OIS seeks to improve network security

By: Liz Wrobel

Posted: 3/25/05

03/25/05 - The University of Rhode Island is taking steps to enhance Internet security on campus.

"I don't trust anything over the web," Director of Networking and Telecommunications David Porter said. "I'm very careful and only go to sites I know."

However, Interim Vice Provost for Information Services Chris Wessells said, "Our servers are secure."

Wessells could not be reached for additional comment.

Porter said the wireless network provides the largest opportunity for thieves to gather private information.

Porter said the university is working to encrypt information to protect confidentiality.

Currently, the university does not encrypt all transactions made over the wireless network. However, many URI services, such as Webmail and e-Campus, utilize Secure Socket Layer encryption, commonly used by banks, to ensure the privacy of information transmitted.

However, encryption sometimes interferes with the proper functioning of other applications or the network capacity Porter said, adding the department must strike an appropriate balance.

"If you have a lot of security, you have less convenience," Porter said.

Porter said the network can presently handle 4,000 users simultaneously without providing encryption. The number is cut in half when encryption is added for all transactions.

However, there is more to security than encryption alone Information Security Architect Alan White said.

Applications such as Webmail and e-Campus are fully encrypted and there is a minimal chance that information sent through the programs could be stolen. However, applications such as Yahoo! Mail, only the login information is encrypted so usernames and passwords remain confidential but once logged in all transactions including accessing e-mail is sent in plain, readable, text.

White said when a website is encrypted, a lock icon is displayed on the bottom of the browser, and "https" instead of "http" appears as part of the URL.

Besides encryption, the university is taking a number of additional steps.

"There was no security two years ago, and Alan [White] made some incredible strides," Porter said.

Within the last couple of years, URI has created White's position, purchased a site license for McAfee anti-spyware software, and is in the process of developing a policy to block known spyware Internet addresses White said.

In addition, URI's NetReg application has been successful in detecting problems on network computers, and blocking these computers so problems do spread to the rest of the network White said. NegReg blocks about 100 students a day from the network because of infections on their computers.

Currently, the chief threat to campus computers is adware according to a document provided by White. Malicious software, designed to disrupt the normal operation of the computer, accounts for 75 percent of total infections, followed by Trojans and Worms.

Porter also described the department's future plans, including IP telephony, which would allow each student to maintain the same phone number until they graduated.

Porter also predicted that the expansion of wireless enabled devices such as personal digital assistants and advanced cell phones would utilize the university's network extensively to access university services. Porter said he is currently working to secure the resources necessary to make this a reality. Ultimately, these advances would also allow more mobility by extending communication off-campus.

In the meantime, Porter and White offered suggestions on how to keep a computer secure.

"You have to look at your computer as an extension of your own personal property," White said. "It's just like locking your house, except you're protecting your computer from intruders on the Web."

White suggested students have anti-virus and anti-spyware protection, complex passwords, and a firewall enabled. He warned students to read license agreements when installing software because they often say the computer will be monitored. Since the user agreed, the company is performing no illegal actions.

White also said pop-up advertisements, even when not browsing the Internet, browser settings changed without the user's knowledge and slow performance could indicate that a computer may be infected with spyware

He also advises students to use a Web browser that is not attached to the operating system such as Firefox, Mozilla, Opera and Netscape Navigator.

Porter, who also oversees the Office of Information Services Help Desk, urges students to utilize its services and provide feedback.

"If we don't hear back about it, we can't change it," Porter said.