CALIFORNIA COMPUTERS STOLEN Universities Need to Learn About Encryption | Alertsec Xpress Blog:

Universities Need to Learn About Encryption
September 5th, 2009 by David Discuss this article »

Universities have unique challenges when it comes to security – both physical and digital security. A university (or college, or community college, secondary school etc.) has almost every disadvantage when it comes to security. As we’ve discussed, while you might think that Data Loss is the Other guy’s problem – that is not the case if you are at a University.

In the physical world transient populations make crime easy because a criminal won’t stand out in the crowd. Universities are nothing if not transient in nature. Likewise, facilities open at all hours make crime easy. From dorms, to study halls to libraries – student life is a 24 by 7 event making it hard to control access.

In the digital world universities fare no better. Standard devices make security easier – not possible in a world with thousands of instructors and students. Likewise, the very nature of education requires that information be made available as often and as easily as possible.

So it comes as no surprise that today we’ll look at the California State University in Los Angeles, California in the United States which is our latest victim to computer theft. A total of 14 computers were stolen, including two desktops. If disk drive encryption had been in use, than the University would not have been required to report the theft.

The theft itself was pretty easy to perpetrate. The door to the room containing the computers had a small glass window. From the video, the window looks to be about the size of an adult’s head and situated at head level. The thief smashed through window, reached through, and unlocked the door. This event affected the more than 600 students that were enrolled into the MORE–Minority Opportunities in Research–program, as well as faculty members. Social Security numbers and addresses were part of the sensitive information saved on these computers.

Obviously, the University did not feature a high-level of physical security. However, even if your physical security is not up to speed, you can still protect the contents of your computers with the best digital security available: encryption software. In the case of whole disk encryption, every single bit and byte of the computer’s hard disk is encrypted. Only by providing the username and password will the computer even begin to boot up. This is quite different from the commonly used Windows username and password prompt, which loads up after the computer has booted up and which can be exploited easily to bypass the password prompt.

In the 1980s, at the onset of widespread computer technology, I worked my way through college as a campus security guard and got involved in helping to troubleshoot some early hacking attempts. But back thencomputers were heavy and had to be directly wired to the mainframe – so we had the advantage in tracking down the perpetrators. Today – with wireless and mobile computing the advantage goes to the thief – unless universities start to learn to use modern security tools like Alertsec’s disk drive encryption.