One of the most hostile places on Earth for a computer, after the open LANs of Defcon and Rubicon (although at least those two make it public that you're in for a wild ride). Every fall semester, you have several thousand new students arriving on campus with their brand new computers or older family PCs. These computers, almost always, are infected with spyware and viruses. Very few of the computers have anti-virus software or firewalls.

Among the first things that new students do is to enable file sharing and proceed to look around the campus network and see who else is sharing files. At this point, infected files are copied across the networks, in addition to viruses (such as Klez, which is aware of a writeable network share) that spread across to other computers. Despite the efforts of network admins to distribute anti-virus programs to the students, very few of them install such programs or update them.

Another software item which should be provided (but isn't) is the firewall. Your average student has little knowledge of network security or exploits, yet they run state of the art Operating Systems with known security flaws, especially Windows XP Professional. The students frequently also have no real idea of what exactly they need or have installed, and so they run webservers, just because that's what was under the default install.

College networks, in addition to cable modem IP ranges, are among the most heavily scanned regions of the internet for testing exploits, for precisely the above reasons. Furthermore, since universities are frequently stingy with the money set aside for wiring the dorms, they purchase large hubs and don't bother to secure them or set up any sort of monitoring system. This enables students to capture POP or IMAP passwords and monitor IM conversations in real time, with the aid of a packet sniffer.

The solution to the large quantity of security problems inherent in a campus network is threefold:

The first priority is cleaning up the students' computers, and this can be done by forcing the web browsers of the students' machines to a web page containing detailed instructions on updating to the latest service pack of their OS of choice and tools such as AdAware for cleaning off spyware.

The second priority is keeping the computers safe, and this requires locating or writing a simple to use (and free) firewall / Intrusion Detection System and providing extensive details on how to install and configure it.

The third priority is upgrading the network environment in the dorms, by replacing the hubs with switches, setting up a few PCs in strategic locations to monitor the network to ensure that no one is attempting to sniff the switch for passwords and conversations. This requires a considerable amount of time and money, because switches are more expensive than hubs, and there will be well over a hundred hubs that need replacing.

Although this is a very large task, it can be done, given a dedicated enough network admin team.

Log in or register to write something here or to contact authors.