Network
Said to Be Secure
By
Jesse Baer
In
the hustle and bustle of this year’s orientation, about 750
new Obies plugged into the campus network, host to already thousands
of other students and faculty members, receiving user names, passwords
and accounts.
With so much information at stake, one can’t help but wonder
how secure their personal computer and the information it contains
really is.
“Well, they’re very safe, extremely safe,” Director
of Oberlin’s Center for Information Technology John Bucher
said.
Completely safe? Well, more or less.
“If we implemented the tightest cyber security that is possible,
then no one could do anything,” Bucher said. “You have
to find that balance between using the system and protecting it
from unwanted guests.”
“There’s a lot of activity,” he added. “On
an average day our mail system delivers about 130,000 messages …
That doesn’t count accessing student lockers, Presto and the
other stuff. There’s a lot to watch.”
Yet hacking does not appear to be a large problem for Oberlin’s
network. “Very few times do we actually encounter someone
hacking into our systems and then we catch them,” said Bucher.
“We more often catch people who attempt hacking — that
happens a few times a year.” He added, “I can’t
say for sure [how often hacking occurs] because there are undoubtedly
times when unauthorized access to a computer goes unnoticed.”
Interpreting the data that relays this information, though, is not
always straightforward, according to Jonathan Kay, a systems administrator
in the computer science department.
“It’s one of those things that’s hard to tell,”
he said. “You always see some kind of suspicious activity
going on … It’s hard to tell without someone getting
in if there’s some benign machine scanning the network or
if it’s someone trying to get in.”
“Passwords are the number one thing — to have good quality
passwords that you change often,” Bucher said.
“It’s a good idea not to use the same password for everything,”
Salter added.
“Users should encrypt passwords when they access e-mail, telnet,
FTP, and other internet services,” Kay said.
By default, according to Kay, the software that handles these protocols
send unencrypted, or “clear text,” passwords over the
network. This is a potential security hazard. Kay has created a
web site — http://cs.oberlin.edu/ssh—explaining how
to deal with this.
All of the experts interviewed for this article agreed that users
need to take responsibility for their own security.
“It’s just like locking your car,” said Salter.
“It doesn’t mean that you’re not going to get
your car stolen — but if your car is locked it’s more
likely that someone else’s car is going to get stolen.”
“I think the most important thing is that students should
be aware that there’s something to be concerned about and
take appropriate steps,” Salter said. “[They should]
make sure they’re thinking about whether or not the precautions
are in place. If you’re typing a password into a web browser,
make sure it’s being encrypted, and so forth.”
Yet extreme cyber security measures can be more inhibiting than
helpful. Bucher said that Oberlin, for its part, has to find a compromise
between convenience and absolute security.
“We’re
challenged in this budget crunch,” Bucher continued. “We’re
going to have to be judicious I suppose. You could go out, buy the
biggest, baddest, meanest locks, put them on every door and say
we’re safe. You have to balance. How much are you paying for
security?”
Despite
such limitations, Bucher said he would give Oberlin “an above
average grade” for network security. “I think we’re
doing a good job, as good or better than most everyone else,”
he said. |