网络安全：从A到Z的校园

Greg Kovich

May 25, 2023

Institutions need to adopt a ‘trust no one’ cybersecurity strategy that addresses all users, devices and applications.

很明显，网络安全是教育领域的一个巨大问题. 作为网络攻击的最具针对性的部分之一, academic institutions are on high-alert when it comes to mitigating risks and staving off bad actors.

为了提供校园所需的安全，需要采取从a到z的策略. A layered approach to network security can take advantage of key cybersecurity mechanisms. It’s essential for academic institutions to develop and maintain a balanced approach to cybersecurity. 如果安全机制过于严格, people will look for ways to work around the procedures intended to protect their devices, data and applications. They’ll just add their own unauthorised devices and applications to avoid lengthy cybersecurity checks and software updates so they can get things done faster. 这就是所谓的“影子It”,” and it can create vulnerabilities and open networks up to cybersecurity threats.

Assess your risks

在你开始制定网络安全策略之前, 你应该了解和评估你的机构今天面临的风险. As you go through the risk assessment process, keep an eye out for the following common pitfalls:

•不受IT管理的物联网设备. 这些“流氓”设备通常不遵守安全策略, 运行过时的固件，没有防病毒保护, 增加了它们被用作攻击入口的机会.

•未经授权的设备和个人设备接入网络. As mentioned previously, these “shadow IT” devices could be running any software and could already be infected with viruses and malware ready to attack the network. 

•不一致的安全策略. Inconsistencies introduce weaknesses in network protection that can be targeted by untrusted parties.

•具有静态安全分段和隐式信任的网络. 这些传统的网络安全方法允许用户, 最初受信任的设备和应用程序, to attack the network with no checks to verify they should still be trusted. They also assume cyberattacks cannot come from within, which is not the case.

Know your regulations

除了了解手头的风险, institutions need to identify and review the privacy regulations that must be met for data that travels over their network, as well as the access control lists (ACLs) and firewall policies for data that is stored in the cloud.

审查法规要求时, it’s important to consider national and international privacy regulations. For example, in the U.S., academic institutions must comply with the Family Educational Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act (HIPAA). And they must also remember that the European Union (EU) General Data Protection Regulation (GDPR) applies to all institutions whose enrolment includes students from the EU, 不管它位于哪里.

Get to zero

Academic institutions must move beyond traditional ‘moat-and-castle’ network security strategies to ‘zero trust’, 也就是说谁也不相信, 没有设备和应用程序. However, evolving to a Zero Trust Network Access (ZTNA) strategy is a journey. There isn’t a single solution that can simply be purchased and implemented. It takes time to implement a full zero trust environment across all technologies.

以下是我在文章中概述的ZTNA网络安全的五步方法 previous blog — including monitoring, assessing, planning, simulating and enforcing — allows academic institutions to realise important benefits across all aspects of their operations. While the most obvious benefits are related to preventing and detecting unauthorised network access, 还有很多教育和商业上的好处, 包括保护学生的个人信息和福利, 规避经济困难——这样的例子不胜枚举.

Granular protection

从技术角度来看, 全面的网络访问控制列表, 以及基于角色的访问控制, provide the ability to authenticate every connection and assign permissions to each user and device that accesses the network. As a result, institutions get a granular level of protection that makes it far more difficult for rogue users and devices to access network resources and data.

Using micro-segmentation to further segment user traffic within a macro- segment also enables more granular control of user and device access to reduce the risk of an attack running rampant throughout the network. With micro-segmentation, 宏段内的用户流量, such as a VLAN, 可以根据诸如一天中的时间等因素来区分吗, access location, 用户配置文件，如学生, 教师或行政人员和其他访问控制. 无论此人身在何处，都遵循相同的安全策略, allowing the institution to cast a more unified approach to cybersecurity.

Underpinned by experience

Working with a partner who can provide expert insight and guidance as well as proven cybersecurity networking solutions goes a long way to getting things right. At ALE, we’ve helped educational institutions around the world develop their cybersecurity strategies. 我们理解必须采取的步骤, and we work to provide the secure networking solutions that meet your goals.

我们是世界各地学术机构值得信赖的合作伙伴. A few examples include, 加州州立大学 in the U.S., Centro Paula Souza in Brazil, and Linköping University in Sweden, where our smart, 弹性网络解决方案提供了安全性, 高速度和高性能用户需要更安全的工作, better and faster.

Learn more about ALE 为教育机构提供安全的网络解决方案.