"In the 'real' or corporate world sure these problems exist. But that doesn't make them...something to be accepted. Loss of security begins with compromise of best practices for ease of use or efficiency. That's the only problem I can think of that technology is incapable of addressing."

I'd aggree on many comments including the above, in many cases - the problem is that the real world you (and others) describe is not the same world as in which the problem exists. Corporate world is different from academia, the article reflects on academic not corporate world.

Obviously academia varies greatly from country to country, the following is how things works _here_ that is in Denmark.

In Denmark universities are tax payed, there is no student-fee. Universities has been subject to a 1% efficiency cut in budget over the last 10 years and funding cannot be transfered from year to year. This means that funding is scarce and it is imposible to do long term planning or larger investments and IT is usually undermanned.

As a consequence upgrading everything at once is impossible. Instead upgrades start in the top and older hardware and software is then given to those lower in the hierachy.

The result is that the admins has to handle about every version of windows in existence, servers, thin clients etc. and the special software used by researchers. This is an admins nightmare - but it gets worse!

As noted in other post, the professors have little respect for anyone not with a professor title, they think it is their computer and noone should mess with it. But while working as admin I was actually told: "At whatever cost, just keep the secretaries happy" - they had the ability change the mood of the whole building.

Still, everything is within the admins responsibility and at least he can act if needed. But you quickly find the IT-admins office to be the complaints department. The reason we had so big screens were so we could hide behind them and the office would appear empty when someone passed.

Yet, it gets even worse: Students expect the ability to bring their laptop to the university for working in groups, connecting to the network and having full access. Then you have the exchangestudents and visiting professors etc.

Studends are often associated with a number of institutes so now you have personal laptops crossing administrative bounderies. Preferably access should be given through wireless coverage - why should the student have to bother? And ofcourse it is also used at home posibly with an unprotected adsl connection.

Students have a variety of needs or uses, some wants a dual or triple boot, one with win98 for gaming, win2k for studying and some experimental Linux. The windows is most likely cracked software - students are not used to pay for anything. Further whatever they have is a nice mess of patched installations of danish and english versions rendering everything even more unstable.

In other words the real world in academia IT is a mess that simply can't compare to the platonic ideal of a medium/large corp. The best an admin can do is to try keeping the problems of his desk by: Educating users to be aware and cut connection whenever someone is 0wn3d.

If you have the free technical solution that can deal with this real world and makes campus secure - please post it!

The student dorms are normally independent of the university although the university might offer a fiber connection. But the get just that: A cable through the wall. The network is usually run by the students who knows most (not necesarily better). They have the same problems as above, except that they normally work for free and have close to no budget at all.

They can't dictate any upgrades and they can't enter dormitories and install antivirus on the computer, this is private space and property. There are students who insists on using their outdated win95 because it works for writing that thesis, and they'd rather not mess with it because they fear they might loose everything, and they don't wan't to spend the money on new hardware anyway.

Further, due to the amount of wares, cracked versions of windows, filesharing etc. the admins are best at simply staying far away from any users personal computer. Knowing what's on it may make you responsible.

What you want to do is keep problems off your desk, out of sight and knowledge. And cut off anyone violates your peace of mind.

I have claimed that access is a privilege not a right - this I believe is very much so in the situation described here where access is given for free, and admins are either working of interest for free or tax paid. You waste other peoples time they should be studying or waste tax money if you mess up. I believe anyone wasting other peoples time or money should rightfully be cut off.

Cheers, Erik

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/267/28565#28565