Recent events, both here and elsewhere, have combined to heighten computer security concerns

Recent events, both here and elsewhere, have combined to heighten computer security concerns. Hackers at the University of Kansas and the University of Texas, for example, were able to access university databases that contained student names and other personal data, paired with Social Security numbers. This information could easily be used to forge identification papers, open bank accounts, establish cellular phone service, etc. In normal times identity theft is a serious problem. In times of international stress and war, identity theft could be even more serious if this sort of information is passed on to terrorist groups either domestic or foreign.

Therefore the university has taken actions to reduce this threat and to ensure that databases containing name/Social Security number pairs are not accessible to unauthorized users. Security measures (both hardware and software-based) have been implemented for the campus central computing services, and additional security measures are planned. Departmental and personal computers with such data should be turned off during non-business hours, as noted in a memorandum from VPAST Beth Unger last week. All of these measures will help ensure that KSU is not vulnerable to hackers, and that identity theft of KSU students, faculty and staff will be much more difficult.

Additionally, given that other sorts of media also contain name/SSN pairs, it would be prudent to eliminate these targets as well. Roster sheets and grade sheets, whether electronic or paper-based, should be secured. All unused or out-of-date data sources that contain name/SSN pairings should be expunged from computers, and paper copies should be destroyed or placed in secure locations (i.e. not on the top of your desk). CNS will be exploring possibilities for licensing and purchasing computer security software for departmental and personal computers (e.g. firewall software), but in the meantime please make every effort to keep these data secure and out of the hands of the identity thieves.

A second area of concern of IT personnel is the possibility of unprotected departmental or personal computers being used as an entry point to launch a denial-of-service attack on the University computer system. Attempts at such attacks took place during the beginning of the fall semester and shut down our email system on multiple occasions. Any computer with a live Internet connection is vulnerable to such an attack. For this reason, VPAST Unger requested in her earlier memo that such machines be shut down when not in use. Computers that need to remain turned on should be protected by a firewall.

Tim Ramsey, Coordinator for IT Security, has prepared a list of five measures that can be followed to increase the security of your desktop. These can be accessed from http://www.k-state.edu/InfoTech/security.

Thanks for your attention to this matter.

David A. Rintoul (Chair of CITAC)

Beth A. Montelone (Chair of FSCOT)