12 min
Bill Buchanan - A Soft Target: Are Higher Education Infrastructures At Risk? ASecuritySite Podcast
-
- Technology
Blog: https://medium.com/asecuritysite-when-bob-met-alice/a-soft-target-are-higher-education-infrastructures-at-risk-4ff323fd73c5
They helped build the Internet Academia was one of the first infrastructures to build and use the Internet — in fact, they built ARPANET and which morphed into the Internet. And so, you will find that they often have privileged IP address ranges, such as for Class A or Class B. With this, when IPv4 address ranges were initially given out, universities and research organisations were granted large address spaces to allocate to their growing networks. No one, at the time, could have ever envisaged in how much the Internet has grown since then. To make things easy, nearly every computer that was allocated a public address could be connected to directly — these were routable Internet addresses. To overcome these direct connections, firewalls filtered data packets and tried to stop malicious access.
The Happy Phase of the Internet We might call this the “Happy Phase” of the Internet, where it basically interconnected trusted organisations and where there was no real concept of many people outside this trust circle having access to a computer. It was a new frontier in technological development and seemed to be a nice way to send emails between academics and researchers and to showcase their latest research work.
By a public address, we have the concept that it is possible to route data directly to a computer. As you connect to this article, you are likely to be using a non-routable IP address, which is hidden between a NAT (Network Address Translation) router. These privileged academic address spaces supported public IP address spaces for thousands or even millions of hosts — and where a Class A IP address can allow over 16 million computers to have a public IP address.
The University of California, Berkley, for example, has an IP address and subnet of 104.247.81.71/8, and where 104.0.0.0 is the network address, and where 24 bits in the address can be used for subnetworks and hosts. This means that the host part can be used to create subnetworks with an extension of the subnet field. Ultimately, a Class A address can give up to 16,777,216 publicly addressable hosts. And, so, while most organisations put their computers in private address spaces (though NAT), universities had enough IP addresses to allow many computers to be publicly addressable.
In fact, at one time, an academic’s desktop computer was likely be allocated a public address and could thus be directly contacted. And, so, as long as the computer was powered on, it could be addressable. Along with this, a log of any sites visited would leave a trace of the public IP address. In fact, it was all too common to add a DNS entry of Bob’s computer as “Bob.uni.edu”. But, this was all created in a time of little concern about cybersecurity, and it allowed academic infrastructures to grow dynamically — and under their own control.
This was all set up before any real concept of requiring cybersecurity — as the networks were often just used to interconnect networks. So while other infrastructures have closed themselves to external threats, universities — in places — can still support legacy applications and have security support which ends after the working day.
24x7 Security Operations Centre I have observed the rise of the SOC (Security Operations Centre) in the finance industry — in fact, many of our graduates go into jobs that relate to this. I’ve also toured many of the SOCs in Glasgow and Edinburgh and love to see the fusion of data from inside and outside the companies. Basically, these companies had to move from being a Monday to Friday, 9am-5pm company to looking after security 24x7.
But what about Higher Education (HE) as a sector? Well, I might be wrong, but higher education has not adopted the concept of 24x7 SOCs, and at 5 pm, many networked infrastructures hand over to support staff. There is very li
Blog: https://medium.com/asecuritysite-when-bob-met-alice/a-soft-target-are-higher-education-infrastructures-at-risk-4ff323fd73c5
They helped build the Internet Academia was one of the first infrastructures to build and use the Internet — in fact, they built ARPANET and which morphed into the Internet. And so, you will find that they often have privileged IP address ranges, such as for Class A or Class B. With this, when IPv4 address ranges were initially given out, universities and research organisations were granted large address spaces to allocate to their growing networks. No one, at the time, could have ever envisaged in how much the Internet has grown since then. To make things easy, nearly every computer that was allocated a public address could be connected to directly — these were routable Internet addresses. To overcome these direct connections, firewalls filtered data packets and tried to stop malicious access.
The Happy Phase of the Internet We might call this the “Happy Phase” of the Internet, where it basically interconnected trusted organisations and where there was no real concept of many people outside this trust circle having access to a computer. It was a new frontier in technological development and seemed to be a nice way to send emails between academics and researchers and to showcase their latest research work.
By a public address, we have the concept that it is possible to route data directly to a computer. As you connect to this article, you are likely to be using a non-routable IP address, which is hidden between a NAT (Network Address Translation) router. These privileged academic address spaces supported public IP address spaces for thousands or even millions of hosts — and where a Class A IP address can allow over 16 million computers to have a public IP address.
The University of California, Berkley, for example, has an IP address and subnet of 104.247.81.71/8, and where 104.0.0.0 is the network address, and where 24 bits in the address can be used for subnetworks and hosts. This means that the host part can be used to create subnetworks with an extension of the subnet field. Ultimately, a Class A address can give up to 16,777,216 publicly addressable hosts. And, so, while most organisations put their computers in private address spaces (though NAT), universities had enough IP addresses to allow many computers to be publicly addressable.
In fact, at one time, an academic’s desktop computer was likely be allocated a public address and could thus be directly contacted. And, so, as long as the computer was powered on, it could be addressable. Along with this, a log of any sites visited would leave a trace of the public IP address. In fact, it was all too common to add a DNS entry of Bob’s computer as “Bob.uni.edu”. But, this was all created in a time of little concern about cybersecurity, and it allowed academic infrastructures to grow dynamically — and under their own control.
This was all set up before any real concept of requiring cybersecurity — as the networks were often just used to interconnect networks. So while other infrastructures have closed themselves to external threats, universities — in places — can still support legacy applications and have security support which ends after the working day.
24x7 Security Operations Centre I have observed the rise of the SOC (Security Operations Centre) in the finance industry — in fact, many of our graduates go into jobs that relate to this. I’ve also toured many of the SOCs in Glasgow and Edinburgh and love to see the fusion of data from inside and outside the companies. Basically, these companies had to move from being a Monday to Friday, 9am-5pm company to looking after security 24x7.
But what about Higher Education (HE) as a sector? Well, I might be wrong, but higher education has not adopted the concept of 24x7 SOCs, and at 5 pm, many networked infrastructures hand over to support staff. There is very li
12 min