Stephen Davis, over at Vulnerable Minds, explains the irony of insecure college networks, considering that schools like Penn State University offer a Security and Risk Analysis major. He even goes as far as saying that he “no longer feels safe using a school desktop/laptop” because of the extreme likelihood of identity theft. Maybe Stephen has a juicy bank account lying around, but I don’t think my own identity is worth much to be so paranoid about using my school’s computer. But it would still be annoying as hell if my email or bank accounts were to be compromised because of the incompetence of our school’s IT staff.
However, Stephen, you should know that getting your identity stolen at school could be a good thing. If Penn State University is at fault for an identity theft case, you can sue the school for $1 million. In that case, I would even deliberately try to set myself up to get hacked.
Anyway, Stephen outlines several observations regarding the college’s network security and even meets objections:
- The school’s LAN has no countermeasures against ARP spoofing or DNS poisoning.
- The wireless network is highly vulnerable to deauthentication attacks.
- A user can boot a school computer with a malicious network hacking program by accessing the BIOS and modifying the boot device.
All of the things that Stephen talks about are some of the points that we bring up in our project for SRA111: Introduction to Security and Risk Analysis. For this project, our group assessed the network security at the Penn State University Hazleton Campus for three separate aspects: social, physical and software. I’ll upload this project within the next few weeks after we wrap things up with the documentation and presentation.
Got Thoughts?
By all means share them, and start the conversation.
Leave Your Own Comment
You can follow any responses to this entry via its RSS comments feed.