A multilayered approach is often necessary to protect school networks.

In the Middle Ages, city planners and feudal land owners relied on a multilayered approach to keep marauders at bay: Those laying siege to a castle, for instance, first had to cross a moat, then get past an outer wall, or curtain wall. If they succeeded in breaching this outer wall, invaders faced a series of daunting obstacles in a structure called a barbican, a narrow exterior passage that led to the main castle entrance. Invaders who were lucky enough to reach this barbican were subject to attacks with heavy stones, molten lead, or boiling water dropped through “murder holes” in the ceiling of the passage.

Their methods might not be as barbaric, but information technology officials at many colleges and universities have adopted a similar strategy in securing their computer systems from attacks. The routers, firewalls, and virtual private networks (VPNs) in their arsenal are analogous to the moats, curtain walls, and barbicans of old.

“A layered approach to security is desirable, because you are protecting yourself against a failure by any layer,” says Julian Y. Koh, manager of network transport, telecommunications, and network services for Northwestern University.

“Let’s say someone was able to get through the protective measures at our border router; they would still be blocked at the firewall level,” Koh explained. “Or, if someone bypassed our border router and tried to come in through the VPN, the security measures at the VPN would stop them.”

He added: “The layered approach is a way of protecting yourself against failure by any of the components in your security model.” (Here is a glossary of network security terms.)

Network security a growing challenge

College and university officials must deal with a host of potential threats to their network environments, with new online interactivity such as peer-to-peer communication, text messaging, and social networking contributing to the problem as information is shared across devices and networks.

A campus network can have thousands of devices logging in at any given moment, and security threats abound. College students, young and—by nature—typically curious, often test the security system just to see if they can crack it. More malicious attacks also can take place as hackers attempt actions such as stealing Social Security and credit card numbers, illegally accessing the student information system to change grades or destroy proprietary school information, or hacking into the financial system to make it look like tuition has been paid when it hasn’t. Then, there are attacks launched unknowingly by users logging on to the network with their own machines that already might have been compromised by viruses and worms.

In short, every single device connected to the network—whether in a classroom, dorm room, administrative office, or off campus, as well as the smart phones and other web-enabled mobile devices that students carry around with them—is a potential entry point for a security attack.

With these developments, the chief information officers of higher-education institutions face a challenge that is perhaps greater than at any time in the past. Yet, at the same time, college and university CIOs also need to pave the way for users to access information from any location. Students and faculty want to be able to log onto the network using a variety of devices, from Macs and PCs to laptops, iPads, and smart phones. They need to be able to access the network from a variety of locations, both on and off campus. Distance learning, in particular, has made it more important than ever that students be granted access to resources from remote locations.

“Security is a wide-ranging topic,” says Troy Herrera, senior marketing manager for Juniper Networks, a company that provides network security solutions for colleges and universities. “You want to make things accessible and encourage the sharing of information, but you must protect proprietary information and research and infrastructure.”