President Leath announces six-part plan to revamp network security
April 24, 2014
President Steven Leath announced a six-part plan to revamp computer security April 24 at the Board of Regents meeting.
Information technology staff discovered that hackers breached five departmental servers on campus. Though these servers contained Social Security numbers of about 29,000 students, Leath said the numbers were not accessed and there was not any student financial information in the records.
Jim Davis, vice provost for information technology and chief information officer, said the six-part plan will be a long-running project.
Part one: Identity detection software
University officials will use identity detection software to find protected information stored on different computers across campus, including servers, desktops and laptops.
An identity finder program will look for information such as Social Security numbers or credit card numbers to see if they need to be eliminated, Davis said.
The campus community and academic departments will need to install the program on their computers. The program will give them a list of what information is sensitive on their computers, Davis said.
Davis said this will come at no cost to the departments but rather out of the Information Technology Services budget.
Part two: Strong passwords
Students will soon have to change their NetID — CyMail — passwords more regularly, Davis said. Currently there is no requirement to do so, but Davis said they want to have students change their passwords every six months or so.
Davis also advised to use different passwords for different accounts.
Part three: Encrypting university-owned laptops
If someone steals an encrypted laptop, he or she would not be able to access information without a password.
“When a laptop is stolen, a person could take the hard drive out of the laptop and plug it into another system and read everything that’s on it,” Davis said. “If it’s encrypted, then they won’t be able to access or even use the [different] laptop.”
Davis said this was already a project the information technology department had been working on and tentatively expects to start at the end of the summer.
Part four: Scanning systems
Scanning on-campus networks for bugs and vulnerabilities more proactively can help detect problems before they create a big problem, Davis said.
“If your computer was part of a hacker network, you may see certain types of network traffic like messages going to and from another computer,” Davis said. “[We] can’t see the content, but the fact that they’re there … raises suspicions.”
Part five: Protecting shared information
The IT department will look at how to better protect information that’s shared around departments.
“Sometimes departments request information from central university systems, and we’re going to be looking at that to make sure it’s protected in an appropriate way when it leaves the central department,” Davis said.
Sometimes departments may need student data to carry out advising functions, Davis said, as well as to carry out the “normal course of university business.”
The information would be deleted once it isn’t needed anymore, Davis said.
Part six: Educational workshops
Educational workshops for the university community will be provided, Davis said.
“We have outstanding computer resources and a graduate program in information assurance, [also known as] computer security,” Davis said. “I’m sure we’ll see some great partnerships to help us secure information better.”
Davis said this will be a long-term process and didn’t have a set timeline.