|
|
|
|
Security issues and the netFor FE Today 1997 There is no escape from scares about the perils of the Internet or from the responsibility it places on colleges offering access to it. There seems no escape from the scare about access to undesirable material. Younger student visitors have found things they ought not; older students including ‘Shocked of Tunbridge Wells’ have found plenty to write about too. Real are these are, the risks are broader than this.Electronic mail is mentioned less, but here is a fertile medium for another kind of harassment. Using it students have sent unpleasant messages, misled or tried to extract money from others - while innocent but clumsily worded messages have caused upset. Poison pen letters these may be but here is a convenient poison pen that can send mail anonymously and use the college e-mail address. While explaining words like ‘responsibility’ will help here, some problems are easier to deal with. Till recently, admin and curriculum computers were kept separate but now colleges are combining them into ‘Intranets’ or local editions of the Internet. Here tutorial modules, examination details, and all kinds of data can be accessed and kept up to date – sometimes from home. The downside to access is the security issue where the wrong people find confidential records or put themselves on the college payroll. Putting aside the Data Protection Act - which makes managers responsible for data security, there is the acute embarrassment of making the newspaper pages. Thankfully, years of commercial computing have developed remedies. Information such as personnel files can be read or tampered with as they travel through the system or even routed to a wrong destination. To combat this, confidential information is often encrypted or coded before sending. IT managers also use a ‘firewall’ to block or allow data access based on what is private and what is public. A firewall is software that controls where the data and users go, or otherwise ‘keep an eye’ on what they actually do. College web sites or Intranets sometimes have a feature that allows people to interact with their site. They might use a ‘script’ – a program that allows visitors to say, look up a staff database. A badly written script can be a security risk - one computer hacker fooled the script into supplying the network’s password list. A better firewall would have prevented this. Computers are ever at risk of meeting viruses - programs that can damage data. As a colleague unwittingly discovered, a virus can be sent by e-mail, and disguised as something useful – he thought he had a virus cure but it turned out to be the virus itself. Another was offered a ‘sexy’ screensaver that was in fact a password ‘sniffer’ that mailed his details to the miscreant. Anti-virus software, if kept up to date with the latest scams may guard against this. Otherwise, the advice is basic: do not take sweets from strangers. Be aware too that virus scares are as common and very disruptive. Making a network secure is like making a building secure - the weak points are identified and the risks of break-ins are assessed. Locks can be installed, but with too many locks people leave them open. Likewise, computer use can be heavily controlled, but this can lead them to leave their computers on while they are at lunch or just feel that the system can look after itself. In any case, too many locks can also lead to less curriculum uses - what is needed is a balance between people having all that they need and developing a tight system. Tips for reducing the risks
© |