Academic Freedom or Application Chaos: A Delicate Balancing Act
Today’s university students are more computer savvy than ever before, using a wide range of applications that may or may not be educational in nature. In analyzing 35 university networks around the world, Palo Alto Networks detected 589 applications that span the social, entertainment and educational spectrum. Some of the key findings are summarized below:
- Applications that are typically used to mask activities—external proxies, encrypted tunnel and remote desktop applications—were found with relative frequency. This finding is somewhat contradictory to the assumption that university networks are “open”.
- Peer-to-peer file sharing use continues to be a significant portion of university traffic. The analysis uncovered 24 P2P variants that consumed 21.7% of total bandwidth observed. Adding to the P2P management challenge is a new threat—Mariposa—that is spreading rapidly across P2P networks.
- Browser-based file sharing applications show significant usage. While not as common as P2P, these applications simplify the transfer of large files such as music or movies, possibly exposing universities unknown risks.
- Students are adept at keeping themselves entertained. A small number of applications is consuming 78% of the overall bandwidth – leaving a mere 22% for university business applications.
- Application accessibility features make visibility and control difficult. Of the 589 applications found, 356 (60%) of them can bypass a firewall using port 80, port 443 or hopping ports—which poses significant business and security risks
The breadth of applications, along with the premise that university networks are “open” puts the security team between a rock and a hard place. On one hand, they are asked to enable openness, while on the other, they are required to protect the network and the corresponding data.
