Devices owned by new students may pose a risk to campus networks
Colleges and universities are being warned to carefully check for malware on any device owned by newly enrolled students.
Jisc’s director of security, David Batho, explains:
“With educational institutions beginning a new academic year this week, student onboarding has been the priority for many organisations, and with this comes an element of risk.
“Student-owned devices may be infected with malware, which will present a risk to other devices connected to the same network unless appropriate security controls are implemented.
“In addition, accounts and remote access solutions that are provided to students to aid the education and learning journey are also at risk if they are accessed from infected devices.”
Jisc has logged several instances where one of the most common forms of malware, an information stealer, has been used to facilitate cyber attacks against the education sector.
An info stealer, as they are known, is a type of malware called a Trojan that gathers information from a system - typically login information like usernames and passwords - which it sends to another system either via email or over a network.
These credentials can be directly used by threat actors to gain unlawful access to a network or sold on the dark web for other nefarious purposes.
How to mitigate the impact of infected devices
Jisc’s security team has this advice for IT and security staff at member organisations:
- Assume device compromise when thinking about the approach to protecting key infrastructure and networks from bring-your-own devices (BYOD)
- Segment guest and student Wi-Fi networks from core networks and key infrastructure
- Implement "device isolation" controls for guest and student networks, to ensure the device can only reach out to the internet and cannot connect to other devices in this same network "zone"
- Implement port-based network access control (PNAC) and 802.1X authentication controls for LAN and WLAN connectivity. PNAC is essential for managing, monitoring and reporting on device authentications to campus regions, especially where machines are connecting to core networks and infrastructure
- Implement web content filtering and IPS/IDS network security at the gateway for guest and student networks, to help control content and protect the machines connected to these networks
- Sign up for Jisc’s Janet Network resolver service, which could prevent the Trojan from ‘dialling home’
- Provide training for students which covers topics such as password protection, the importance of multi-factor authentication, anti-virus protection and the dangers of connecting to public networks
Further information
- Any Jisc member worried about cyber security can reach out to Jisc’s computer security incident response team (CSIRT) for guidance
- Join our cyber security community for peer support, regular threat updates and exclusive access to informative events
- Check out Jisc’s Defend as one campaign, which encourages collaboration across the sector and highlights the protective cyber security services that are available as part of Jisc membership
- View Jisc’s range of practical cyber security training courses and workshops
- Join the Jisc security conference this November, bringing together a community of security and IT experts in education, research and beyond, to share advice, stories and learnings