In-Depth

Back-to-School Supplies for Secure Campus Networks

Labor Day marks the move-in for most students, and it also marks the beginning of labor-intensive work for IT departments across colleges and universities nationwide. Find out what one institution is doing to secure its network for the school year.

• By Jason Turcotte
• 09/05/2006

Each fall–before ever stepping foot on campus–students carry computers infected with viruses or Trojans that act as a vehicle for spam-inflicting botnets. While these attacks simply mire the networks, they also make schools vulnerable to debilitating attacks. IT professionals at schools such as Wesleyan University, LaSalle University, City University of New York (CUNY), Hofstra University, Princeton University, and Brown University are utilizing some relatively new technologies to safeguard their networks.

Since the 2005-06 school year, use of Cisco Clean Access (a network admission control product) has been a requirement of students using the network at Philadelphia’s LaSalle University. Once each student implements Clean Access, it examines the computer and installs the most up-to-date security software. It punishes users violating a school’s security policies by blocking, isolating, and repairing non-compliant systems.

“They’re not allowed on the student network until all those requirements are met,” said Jeff Leisse, software specialist, LaSalle.

The results are garnering some acclaim. Leisse says since the new software measure was implemented, the University has had no serious virus problems and the IT department has had to disconnect fewer student users from the network.

“We were experiencing a lot of network slowness throughout the school year, so instead of buying a higher bandwidth we went with Clean Access,” Leisse said. “It had both to do with getting ahead of the game and alleviating some of the downtime.”

Clean Access (http://www.cisco.com/en/US/products/ps6128/index.html) scans systems for anti-virus updates and provides critical patch updates to Windows and registry settings. The software also allows the network to partially or fully restrict access for a user, depending on the hazard level and the type of security threats located within a computer.

Another cause for booting students from the network was viruses carried through spam mail. The University had been using SpamJam, but Leisse said the software brought a host of problems to the network, including issues with “false positives” (legitimate e-mail deemed spam) through the software. E-mails were often trapped under quarantine and it took students up to five minutes to gain access to that box. Leisse also blames the software for the high number of spam e-mails landing in inboxes.

Last year the school switched to Proofpoint (http://www.proofpoint.com/solutions/education.php) software, which Leisse says blocks spam more effectively, requires little configuration, and automates the anti-virus upgrade process. It also detects when a user sends spam or viruses outside of the network, but Leisse says that has yet to happen at LaSalle.

A third strategy–new this year at LaSalle–is a school laptop program. All incoming and returning students are eligible to purchase a discounted laptop from the school’s IT department. These systems are specially configured by IT staff to automate security updates, meaning students need only access the security software once for their initial log-in.

Whichever solutions a school’s IT department settles with, their days of summer planning are numbered and students are just a few keyboard strokes away from introducing some very real network threats.