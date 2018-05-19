On any given day, roughly 140 million connections are attempted between computers and devices on University of Wyoming campus and the outside world.
The campus firewall — UW’s first line of defense against denial of service attacks, hacking and more — permits roughly 90 million of these connections.
“What’s more important is we deny 50 million connections per day,” UW’s Chief Information Officer Robert Aylward told the UW Board of Trustees. “A lot of those connections are DDoS attacks — (Distributed) Denial of Service attacks — they’re network scans, network probes. They’re looking for vulnerabilities on our campus network.”
Aylward and Chief Risk Officer Laura Betzold briefed the board on the importance and state of cybersecurity at UW during the trustees’ meeting May 10.
“We are always under attack,” Aylward said. “We watch the behavior of our network very closely. We accept some risk. We have to do that because we’re an open environment.”
While higher value targets such as health care and financial institutions experience more attacks, Aylward said defending an institution of higher education is just as difficult, given its need to connect with the world outside campus.
“Academic openness versus security is a balancing act for us,” he said. “Academic environments are based upon the free flow of information amongst students, faculty, staff and community members.”
And all of this activity is happening across thousands of unknown devices, Aylward added.
“In the past six months, we have had 125,000 different devices connect to our network,” he said. “We don’t know what they are — a lot of them are game consoles, a lot of them are smartphones, a lot of them are tablets and then there’s the standard computers.”
Despite the challenges and uncertainty — and while remaining open to the world — the university must guard a wide range of financial and sensitive personal information, student information protected by the Family Educational Rights and Privacy Act, intellectual property, research data and more.
“That openness conflicts directly with the goals of security and locking everything down,” Aylward said. “We wouldn’t have any problems — or very few problems — if we weren’t connected to the outside world.”
The firewall helps to maintain this balance by denying connections it views as malicious, but there are more layers to UW’s information security. Aylward said UW maintains 65 network security zones — disparate networks dedicated solely for specific kinds of information. Theses zones include one for credit card information accessed through card scanners, one for game consoles and other student devices in residence halls and one for guest Wi-Fi.
“We segment our networks into very specific areas and allow certain traffic on them,” Aylward said. “These are called local area networks. The importance of that is that the traffics are not mixed.”
Protecting a university entails other difficulties as well, precluding some solutions that might work better in other industries.
“One of the big problems we have are traveling faculty and traveling students being able to get in because they travel all over the world,” he said. “So, we can’t just block Nigeria, for instance, which we would like to do … because undoubtedly, there’s somebody from the university who is in Nigeria.”
Two-factor authentication is another way of keeping information secure. Two-factor authentication usually involves combining a password with something else, such as a pin number sent to your phone upon entering the password.
By guarding information or access with two layers of security, scanning opportunistic cyber attacks are often thwarted.
“This virtually eliminates hacking,” Aylward said.
While UW uses two-factor authentication for some areas — such as the guest WiFi on campus — individuals can implement their own two-factor authentication on Google and Facebook.
Though donor information was exposed sometime in the 1990s, Aylward said, UW has never experienced a breach.
