It's a day Chris Cramer would like to forget.
On the day students returned to campus last year, Cramer, an IT security officer at Duke University, found himself scrambling to lock down the institution's computer network. The Blaster attack had arrived with the moving vans.
"It was an interesting first day," he said. "There are 35,000 computers in Duke's network, including up to 6,000 laptops and PCs in the dorms, so there are a lot of avenues for problems to get through."
With students back for a new academic year, university IT managers are bracing for more trouble, but also confident they have the right measures in place to minimize whatever damage comes. At Duke University in Durham, N.C., Cramer said those measures include educating students and faculty on the threats they face when surfing the Web or exchange e-mail; and scanning every personal computer for infection before users are allowed to connect to the campus network.
"The first assumption we make is that the Internet is a hostile place and that the campus network is a hostile place," Cramer said. "The border firewall isn't going to protect you. In the end, it's the responsibility of individual computer users to maintain security on their machines. We're trying to educate people on viruses, worms and Trojan horses and the need to have individual firewalls."
Since it's impossible to keep tabs on every computer user, he said scanning and blocking technology is also in place. "In order to register your machine on the network, your computer is scanned. If a problem is found, you won't be allowed to connect," Cramer said. If a computer infection is found, he said the user is informed of the problem and advised on what patches need to be installed before network access is allowed.
Duke's security measures are similar to those adopted by other colleges and universities. Earlier this year Paul Schmehl, adjunct information security officer for the University of Texas at Dallas and a founding member of the Anti-Virus Information Exchange Network (AVIEN), said his university has a group policy mandating that individual machines have updated virus protection. The network also has an intrusion detection system that disconnects individual users and updates their security software when problems are found, he said.
Unlike the University of Texas, Duke has no such policy. "We feel that it's very difficult to enforce a policy on individual machines," Cramer said. "There are too many out there, and people have or don't have different programs on their computers for different reasons."
So far, he said this year is off to a more tranquil start. He saw a spike in the appearance of W32.Sdbot when students returned, but not much more. "Having students back certainly means more machines to infect, but I have yet to see a massive outbreak here," he said last week.
Still, antivirus experts believe academia faces a growing information security threat in the years to come.
"We see more and more trouble at universities," said Chris Novak, senior security consultant for Belgium-based security firm Ubizen. "The danger increases each year as more students start using laptops in their dorms, many of which aren't secure. Universities tend to operate in a reactive capacity. They need a more proactive approach."
Novak's advice to university IT managers is to maintain up-to-date perimeter defenses and conduct frequent vulnerability assessments. And despite the difficulty of enforcing a written policy, Novak said, "It's important to have clear policies for students and faculty to follow." His message to students and faculty: "You need to update your antivirus."
Tom Corn, vice president of business development for Cambridge, Mass.-based security firm Mazu Networks, agreed, and believes institutions are learning the lesson. "I'm seeing that educational institutions that had never cared about firewalls are now ordering them," he said. "They can also strengthen their defenses by restricting and getting rid of rogue e-mail and Web servers. Don't allow what you can't control."