College invests millions to tighten digital security
Hoping to stay one step ahead of hackers and other threats to its computer network, the College's Computing Services department is investing millions of dollars in new security mechanisms to combat increased vulnerability.
Over the course of the next 12 months, Peter Kiewit Computing Services will phase in new security procedures requiring students to use a physical USB device, together with new security software, in order to access information on the Dartmouth intranet including student grades, administrative files and personal data.
Members of the Class of 2008 began using an Aladdin eToken upon issuance of their computer hardware last fall. The eToken, the size of a household key, is activated by a password that issues users a pre-encoded digital certificate authenticating access to such programs as Blackboard and BannerStudent.
In addition to the eToken, computing services has been gradually installing a new security client on campus computers. The Sygate Security Agent communicates with a central server, prohibiting malicious programs and refusing network access to computers infected with viruses. Computers infected by a worm or Trojan will be blocked from infiltrating the network, forcing users to have their devices cleaned by Kiewit technicians.
According to Brad Noblet, director of technical services for Kiewit, the security changes are part of a committed institutional effort to ensure the privacy of network users.
"We need to lock things down a little tighter," Noblet explained.
Some 2,000 PCs are already operating the Sygate client. While development is still in the works for Macintosh and Linux platforms, Computing Services has announced that all platforms will be supported by the coming Fall term.
The new security measures have been made possible by increased budget allocations within Computing Services. One million dollars in capital expenditures, supported by increased operating costs of $900,000, will ensure that Dartmouth operates the most secure IT network available, Noblet said.
The network upgrades were developed in part by Dartmouth's own computing engineers. The College's Public Key Infrastructure lab, a joint venture between Kiewit and the Computer Science department, opened in 2001 with funding from a Mellon Foundation grant. Since then it has been developing access control solutions in academic computing for universities across the country. According to Noblet, PKI was a natural fit for Dartmouth's network security needs.
Despite heavy investments in security in both past and present, the College's network access remains open to any user with a LAN connection or wireless signal. Those access privileges will not change with the planned augmentation, but will frustrate the efforts of hackers attempting to infiltrate sensitive student and staff files.
Dartmouth has approximately 10,000 computer network users, which requires roughly 20,000 active IP addresses for access. The challenge for Computing Services has been maintaining this level of access for its users while making that access increasingly insulated from external tampering.
In recent months the Student Assembly has faced computer security issues of its own. Before the close of Spring term, Computing Services approached Assembly leaders after learning that its software allowing advertising on campus blitz terminals provided the ability to view screen shots of those terminals, thus threatening the privacy of blitz terminal users as they read and composed messages.
SA summer chairman Christopher Bertrand '07 was a co-sponsor of the legislation that introduced the new blitz terminals and is working with Computing Services to remedy the security threat. Bertrand said that the Assembly decided to suspend the program until a compromise was brokered among SA, Computing Services and the Office of the General Counsel. That agreement, he added, would ensure the confidence of terminal users.
"SA respects the privacy of students, and we see that as the primary goal," Bertrand said. "It's our hope that we can reach an agreement that allows us to continue to manage the terminals as they once were while at the same time ensuring secure BlitzMail access."
Issues of computer security that often worry students concern the text of messages transmitted across the network through BlitzMail. According to Noblet, while message transmissions are encrypted over the network, they remain on Dartmouth servers for a period of 17 to 21 days after being sent. Noblet confirmed that a technician could hypothetically infiltrate that information.
"System administrators have access to those machines and could maliciously get in," Noblet explained. "By policy, we don't invade the privacy of [BlitzMail] users."
Noblet added that the only instance in which the College would be compelled to access message texts is by a court subpoena.
When asked if he would confirm rumors that certain keywords trigger alerts to system administrators that are then referred to relevant deans or judicial affairs personnel, Noblet denied such a mechanism existed.
"That's funny," he said. "I've never heard that one before."