Managing the Network Security Challenge
While I was Chief Information Security Officer (CISO) at Temple University, one of the primary challenges we faced was explaining how Information Security was related to Network Management and how that challenge was addressed in Academe.
Here is my article, as published by Syllabus Magazine, now called Campus Technology Magazine, in January 2004.
Managing the Network Security Challenge
For university information technology departments, a balancing act can be challenging. University computer networks are an essential component of university operations. Yet, they are often large, heterogeneous, open, and used by thousands of individuals whose computing habits and expertise are largely unknown.
At Temple University, for example, approximately 16,000 systems—from mainframes and mid-ranges to PCs and laptop devices—connect to a hybrid wired and wireless network. Individual schools and colleges within the university own many of the systems. Students own the remaining connected PCs, laptops, and tablets. Temple University has a diverse user community, ranging from students with no computer experience to professors who teach Computer Science. Consequently, protecting a customer base with such a wide span of expertise poses its own set of challenges from both a technological and an educational perspective.
Add to the complexities of delivering an open, yet secure, computing environment, even as new and increasingly sophisticated forms of malicious computer code are being launched every day, and the obstacles appear insurmountable. At Temple University, the individual ability of departments to do research and teach is tied directly to security—especially to virus protection. In fact, left unchecked by anti-virus software, one of today’s fast-spreading threats could shut down an entire network.
As a result, Temple University set out to determine how to maintain a desired level of security across such a varied network and user landscape.
The first priority toward maintaining the appropriate balance between security and freedom was to educate users on security risks. Students, faculty, and staff needed to understand how viruses threatened their computing infrastructure, what they could do to reduce this risk, and how they would benefit from having a more secure network.
To that end, the Temple University launched an awareness campaign. Through frequent e-mail flashes, brochures, and online articles, users learned what viruses were, their effects, and how to prevent them.
And how have students responded? Out of 6,500 residence hall students, only two were reluctant to take part in the Temple University’s anti-virus program. One was already using a solution from home, while the other was unacquainted with anti-virus of any type.
Temple University also determined that universities generally have three technology-related options in addressing the network security issue. First, they can simply hope students and other users purchase and install their own security software. Second, they can secure the network but leave the security of individual machines up to the colleges or individuals who own them. Third, they can provide every client system with a security solution that is centrally managed and coordinated. Temple University chose the third option—with measurable success.
Temple University’s anti-virus software puts virus protection at the workstation and server tiers of the network.
University IT personnel can manage individual users as well as groups of users and can make sure all systems are up-to-date and configured correctly. Symantec Anti-virus leverages the vendor’s automated virus submission and response mechanisms to quickly detect, analyze, and repair viruses. The software makes it easy for IT administrators to enforce anti-virus policies across the multi-platform environment.
With a managed anti-virus solution in place, Temple University has been able to side-step many of the recent virus and worm outbreaks that have plagued other institutions.