Windows the epidemic exist, they will NOT "go out of their way", trust me.

        ^o^
        <br>
        n0neXn0ne
      • Hitchcock says.....

        "Linux is only "Inherently" safer because people don't go out of their way to attack it"

        with still well over 60% of the world servers are running Linux...and you think no one is trying to hack them?

        I believe it m ore of a matter of conscience.

        Many Windows users like the idea of Free software and strive to have it.

        Unfortunately, many users in that group steal the software.

        Linux is open source and very few programs are for sale (Mainly Specialized Programs)

        So there isn't anything to steal or need a crack for...or a serial number... Where most of the problem of malware comes from.

        Also the Linux Kernel is totally different security wise.
        RandallR