One of the most
hostile places on
Earth for a computer, after the open
LANs of
Defcon and
Rubicon (although at least those two make it public that you're in for a wild ride). Every fall
semester, you have several thousand new
students arriving on campus with their brand new
computers or older family
PCs. These computers, almost always, are infected with
spyware and
viruses. Very few of the computers have
anti-virus software or
firewalls.
Among the first things that
new students do is to enable file sharing and proceed to look around the campus
network and see who else is
sharing files. At this point,
infected files are copied across the networks, in addition to viruses (such as
Klez, which is aware of a writeable network share) that spread across to other computers. Despite the efforts of
network admins to distribute anti-virus
programs to the students, very few of them
install such programs or
update them.
Another
software item which should be provided (but isn't) is the
firewall. Your average student has little knowledge of
network security or
exploits, yet they run
state of the art Operating Systems with known
security flaws, especially
Windows XP Professional. The students frequently also have no real idea of what
exactly they need or have installed, and so they run
webservers, just because that's what was under the default install.
College networks, in addition to
cable modem IP ranges, are among the most heavily
scanned regions of the
internet for testing
exploits, for precisely the above reasons. Furthermore, since
universities are frequently stingy with the money set aside for wiring the
dorms, they purchase large
hubs and don't bother to
secure them or set up any sort of monitoring system. This enables students to capture
POP or
IMAP passwords and monitor
IM conversations in real time, with the aid of a
packet sniffer.
The solution to the large quantity of
security problems inherent in a campus
network is threefold:
The first priority is cleaning up the students'
computers, and this can be done by forcing the web browsers of the students' machines to a
web page containing detailed
instructions on updating to the latest
service pack of their
OS of choice and tools such as
AdAware for cleaning off spyware.
The second
priority is keeping the computers safe, and this requires locating or writing a simple to use (and free)
firewall /
Intrusion Detection System and providing extensive details on how to install and
configure it.
The third priority is upgrading the network
environment in the
dorms, by replacing the
hubs with
switches, setting up a few
PCs in strategic locations to
monitor the network to ensure that no one is attempting to
sniff the switch for passwords and conversations. This requires a considerable amount of
time and
money, because
switches are more expensive than
hubs, and there will be well over a hundred hubs that need replacing.
Although this is a very large task, it can be done, given a
dedicated enough
network admin team.