How IT can outsmart the intelligentsia

Francois Amigorena, CEO of IS Decisions, discusses how we can overcome those smart enough to get around security policies

The IT infrastructure is the backbone of every educational institution. From the largest university boasting over 20,000 undergraduates to the smallest college with a mere 1,000 pupils, accessing the network is as vital a part of student life as Fresher’s Week.

Every day, students up and down the country log on to upload course work, download reading material and chart their academic progress. And it is not just students that rely on the IT infrastructure. Academic staff including lecturers, PhD students and professors all use the network to store vital research, share tutorial material and review students’ work.

So, it is not a surprise that the IT infrastructure at academic institutions is a complex and multifaceted environment, with far more variation in departments than regular business.

As a result, policing this can be difficult, as can policing smart academic staff who are determined to get around security policies, particularly those in fields with advanced technology skills such as computer science, engineering or media and technology.

To manage this, most IT managers and directors, the majority of whom work in a Windows environment, use Microsoft Active Directory to authenticate and control all users. With Active Directory the IT department can assign and enforce security policies for installing and updating software and most importantly, manage user authentication.

The problem is Active Directory is not a full proof security solution. Yes, it manages passwords and confirms that the user name matches the password. But it does not stop multiple users from logging on with the same password, at the same time.

This means, for example, that a student who has mislaid their log in details can use their classmate’s password to access the network and the IT department will be none the wiser. While tech-savvy computing or engineering students and staff alike, who are a whizz at IT short cuts can easily circumvent Active Directory, to gain entry to whatever part of the network they want to.

Of course, every academic institution has policies and procedures about not sharing passwords. But what happens in reality is if there is a culture of sharing passwords or your classmate is stuck, most people will happily hand over their details. They are blissfully unaware that their actions could lead to a major security breach with sensitive and confidential information falling into the wrong hands.

The only way to stop users from sharing passwords is to clamp down on concurrent users. That way, students will think twice about sharing details, as they won’t be able to get on the system if someone else is logged in too. Preventing concurrent logins means a user can only be logged on once from any given device or terminal. By deploying a solution that actively manages concurrent users, universities and colleges can control all user access, permitting or denying logins at a certain time, location or device.

Technology such as UserLock that prevents concurrent logins, by physical location and connection time limits, also stops malicious users seamlessly using valid credentials at the same time as their legitimate owners. By only allowing students to be logged on from one device, at the same time, users won’t go around sharing their password as they wont be able to get onto the system when they need it.