Photo credit: blogtrepreneur.com/tech
互联网上有30亿人,并不是所有人都遵纪守法. 这就是为什么保护数据和计算机网络是任何组织必不可少的组成部分的原因之一, including Boston College.
而保护数据和计算机网络的责任属于大学的所有成员, 大学的电脑保安由资讯科技署负责监督.
With nearly 50,000 devices on the Boston College network each day, the task of data and network security may seem daunting, 但负责信息技术服务的副校长迈克尔·布尔克(Michael Bourque)列举了该校迄今取得成功的两个因素:来自大学各个层面的无与伦比的支持和积极主动, not merely reactive, approach of ITS’ data security team.
“Security is one our top priorities at ITS,” said Bourque. “We get strong support in our security efforts from the trustees, the president, the executive vice president, the provost, the deans, the Academic Technology Advisory Board, the faculty and the entire BC community.
“The support is fantastic. 我们感到,我们得到的支持远比大多数其他大学的同事好.”
领导ITS安全工作的是计算机安全和政策主任David Escalante, 他也是REN-ISAC(太阳城官网与教育网络信息共享与分析中心)的主席。, a computer security incident response team for higher education.
埃斯卡兰特强调了对技术领域新出现的威胁保持警惕的重要性,同时也要意识到校园里出现的新技术, such as smart TVs and wireless smart speakers, like Amazon’s Alexa.
他每周都会从美国计算机应急准备小组收到一份关于已知软件漏洞的多页报告. 他还通过一年一度的安全训练营与同事们建立联系,他为近200名计算机安全从业人员举办了安全训练营,这些人代表着美国各地的大学以及他们在政府和商业领域的合作伙伴.
所有这些信息收集和网络都有助于埃斯卡兰特保持领先地位, 比如最近导致Equifax数据泄露的错误软件.
布尔克说:“戴夫和他的团队都是专家,对形势了如指掌,这是一个巨大的优势. They work closely with the Data Security Working Group, 代表大学各院系的保安需要.”
数据安全团队所做的大部分工作都在幕后,教职员工看不到, staff, and students.
For example, 埃斯卡兰特说,进入不列颠哥伦比亚省的“垃圾”邮件的数量是前所未有的, 并指出该大学拒绝了90%的收到的电子邮件.
“It isn’t even scanned for spam; it’s just not accepted,” said Escalante, 谁在伍兹学院的网络安全政策和治理硕士课程中任教. “然后,剩下的电子邮件在到达用户之前会经过两个不同的垃圾邮件过滤系统.”
每天,ITS都会阻止校园内的计算机访问数以万计的已知不良网站,并使用防火墙阻止1.5亿次不受欢迎的访问BC的尝试.
High on the list of current threats, according to Escalante, is credential theft – stealing a username and password combination. These credentials are vulnerable to theft through phishing schemes, which trick users into sharing their credentials, and viruses that track users’ keystrokes. In addition, if people use their BC credentials on other websites, and those sites get hacked, the hackers then have a way to access BC’s network.
To combat that threat, 它在2013年制定了一项政策,用户必须每年更改BC密码——这可能会让一些人感到恼火, Escalante acknowledged, but the policy has resulted in a more secure BC network.
“我们已经从每年强制重置数百个密码到现在只有少数几个,” he said.
Additionally, ITS has initiated multi-factor authentication (MFA), a two-step verification process for systems such as PeopleSoft HR, PeopleSoft Financials, and eventually, the virtual private network (VPN).
Other threats are malware, such as a virus that damages a computer or network, 或者勒索软件,黑客威胁要扣留数据或公开发布数据,除非他们支付赎金. These occurrences are relatively rare on campus, according to ITS, thanks to the network protections already in place.
如果埃斯卡兰特的团队在幕后参与安保工作, 由支持服务技术总监Scott Cann领导的团队在前线. Cann oversees the technology consultants and the HELP Desk, typically the first ones contacted by faculty, staff or students dealing with a possible issue. His group is also responsible for training and communications, 提高和维持大学社区对安全问题的认识和参与.
Cann和Escalante都表示,威胁形势的一个显著变化是网络钓鱼攻击越来越复杂. Instead of blasting a phishing email to a million users, hackers now will customize their attacks to as few as 10 people.
“That’s why it’s called spear phishing,” said Escalante. “They are targeting very small groups with tailored emails. And because it is such a small sample, it is hard for any security system to detect them and stop them.”
“犯罪分子正在获取目标企业的信息, 比如当一家公司宣布改变其福利提供者时, 制作更有可能被人点击的信息,” added Cann.
Escalante says a rising threat is scams. Today’s scams are no different those of the past, he says, but now technology is the instrument, 骗子欺骗来电显示系统和电子邮件,将毫无戒心的人从他们的钱中分离出来.
Last month, as part of National Cyber Security Awareness Month, ITS和伍兹学院的网络安全项目共同主办了一场座上宾的活动,埃斯卡兰特谈论了旧骗局的新花样,联邦调查局特工道格·多明介绍了联邦调查局网络调查的信息.
Because security protocols are not flawless, Escalante said, BC社区的成员应该采取一些步骤来帮助保持他们的数据和BC数据的安全.
埃斯卡兰特敦促人们在可能的情况下选择MFA,比如网上银行. 在校外访问WiFi时,即使是与BC无关的任务,也可以使用BC的VPN. 这将增加一层加密和保护,例如阻止不良网站.
The simplest and best tactic, Escalante added, 是在上网时保持怀疑态度,在回复邮件前先慢下来思考一下.
BC社区的成员如果收到可疑的电子邮件,应该联系他们的TC或将电子邮件转发到 security@pronewport.com.
—Kathleen Sullivan / University Communications