North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Stanford Hack Exposes 10,000
This isn't meant to be a bashing session on universities and other educational systems, just an observation. I would think, and I may be wrong, that a educational network would be subject to - stakeholders (students, faculty, alumni) that turn over quickly, calendar-tied fluctuations in activity, and a user base that tends to be more liberal and risk-tolerant than a typical end user network. I would think that these traits would work against the accumulation of tested operational techniques, appreciation of the time and cost of a reliable service, and stiff enough penalties for anti-cyber-social behavior. Also working against this is the availability of time (like between semesters) when major upgrades can be done, because in the rush to do so sound techniques can be over looked.Yes, that seems obvious, but it doesn't happen. Considering the sort of free wheeling environment prevalent in University networks, you would think they would be a bastion of high security. Sadly, this isn't the case.
I don't mean to cast dispersions on educational campus IT functions. There is a lot of good security research and energy available in those environment. I'm just saying the environment is harsher than for other end users. No - I'm not leading up to a suggestion to quarantine them from the rest of the Internet.
Stories like this just serve as the example headlines of why any organization ought to take preventative measures when it comes to this kind of data. Hopefully, whatever vulnerabilities that were exploited will be patched, even if there is no public disclosure. (Word will get around when it needs to.)
PS - I was more surprised by the case of identity data that was lost when a laptop was stolen. Why was something so valuable left in such a mobile form?
An example of following bad practices. Is the solution "more consultants?" ;)
Edward Lewis +1-571-434-5468
If you knew what I was thinking, you'd understand what I was saying.