College networks three times more likely to be infected with malware than government or business.
By Michael Peters
Cyber security is transitioning from small, local problems to global issues affecting nations, Arne Saustrup, senior manager of network and operations for the Alamo Colleges, said during a presentation “Network Security and the Alamo Colleges: Think Globally, Act Locally” Oct. 28 in the nursing complex.
Saustrup cited the National Defense Industrial Association’s list of the Top 5 national security threats. Cyber attacks ranked third behind bio-threats and nukes but ahead of climate change and transnational crime.
“This isn’t so much about me getting a worm on my PC; we’re talking national security here,” Saustrup said.
The Affordable Healthcare Act, or Obamacare, website has been in the news lately, and Saustrup referenced a Computer Reseller News story that talks about spammers targeting it as an opportunity to take advantage of people.
“The spammers out there are targeting these things,” Saustrup said. “I predict some of you may have already gotten them. In the next six months you’ll get an email; it’s going to say go to this site to check out cheaper health issues. They’re going to absolutely use current events that are going on; they’re going to absolutely target based on these things.”
Continuing with the global scale of cyber security, Saustrup spoke about Stuxnet. Stuxnet is a “very sophisticated” computer worm designed to attack Windows and also Siemens industrial control systems.
“It is highly probable Stuxnet was created by the CIA and Israeli intelligence,” Saustrup said. “And it was targeted after Siemens industrial control systems that controlled industrial centrifuges used in uranium enrichment by the Iranian government. (It) looks like it was highly possible this was a state-sponsored malware attack designed by us and the Israelis to attack, basically, the development of the Iranian bomb.”
Saustrup referenced a Campus Technology magazine story, which reported networks run by colleges and universities are three times more likely to be infected with malware than networks in government agencies or businesses.
“We’re trying to balance security with access and openness for everybody,” Saustrup said. “The idea is that you guys walk on campus and you expect your smart phone to work, you expect your laptop to work … but you’re operating in an environment that’s three times more likely than a business to be infected. You need to take care of yourselves; you need to be cautious with what you do here in the university environment because it’s an inherently less secure environment than a business or national agency.”
Saustrup said the security approach at the Alamo Colleges is to follow the Educause best practices. According to educause.edu, educause is a nonprofit association whose mission is to advance higher education through the use of information technology.
“No single defense is 100 percent effective,” Saustrup said. “You want to create overlapping defenses at every level of IT architecture.”
Saustrup spoke about Internet access controls that look for easily identifiable unwanted traffic.
“We also block global address space used by bad actors,” Saustrup said. “There’s known blocks of Internet out there, most of them associated with former iron curtain countries, Communist China, North Korea; you’re probably not going to North Korean websites: We can live without that piece of the Internet, so we block it off.”
Saustrup emphasized the importance of having a powerful firewall system that searches outbound and inbound Internet traffic for well-known intrusion signatures.
“When you’re surfing out, you’re being scanned by our firewall for 1,503 signatures,” Saustrup said. “It changes weekly; new signatures come down and old ones fall off. Inbound connections coming into our servers are scanned for 3,982 signatures.”
Because of the notable email issues plaguing the Alamo Colleges lately, this was a big topic of discussion for Saustrup.
“In the past 12 months, the biggest security issues we’ve had here have all been related to email; they all started with an email,” Saustrup said.
Saustrup spoke about “really authentic” phishing emails containing the Alamo Colleges logo, department names or individual names.
“Spammers are going to try to find a way to trick you into giving up your authentication information,” Saustrup said. “We have seen highly intelligent students, faculty and staff all fall victim to these tricks.”
The Alamo Colleges uses Symantec anti-virus protection software.
“We have central servers to get all the latest stuff from Symantec and push that out,” Saustrup said. “For Alamo Colleges assets, we want to get this workstation protection on them.”
Saustrup says that social engineering attacks are one of the Alamo Colleges’ biggest challenges.
“They’re acting like a Facebook alert. They’re tapping into our social behavior to get us to reveal information about ourselves — bank accounts, email accounts, you name it. These are active, very clever attempts to trick you.”
Saustrup said Alamo Colleges policy is that nobody from college or district IT, nor administration, will ever send email asking for account information.
Students can report suspicious emails to this college’s help desk at 210-486-0777 or by email at firstname.lastname@example.org.