Security Perimeters in Academia - PowerPoint PPT Presentation

1 / 12
About This Presentation
Title:

Security Perimeters in Academia

Description:

As a research and education center, CERIAS leads the nation in its understanding ... Viruses and Worms run rampant at times. Challenges in Academia: Research ... – PowerPoint PPT presentation

Number of Views:34
Avg rating:3.0/5.0
Slides: 13
Provided by: keithw1
Category:

less

Transcript and Presenter's Notes

Title: Security Perimeters in Academia


1
Security Perimetersin Academia
  • Keith A. Watson, CISSP
  • Research Engineer
  • Center for Education and Research in Information
    Assurance and Security

2
About CERIAS
  • World Leader for Research Education in
    Information Security1st of Its Kind
  • Multidisciplinary Approach Range from Highly
    Technical to Ethical, Legal, Educational,
    Communicational, Linguistic, and Economic Issues
  • As a research and education center, CERIAS leads
    the nation in its understanding of computer,
    network, and communications security as well as
    information assurance.

3
Overview
  • Challenges in Academia
  • Perimeter definition
  • Inside v. Outside
  • Relevant regulation
  • Changes over the years

4
Challenges in Academia Management
  • The university (Purdue PRF) operates as a
  • Large corporation (VPs, gt14k employees)
  • Non-profit foundation (trusts, gift-acceptor,
    IP-holder)
  • State agency (state funding, extension programs)
  • Federally-funded research lab (DoE, DoD, NSF,
    NIH)
  • Law enforcement agency (state police powers)
  • Healthcare facility (patients and doctors)
  • Landlord (mortgage-holder, property management)
  • Financial services firm (admin financial aid and
    trusts)
  • ISP (supplies network connections to departments)
  • School (we have students too!)

5
Challenges in Academia Management
  • University IT provides infrastructure
  • WAN, campus network, WLAN
  • Identity management and student services
  • Shared, public instructional systems
  • Optional security services
  • Departments manage their own systems and internal
    infrastructure
  • Internal, shared system administrators
  • Aging equipment, unsupported software, updates?
  • No internal separation of sensitive systems
  • Viruses and Worms run rampant at times

6
Challenges in Academia Research
  • Balance Openness and IP Protection
  • Untrained IT Labor
  • Undergrad/Grad student system admins
  • Short-timers (average 1-2 semesters)
  • Big insider threat problem
  • Student hackers on the inside
  • Workers chosen for technical skill rather ethics

7
Security Perimeters in Academia
  • Perimeters are tough to define because they are
    not defined by policy
  • Few universities have any security policies
  • Policies on university operations and academics
    considered a necessity
  • But, policies on research considered an
    impediment
  • Openness is an asset to a research institution
  • Very little coordination or cooperation

8
Security Perimeter Definition
  • Network boundaries
  • Anything past our router is outside.
  • Firewall? Thatd be nice.
  • Physical boundaries
  • The research systems are kept behind that door,
    which we occasionally lock.
  • The department servers sit in a nice office.
    They never get cold because its 93? in there.
  • Buildings and labs open to all, most of the time
  • No access control systems (just keys and open
    doors)

9
Inside v. Outside
  • Inside the university network
  • Only university IT-owned infrastructure trusted
  • Residential networks not trusted
  • Inside the department network
  • Department-owned infrastructure trusted
  • Client systems somewhat trusted
  • Partnerships, Cooperative Agreements
  • Interconnections somewhat trusted
  • Everything else considered outside

10
Relevant Regulation
  • Family Education Rights and Privacy Act
  • Personally identifiable information student
    records must be protected
  • Health Insurance Portability and Accountability
    Act
  • University out-patient services (PUSH)
  • Teaching hospitals (IUPUI)
  • Computer Security Act
  • Some research centers have Federal Interest
    systems

11
Changes Over the Years
  • Moving to greater business participation
  • From occasional interest in IP
  • To big push for IP licensing and start-ups
  • Moving to corporate style management
  • From groups with multiple or unclear functions
  • To clear definition of business function
  • Moving to centralized management
  • From department user accounts
  • To campus identity management services and career
    accounts

12
Summary
  • Academic security perimeters are
  • Difficult to see
  • Difficult to protect
  • Not part of the usual security management
Write a Comment
User Comments (0)
About PowerShow.com