Minimizing Security Vulnerabilities in High-Tech Classrooms
Emerging technologies are quickly becoming part of our daily learning and teaching endeavors in academia. Since we have ubiquitous access to certain high-tech tools and must learn how to integrate these tools in educational settings, it has become almost unreasonable to go back and do things as they were 10 years ago. However, we also encounter problems and weaknesses in the same high-tech environment that uses and delivers information through computer networks. Issues range from maintaining secure networks in classrooms to having a better quality learning environment for students and faculty to use and share information systems.
Today, it is a common practice for most universities to use networked computers that enable users to communicate freely with each other. However, only a few students, faculty members and administrators are aware of the risks and vulnerabilities that exist in their network operating systems. Dr. E. Eugene Schultz, a principal engineer at the Lawrence Berkeley National Laboratory and editor-in-chief of Computer & Security, reports that universities are "among the least secure places in the universe as far as computing g'es" (Foster 2004). This is because most colleges do not perform risk assessments of their network systems, and many administrators do not periodically review their policies as required by federal regulations. In addition, students often are not fully aware of the need to use anti-virus programs or how to properly use copyrighted materials, and faculty members frequently assume that computers in their offices are secure (Foster 2004). The following are some of the common threats that campuses face every cyber day, as well as solutions to minimize those threats.
Our campus has numerous high-tech classrooms that include desktop and laptop computers, electronic whiteboards, LCD projectors, scanners, printers, VCRs, and digitizers in a networked environment. Even though the computer configurations in these classrooms vary due to the differences in academic disciplinary needs, the bare bones of the computer systems and software are standardized in products such as Dell computers and Microsoft Office.
Viruses interfere with instruction by causing temporary or permanent damage to computer systems. Last summer, just before the academic year started, a chain of new viruses and spam attacks made everybody reflect on this issue more seriously, especially when faculty realized that these viruses could have caused productivity loss by destroying entire computer systems and/or certain files on school computers. As cyber attacks spread and carry serious threats to our newfound technology-rich learning environment, we have to work harder than ever to keep our classrooms secure and instructionally efficient. As a faculty member utilizing a high-tech environment every day, one can wonder just how many of us are actually aware of the best ways to protect our classrooms.
First, we need to understand how our systems get infected by viruses. Each day, we exchange information with our students using various technological tools, including e-mail, CDs, floppy disks, USB storage devices, scanned copies of documents, WebCT or Blackboard, network drives, etc. All these methods of communication are vulnerable to virus infections or other threats. In other words, most viruses attack our systems from three basic channels:
1. Network-based computers to which our labs and offices are connected;
2. Home or dorm computers; and
3. Wireless computers.
The second step is to understand basic terms such as "authentication" and "encryption," as well as to know their roles in network systems. For instance, most operating systems are based on security authentication systems to recognize users. In this regard, all the permissions and restrictions to use a campus computer are based on authentication after successfully logging on. With Windows-based computers, students and faculty members who want to access a computer on campus need to press the "Ctrl-Alt-Delete" keys, and then enter a valid user name and password.
Many computer labs in universities have generic user names and passwords created by technical services to make the transition of logging in easier. Encryption is another method that gives hackers less chance to capture our user IDs and passwords. Finally, it is important to understand the ways of protecting computers on a continual basis. There are currently many good anti-virus programs on the market. Our campus, after a diligent search of available programs, has decided to use Panda Software (www.panda software.com) to secure high-tech classrooms, as well as campus desktops, laptops and wireless networks.
Spam is "flooding the Internet with many copies of the same message in an attempt to force the message on people who would not otherwise choose to receive it" (Mueller). We get spam messages through our e-mail accounts as well as by accessing Web sites. Our university uses PureMessage software from Sophos to protect its users. Similar products from companies such as FrontBridge Technologies, Symantec and SurfControl also provide comprehensive protection services to customers, including general virus protection for desktops, servers and remote laptop users.
Odyssey is a security solution that lets users securely access a wireless local area network. With Odyssey, a product of Funk Software, it is possible to connect to other networks securely. This package allows and uses a variety of authentication profiles and methods so that wireless users can get into access-point networks or peer-to-peer networks as a means of connecting to the Internet. (Access-point networks are one of the most common methods of networking, allowing users to link their computers to a single network system. When there is no access point, two or more computers can create a private network through peer-to-peer networking. This is especially desired when users want to share files and applications.) The following are requirements to secure wireless networks from the "Odyssey Client: User and Administrator Guide" (online at www.funk.com/Docs/odyc30man.pdf ):
- A user must be authenticated by the network before he or she is allowed access to make the network safe from intruders. For instance, one needs to have a security code to open the main door of a building.
- The network must be authenticated by the user before the user allows his or her PC to connect to the network in order to prevent a wireless device from posing as a legitimate network and gaining access to the user's PC. This is similar to having the right key to enter a certain apartment in a building.
- The mutual authentication between user and network must be cryptographically protected. This ensures that we are connecting to the network we want and not to some phony one. In other words, we need to have one set of original keys to enter into our apartment.
- The wireless connection between a PC and access point must be encrypted, so eavesdroppers cannot access data that is supposed to be private. This reminds us to have a unique and nonduplicable key to access our apartment.
A firewall is another way of securing our systems against unauthorized access. Firewalls act as a packet filter within computers linked to the same server. In addition to the anti-virus and anti-spam programs, firewalls provide extra security for information systems. Our university saved money and enhanced efficiency by using an open-source firewall solution. We employ Linux netfilter firewalls configured with an open-source rule editor (Firewall Builder). These open-source firewalls are employed for network monitoring, sniffing, intrusion detection, incident response and vulnerability scans. (For more information on firewalls and a list of best-selling firewall programs, visit http://computer.howstuffworks.com/firewall.htm.)
Student Information Technology Services
Viruses and spam are easily spread around because many students and faculty do not know how to deal with them. In addition, you must be aware that no anti-virus system can offer total protection. But what happens if computers do get infected? Our university offers a free student service called Student Information Technology Services (SITS, online at www.westga.edu/~sits). SITS repairs student computers for free and provides assistance to students who have technical problems. Such systems could play a very critical role on campuses if you think of the limited budget of college students. The problem, however, is how to let students know as much as possible about the existence of this free service.
Use of Common Software Programs
We use various software packages based on different student needs and curricular goals in our classrooms. One thing we find very useful as a software purchase strategy is to use the same set of programs in all high-tech classrooms. This gives students a better understanding of the different programs needed to complete their assignments. Our university has the Microsoft Campus Agreement, which gives the Office suite and Windows XP systems free of charge to all students. Faculty also can purchase these programs under the umbrella of the Microsoft Campus Agreement program.
The Fight Against Vulnerability
The fight against viruses is somewhat easier and more straightforward when you have an anti-virus program installed on computers as well as on network servers. This creates anti-virus systems that update their tables daily. In addition, blocking and filtering options of e-mail programs help to minimize virus and spam infections. However, fighting against spam is much more difficult and complex than fighting viruses. The best solution is to keep your e-mail addresses as nonpublic as possible. You also must be aware of the limitations of your information systems, and never forget to back up your confidential information and data regularly.
Foster, A. 2004. "Insecure and Unaware: An Analysis of Campus Networks Reveals Gaps in Security." The Chronicle of Higher Education. 50 (35).
Mueller, S. "What is Spam?" From Spam.abuse.net. Online: http://spam.abuse.net/overview/whatisspam.shtml. Retrieved on May 19, 2004.
This article originally appeared in the 08/01/2004 issue of THE Journal.