Back-to-School Computer Security for College Students
College campuses around the country are welcoming back students over the next few weeks. Those students' parents, as they unload armfuls of gadgets and miles of power cords, will remember when the only things in a dorm room that needed outlets were the stereo and the typewriter.
That was a long time ago. Today's digital natives are enveloped in technology, said W. Greg Price, chief security and technology officer at Troy University in Troy, Ala.
College students now come to campus with a wide variety of devices, all of which are vulnerable to security threats. For that reason, Price and other college security officials want all students to make sure their computers are as secure as possible before setting foot on campus.
Cathy Hubbs, chief information security officer at American University in Washington, D.C., says the very first thing students should do is contact the campus IT help desk to see what recommendations it may have.
"At American University, for example, we have a site license for Symantec's anti-virus [software], so there is an opportunity to avoid an unnecessary expenditure and ensure that your campus support partners are able to assist you with a product they support,” Hubbs said.
There are a couple of things students can add to their computers before they arrive on campus, she said.
"At a minimum, make sure you have anti-virus and anti-spyware [software] installed [and that] your operating system firewall is turned on,” she said. "For Windows users, make sure you are set to automatically receive critical updates.
"Secunia Personal Software Inspector is another application to add to your security suite,” Hubbs added. "It is designed to alert you when you have vulnerable or out-of-date programs on your computer that could expose your PC to attack. Secunia fills in the gap that is often missed with your traditional anti-virus and anti-spyware solutions.”
Price said many universities, including Troy, require students to log onto each electronic resource attached to a campus network.
"The login process verifies the identity of the end user and submits the end user to acceptable-use policies,” Price said. "Additionally, we take seriously our role as an Internet service provider to on-campus residents. In that role, we forbid specific file-sharing applications on local devices.
"Essentially,” Price said, "we endorse baseline safe computing habits: Current, up-to-date virus/malware software, current operating-system patches and the absence of software packages that are commonly used to conduct theft of copyright-protected materials.”
Adjusting to campus computing
Once a student has moved in, there is still more he can do to improve computer security. Hubbs suggested students should have another conversation with the help desk about specific security guidelines to be followed.
While many home computer-security risks can also be found on campus, college presents even more threats. The combination of large, elaborate campus networks and the prevalence of technically adept users provide an abundance of opportunity for identity theft and compromised technology.
In fact, some college networks aren't even physical, as Wi-Fi networks blanket many campuses. And wireless devices present a number of additional security concerns, Price said.
"Students should practice common sense when connecting to wireless access points,” he explained. "Most institutions describe the presence of wireless access points; inevitably, ad-hoc devices will be deployed, attempting to thwart our wireless security initiatives; we have solutions that detect and disengage rogue wireless access points.”
Nathan Labadie, a security software engineer for Q1 Labs in Waltham, Mass., and formerly a security specialist with Wayne State University in Detroit, said that most of the wireless connections he's seen on college campuses have had open authentication.
"After connecting to the wireless network, there is usually a prompt for the student's username and password to allow them full access,” Labadie said. "Because of this, it is extremely important to ensure that secure protocols are used while connected to the wireless network.
"This includes things like HTTPS, secure IMAP, secure POP3, etc.,' he said "Sites such as Google, Facebook, Twitter, etc., typically allow you to use HTTPS encryption throughout the session: it's important to make sure these options are enabled.”
Labadie pointed out that it's also important to consider the physical security of a computer. Laptops and other portable electronic equipment — especially smartphones and tablets — tend to disappear if left unguarded. Students should make sure that all devices are password protected and that mobile devices have applications that will wipe them clean remotely if lost or stolen.
The most common security blunders students make?
"From personal experience,” Labadie said, "the top three are leaving laptops unattended, giving out passwords and leaving firewalls and anti-virus disabled. We saw many spear phishing attacks that were designed to look like help-desk emails requesting passwords, and unfortunately there's always a few students (and staff) that fall for it.”
Why should students take the extra precautions? First, for many young people, this is their first experience in managing computer security, and they may not know the steps to take.
Second, Price said, there's been an upswing in identity theft on college campuses.
"The openness of many college venues and the presence of a wealth of biographical data combine to create a rich opportunity for identity thieves,” he said.
College campuses are full of promise — and, with regard to technology, full of danger. The aggregation of knowledge, curiosity and resources can produce a hostile computing environment.
Parents and students should review university technology acceptable-usage policies and expect the best in terms of a safe, efficient environment — but prepare for the worst.