1

The 2006 ResNet Security Survey

ResNet Applied Research Group

David FuteyKevin GuidryDecember 15, 2006

2

Introduction Background References ResNet Applied Research Group (RARG) 2006 ResNet Survey development Placing the survey results in context 2006 ResNet Security Survey overview

3

Background Continuing evaluation of security

Security Vulnerability Survey Assess readiness for Fall 2004 94 respondents

2005 ResNet Survey Security component 224 respondents

2006 Security Survey 101 respondents

4

References

RARG research http://www.resnetsymposium.org/workinggroups/research.htm

Get Connected: An Approach to ResNet Services EDUCAUSE Quarterly, No. 4, 2006 http://www.educause.edu/ir/library/pdf/eqm0643.pdf

2005 ResNet Survey Results: A Baseline Analysis EDUCAUSE Center for Applied Research, bulletin Issue 20, 2005 http://www.educause.edu/LibraryDetailPage/666?ID=ERB0520

5

ResNet Applied Research Group

History Formed August 2004 Volunteer group within ResNet organization

Present & Past (*) Members Carol Anderer, University of Delaware *Kevin Bullard, UNC-Greensboro David Futey, ResNet Applied Research Group *Jan Gerenstein, Northern Illinois University Kevin Guidry, Sewanee: University of the South Clifton Pee, Azusa Pacific University Erica Spencer, Baylor University

6

Assistance Question creation and review Pilot survey

Support received from: ResNet Listserv members Security Task Force: Effective Practices Group Internet2/SALSA-NetAuth

2006 Survey Development

7

Survey Results in Context

8

Top “Current” Challenges from 2005 ResNet Survey

0

25

50

75

100

125

150

175

200

225

Secur

ity

Copyr

ight &

P2P

Educa

tion

Bandw

idth

Wire

less

Networ

k Reg

istra

tion

& Aut

hent

icatio

n

Networ

k Equ

ipmen

t & In

frastr

uctu

re

Fundin

g

Staffin

g

Comm

unica

tion

Nonac

adem

ic ne

twor

k us

es

Question 77

9

Top “Future” Challenges from 2005 ResNet Survey

0

25

50

75

100

125

150

175

200

225

Secur

ity

Wire

less

Educa

tion

Bandw

idth

& Net

work S

peed

Networ

k Reg

istra

tion

& Aut

hent

icatio

n

Suppo

rt

Copyr

ight &

P2P

Networ

k Equ

ipmen

t & In

frastr

uctu

re

Autom

ation

Fundin

g & P

ricing

Staffin

g

Outso

urcin

g

Question 78

10

Network Registration Tools 2004 ResNet Vulnerability Survey

85% use a tool to register student computers 2005 ResNet Survey

74% use a tool to register student computers 2006 ResNet Security Survey

83% use a tool to register student computers

11

Student Machine Vulnerability Evaluation 2004 ResNet Vulnerability Survey

69% use a tool to evaluate student's computer 2005 ResNet Survey

71% use a tool to evaluate student computers 2006 ResNet Security Survey

60% use a tool to passively evaluate student computers

42% use a tool to actively evaluate student computers

12

QOS 2005 ResNet Survey

Practicing packetshaping or Quality Of Service (Y=84%)

2006 ResNet Security Survey Practicing packetshaping or Quality Of Service

(Y=86%)

13

Key Points of 2006 ResNet Security Survey

14

Who is responsible for setting and enforcing policies?

Questions 6-7 (2006)

05

101520253035404550556065707580859095

100

Setting

Enforcing

Num

ber

of r

espo

nden

ts

15

How is policy decided? A vast majority of respondents (94%) indicated that their institution blocks, filters, or otherwise restricts network services for security purposes. (Q.8, N=101) (85% in 2005 ResNet Survey)A majority of respondents, (78%) either entirely or in part, base their decision to filter, block, or restrict on published best practices from professional security groups. (Q.14, N=95)Service License Agreements and Internal IT Security Expertise were the other predominate factors, besides the published best practices, that impacted the decision to block, filter, or restrict. (Q.14a)

16

Policy enacted..

In the event of an unexpected security incident, Central IT (50%), Security (25%), and Networking (18%) had authority to request immediate action.(Q.13, N=95) Central IT (52%), Networking (18%), and Security (17%) are primarily responsible for determining what services, ports or protocols are blocked, filtered, or restricted.(Q.12, N=95)

17

What services are blocked?

Sampling from Question 9-11

Questions 9-11 looked at what services were blocked if the traffic was inbound to the ResNet network, outbound from the ResNet network, or remained internal to the ResNet Network. Please review the questions for specifics. Non-established services coming into the ResNet network are blocked (Q.9, 48%, N=90) Services with high percentages of not being blocked include FTP, Instant messaging, IRC, VoIP, IPSec, gaming, and console gaming.SMTP and Windows File and Print Sharing had high percentages of 'Always' being blocked, inbound and outbound

18

Does your institution require protective software be installed and is that software provided by

the institution?

Questions 22 & 23 (2006)

0

10

20

30

40

50

60

70

80

90

100

Anti-Virus

Anti-Spyware/Adware

Num

ber

of r

espo

nden

ts,

N=

101

19

WirelessA majority of respondents, 74%, do not allow students to install personally-owned access points. (Q.31, N=98) (60% in 2005 ResNet Survey)Wireless installations in residences are (Q.32, N=97) :

Not provided (37%) (46% in 2005 ResNet Survey) Part of overall institution wireless network (47%) Separate from institution wireless network (13%)

SSID naming convention and 802.1x were primary security measures used for institutionally managed wirelessNearly (1/5) of respondents provided no security measures

20

Let's Hear From You

Suggestions, questions, and comments can be directed to the RARG at:

resnetresearch-l@lists.uncg.edu