I really have to congratulate Texas A&M for delivering a network security solution that still protects privacy (thanks to the direction of their administration that encourages non-invasive security practices). The Security Team there has built an open-source solution that effectively monitors for network instrusion and dynamically blocks (through a firewall) compromised or vulnerable computers before they can get onto the network. Their product, NetSQUID, is simply a Perl script that sits between Snort and IPTables. Computers are blocked according to the Snort rules the network administrators choose to deploy and Web requests from those computers are automatically redirected to an information page that lets the user know what’s happened, how to fix their computer, and how to get help if they need it.
This process is similar to the one we’re using at Stanford, but it’s so much better! It’s much more elegant and consistently applied across the residential network– they’ve put a server in front of every single residential hall (i.e. every single subnet) and it handles all network intrusion detection and management through one system. This is really a great example of how a university can leverage readily available, free, open-source products out there (it even runs on Linux) and significantly improve security and network health in one simple move– the only real cost to them is the initial staff time to develop the product and then the hardware that it runs on. And really, considering how much time and money improved network security and effective reaction plans can save, these are relatively small, but very worthwhile investments. Stanford lost millions in staff time from the Blaster and Welchia attacks alone last year.
And they’re still maintaining user privacy! The Texas A&M security team admits that they did not consider network management options that required desktop clients (e.g., Perfigo, BigFix, etc.) because they didn’t want to require users to have a particular piece of software on their computers. This is great since products like Perfigo’s CleanMachines and BigFix are primarily designed for corporate environments and can often return lots of properties about a computer on your network. While those types of solutions might be great for managing University-owned computers, they are not the right answer for privately owned student computers. How would you feel if Verizon or Comcast or whoever your ISP was could find out how much hard drive space you had (free or otherwise) or what version of Microsoft Office you’re running? Residential students live where they work. This is not just school to them; it is their home and it is their community. And Big Brother is not welcome!