Tech U: Taming the Masses
Posted by
Jordan Wiens
April 07, 2006
When it comes to security, institutions of higher learning are as likely to be delinquents as they are honor students. Why? Because some security infrastructure elements that corporations take for granted are conspicuously absent at many universities. University security administrators may choose not to implement campuswide firewalls, for example, for fear of restricting legitimate traffic or impeding research. In response, IT groups may develop better passive IDS (intrusion-detection system) signatures, more intelligent and aggressive vulnerability scanners, or smarter end-point validation software. Some universities have adopted commercial products for node validation.
|
|
|
Reasons for eschewing some security technologies on campus are part financial, part political. Many in education see security as limiting access and as having a default-deny policy instead of default-allow. This ethos is contradictory to the nature of educational institutions, whose mission is to encourage learning, discovery and open access to information. If you inhibit cutting-edge researchers and make teaching difficult, you won't attract the best professors, students or grants. The ways colleges work around this issue could signal how corporations cope down the road.
Eureka
Many of the security developments that come out of universities are driven by the technical staff as much as the research faculty. Those running the network must manage a diverse community--much of it comprised of end-user machines that are not properly maintained--in a way that scales and is cost effective. Not easy, given the support-staff-to-users ratio.
