Preventive Medicine

When the first-year students arrived on campus at Illinois Wesleyan University in Bloomington, Ill., this year, they were greeted by the school’s IT staff who, among other things, helped them protect their PCs before hooking up to the university’s network. This proactive approach helps keep computer virus infections to a minimum. In addition, it builds up considerable goodwill between the IT department, students and their parents.

As Trey Short, director of computer services, explained, “We knew that when students arrived with their computers, our campus network would be vulnerable to virus and spyware attacks.”

The tech department decided to take a multilevel approach to defending its network and the students’ computers by combining technology and user education early in the school year. According to Short, “We started early and sent information to the freshman-class students in the very first mailer, then we presented several sessions during orientation about viruses and spyware.”

Parents and students attended the sessions and were notified that CDs with diagnostic tools, antivirus programs and antispyware would be available for use on the incoming computers at move-in time. IT staff members, along with student assistants, were in each residence hall during the move-in process to help with unboxing and setting up the computers, and to check that PCs were protected before they were connected to the network.

As a result of the staff’s preparation and active involvement, Short says the IT department reduced the time it spent repairing infected computers from one week the previous year to a day and a half this year. The tech leader attributes the speedy startup to several factors.

“Most of the students have broadband connections at home and are already familiar with a networked environment, so their computers are already fairly well-protected,” Short says. This was different from past years, when dial-up access was more prevalent at home, and virus infection may have been less pervasive. “Plus, almost all of the computers were set up to automatically update their operating systems,” he adds.

Now, with school in session, Short reports a slight uptick in reports of virus attacks, but the overall PC population is running smoothly. The campus employs a set of automated tools that monitor campus network traffic and alert the staff to unusual traffic that could be virus related. Affected computers are automatically isolated from the rest of the network, and a message is displayed on the computer’s screen instructing the student to contact the support desk.

Meeting the Challenge

According to Jay Heiser, research vice president for Gartner Group in London, “We generally see the biggest threat to the academic computing environment coming directly from within the student population. After all, they are the trendsetters and are in school to experiment.” He adds that many campus CIOs are on the leading edge in terms of security practices precisely because of the challenges they face.

Heiser says it’s normal to segment the student computing environment from the institution’s systems. Campus IT departments are faced with a challenge that only a few corporate environments are beginning to face. “Most companies own the computers on their employees’ desks and therefore have significant control over them, whereas universities are open to any number of unknown computing hazards that are beyond their control,” he explains.

Today’s academic CIO is faced with balancing isolation, control and security failure. To help tech leaders, Heiser identified the multiple levels of control that can be attained:

• Minimum Control: Assumes that every computer has, at minimum, antivirus and antispyware software installed. Under this model, the individual computers may be as safe as they would be in their homes.

• Firewall Protection: Assumes that computers only allow access to and from known “safe” connections. In addition to the firewall at the network perimeter, personal firewalls are used to limit access to the individual computers.

• Network Intrusion Prevention (NIP): Creates a single choke point where all traffic between the campus network and the Internet can be monitored, analyzed and controlled.

• Host Intrusion Prevention (HIP): Creates a coordinated and highly maintained level of protection in each computer. These are usually monitored by a central service each time a computer connects to the network, and current patches and updates are applied automatically.

A Combo Approach Is Best

Using a combination of NIP and HIP can provide high levels of protection from both internal and external attacks. However, the lack of control over individual computers makes full enforcement of any but the NIP model nearly impossible.

Given this complication, the best way to avert problems in the academic environment may be the approach Short and his team have taken: Provide the right tools and education at the right time, and get to know the students and their systems personally by helping them.

The personal interaction may help prevent internal attacks, or provide some insight about the likely perpetrator, should one surface.