[ISN] Study shows students cause computer issues
InfoSec News
isn at c4i.org
Tue Nov 15 01:26:43 EST 2005
http://thetartan.org/news/2005/11/14/computer
by Matthew McKee
November 14, 2005
According to a recent survey published by the Chronicle of Higher
Education, you are your computer's worst enemy.
The survey reported that out of 319 studied incidents, recklessness
and apathy caused roughly 40 percent of computer security problems.
This means that many network security problems such as viruses, data
loss, and remote hacker control of a personal computer arise from a
common source that causes more problems than malicious hacking:
student negligence. Students push aside their responsibilities to
follow network policies, and this creates far too many problems that
network security administrators want to prevent.
Joel Smith, the vice-provost and chief information officer for
Computing Services at CMU, said that most responsibility falls "in the
hands of the users themselves." He said that the lack of student
adherence to network guidelines causes the "vast majority of incidents
of intrusion." Although CMU did not participate in the Chronicle's
survey, its findings may have fallen in line with other universities
across the country.
Smith emphasized that with an open environment of computing,
"incidents of intrusion" become much harder to control. Student use of
the Internet presents a "real challenge" for Smith and his colleagues
to monitor. "The campus network is not like a corporate structure
where everything is rigidly controlled," he said, "[so] this is a
joint effort between students and Computing Services." However, he
qualified this statement by saying, "We are still in an era of
computing responsibility.... A lot of weight still falls on the
individual." This weight at CMU means precautions that users must take
- unless they want to see their network connections turned off.
Conor McGrath, the University of Chicago's manager for network
security, says that his university pursues network security a bit
differently. They distribute a compact disc containing a "connectivity
package" and require students to firewall their machines. The laundry
list of precautions for this institution proves much shorter than the
to-do list CMU gives its residents. McGrath does not want to cross the
line of student privacy, but at the same time, security has become
such a major issue that his office has taken responsibility for the
security of the dorm networks "to a certain point."
McGrath, like Smith, admitted that the "vast majority" of incidents
stemmed from user carelessness, but, he said, "Students are worried
about being students. They're not trying to become computer security
experts." He said his office currently wants to develop programs to
raise user awareness and reduce the number of security incidents, but
he sees a problem in convincing students to turn away from merely
skipping policies and ignoring advice. He identified a "click-through
culture" that needs a dramatic reduction.
Both McGrath and Smith brought up the necessity of good dialogue
between students and computing security officials that will help
promote student responsiveness to security problems. McGrath said, "A
computer is not as easy to use as a toaster. Unfortunately, students
want to treat their computers as appliances."
More information about the ISN
mailing list