Camera
May 15th, 2008 by cperkins
The new camera is up at camp aldrich. I has very sharp pictures. We also were able to run a polycom through the 12 miles of wireless with excellent results.
Pictures
May 15th, 2008 by cperkins
IT was able to get a new pictures web site up in time for graduation. The site allows users to easily upload and share pictures. The underlying system is a mysql database.
Student Email
May 15th, 2008 by cperkins
All students have created for them an email account at BartonCougars.org. This is a free account. Along with the account comes free document storage and online Google Docs.
Protected: Sensitive Document
June 7th, 2007 by cperkins
News
October 26th, 2006 by cperkins
For those of you who are news hounds try the news site from google and yahoo.
Trends
October 4th, 2006 by cperkins
If you are looking for information on current trends try the Google trends site.
League of Innovation
October 4th, 2006 by cperkins
I will be attending the League of Innovation in a couple of weeks. The topics I will be discussing and my take on the solutions are below. My point of view will be from the small to medium sized community college with a yearly headcount of about 12,000 students, 1000 computing devices and 100 servers.
1. What are the biggest IT security risks at community colleges specifically and in higher education generally? (Increased use of laptop/portable devices, vulnerability of wireless networks, weak security credential policies, etc.)
Lack of dedicated security personnel, lack of training in for both technology personnel and constituents, lack of funding to sustain a consistent and long term security upgrades, lack of segmenting networks to protect administrative systems from curious students, lack of understanding by staff/faculty for importance of security issues. Most of my concerns are not based on client and end user technology. Changing technology might bring some security issues to the fore front but the underlying issues remain the same. Adequate training, manpower and security technology will remain in my mind as the foremost ongoing issues.
2. What are the biggest mistakes community colleges make when it comes to security.
The biggest mistake usually starts with locking down everything to tight and then constituents start complaining and then IT gets frustrated and shuts off or bypasses security. Security needs to be implemented very carefully and very methodically. A balance must be achieved between security and usability. Another is not correctly doing enough planning and evaluation to understand the systems that have to be protected and making them a priority. Because of lack of funds and time one must stay focused on the servers containing high risk data such as social security numbers.
3. What are the biggest barriers to improving IT security?
One of the barriers is the IT department. Security involves communication with all constituents to understand their needs, get buy in on changes and promote training. Most IT departments are so busy putting out fires that they fail to develop to people skills needed to form relationships with administration and users to make security implementation successful. Finding outside security consultants that understand how to balance the needs of a community college which serves the connectivity needs of a very diverse population continues to be a struggle. Having both good security and easy Internet connectivity seem to be almost an unrealistic task. Security is an ongoing process and sometimes because no one sees when security is working well obtaining funding and ongoing support is difficult. IT needs to approach security the same as any other project and develop well thought out plans and timelines. Get buy in on the plans from all constituents and then keep them informed of the progress and needs.
4. What problems do wireless networks and a growing number of mobile users present? How do you deal with this?
At Barton we started many years ago encrypting our email, administrative system and using VPN’s. By implementing encryption from the computing device to our servers we have avoided some security issues caused by mobile users. Our belief is that we should control security as much as possible at the server level. There for we us encryptions and VPN’s for as many administrative functions as possible. This lessens the security issues at the mobile level. Educating users who have access to sensitive data as to the many reasons why they should never move the data from campus servers to mobile devices. Utilizing Microsoft terminal services also makes the convenience of server based data acceptable to users.
5. What problems do students present on campus? What about faculty? How can you overcome these challenges?
From a security standpoint at Barton we make extensive use of both open and closed vlans to control how the students can access college servers with firewalls separating all closed vlans. We use firewall QOS, cacti, snort, and ntop to monitor bandwidth use and student computing activity. The biggest issues that we deal with is students bringing onto campus virus infected computing devices which we have to deal with. At the community college level we have a responsibility to help the student repair their computing devices so they can be successful in class. When a problem device is identified we shut off the port to the room and contact the student with options on how they can repair the problem.
Faculty at our site do not always understand the reason for some security controls we have in place, but because most of them have had there home systems damaged in some way over the last few years they are becoming more understanding. As long as the networks are up and technology just works they are usually quite happy with the security safeguards we have. We have found that number one issue to a faculty is a working network.
6. What are the steps community colleges should take if they’ve just experienced a major security incident?
7. What are the steps community colleges should take to improve their IT security? How can they deal more effectively with a more complex networked environment coupled with increasing sophisticated threats?
Make sure the IT department has done the research necessary to truly understand what are the biggest security threats to their particular situation. Talk with all stake holders involved to make sure their needs and concerns are also addressed. Form relationships with other IT departments at other similar sized community colleges and learn how they are handling security. Overall make sure the IT department does not have tunnel vision and has not fully seen the complete picture. Then get a grip on the reality of short funding and then find solutions which will focus on protecting vital assets. Make sure that they are not missing some of the no extra cost solutions already built into todays switches and routers. Setting up vlans and multiple subnets to help protect users from each other. Use access control lists and if possible use open source monitoring tools to learn what’s occurring on the network. So far the solutions we have listed do not cost very much money, but do take time and expertise. If the IT department does not have the expertise in house see if they are part of a statewide consortium that might help. Before purchasing a security solution make sure you have a vendor in place that can also help. Realize that a vendor cannot understand more about your network then you do and make sure that you are the guiding force in the security selection. Find out from the vendor some similar customers who might want to share their knowledge or experience with you. Security solutions in the real world of community colleges requires collaboration from as many sources as the IT department can find. Do not try to do security on your own the people who would like to disrupt or take over your network have way more time then you do learn to find other professional who can help and advise you.
8. How can IT departments “make the case” to decision makers for more funding/better technology to improve security?
IT departments must identify someone with leadership skills and a good personality. Use that person to be the contact and presenter of issues and ideas. Do not use the fear factor, IT must learn how to be strategic to the processes of their institution and explain in a positive fashion how funding for improved security will enable all constituents to meet their goals and needs. If you have failed security projects in the past or currently failing try to fix the image damage to the IT department first before asking for more funding. Show your users that you care and how these security enhancements will serve them.
9. How can community colleges boost awareness among its key audiences - students, faculty, and administration?
At Barton we use online courses that are free and available to all constituents explaining security issues for both at the college and at home. We have IT students do presentations to the public and other students about computing issues. The IT department has a blog for communication. The IT department director goes out to regular constituent meetings and stands at the front and explains what is going on in the IT world and asks them how can IT serve them better.
Barracuda Stats
October 2nd, 2006 by cperkins
The current Barracuda spam blocker stats for the last 24 hours are below.
Blocked 2,423
Blocked with Virus 9
Quarantined 1
Allowed but tagged 26
Allowed 1,078
Cameras and Fort Riley
September 28th, 2006 by cperkins
I found out from Carol N. at Fort Riley that they cannot view the cameras. We determined that their proxy server will not allow underscores. We will update their server, but in the mean time I added a the new names below so they can access the cameras.
Spyware and virus checker
September 26th, 2006 by cperkins
For those of you who need spyware and virus checkers I recommend a couple of free ones. For spyware use spybot. For viruses use AVG.
