On Sat, Aug 28, 2004 at 11:01:07PM -0600, Andrew Jorgensen wrote: > Now this isn't just for giggles, the idea behind this system is to > make the students accountable for what they do on the network. More > especially it's to track down students with worms running on their > machines and such like. This is a good idea (Halcrow probably > doesn't think so, but I'll let him chime in for himself, his > oppinions keep us better rounded anyway)
Heh... I guess I'll take that as a compliment. :-) Okay, you've coerced me into talking. Actually, OIT is going to do whatever the heck they feel like doing, whether it's good or bad for the students, because frankly, there is only one BYU. It kind of has a monopoly in the prestigious Mormon university scene. So it's pointless to complain about it. It's not like the students are going to get dissatisfied due to the way they are treated (BYU-approved housing, bad parking whose fees subsidize buses for some inexplicable reason, secret tribunals with the Honor Code Office, lackluster efforts at censorship of Internet content, poorly planned construction that causes *pedestrian walkways* to come to a standstill between classes, BYUSA, etc.) and run out and find another prestigious Mormon university to attend. And tuition is *dirt cheap* because it is subsidized by tithing. Any private university of the caliber of BYU would easily cost 4 or 5 times as much in tuition (and BYU really should charge higher tuition, but we'll leave that for another discussion). I learned that I could only have inner peace when I simply accepted the BYU network for what it was, and then avoided using it altogether whenever possible. Trying to change the system is truly a lost cause. That said, let's do a Schneier Analysis of this authentication policy. Just for fun. :-) 1. What problem does the security measure solve? Hmmmm... it looks like we hit a snag right away. I wonder how well OIT could explain exactly what the problem is they are trying to solve with this new authentication measure. I'll take a stab at it though. By having students register before using the network, then BYU can correlate network activity with a student account. So what problem(s) does this solve? Well, I suppose this makes it slightly more difficult for perfect strangers to walk onto BYU campus and start using the campus network (they have to dupe the authentication tokens from an unwary students first, or circumvent the authentication system), which helps raise the costs for random people abusing BYU's network (they'll just move on to the next lower cost alternative, like another open hotspot). It also provides BYU with higher-integrity auditing information. A username/password is a slightly better authenticator than just a MAC address, which can be spoofed. One might imagine this as a precursor to more Draconian network policies. ``Oh, you're just a music major, so you shouldn't be needing to use SSH; we'll just block that port for you now.'' But I really don't think OIT will ever become that evil. 2. How well does the security measure solve the problem? I still have a hard time pinning down exactly what the problem is, but if it is lack of integrity of auditing records, then it helps somewhat (although, as PayPal can attest, a username/password is not the best authenticator, and heaven help the student whose credentials are stolen/guessed and account is used to download pr0n). If the problem is random non-BYU-affiliated people using BYU's network, then this is a very effective solution, mainly because of how easy it is to find an alternate connection to the Internet. Of course, most campus visitors will just borrow the account credentials of a friend to log into the network anyway, but at least that is somewhat more trustworthy than Joe Spammer running his operation from a van in the parking lot unchecked. In any case, assuming that the vast majority of the time that a user account is being used by the real user for that account, then it is easier for OIT to know with a certain degree of probability whose machine is doing what, and so things like finding who has viruses and who needs an Honor Code violation referral and what not are a little easier for them. 3. What other security problems does the measure cause? I would imagine that student accounts will be shared and/or compromised fairly regularly, and so the degree to which network abuse can be accurately tied to a student is dubious at best. Of course, the students will be held responsible for activity on their accounts, which will provide some incentive to protect the credentials and to choose strong passwords, but that only goes so far in a student body of 30,000, most with trusting dispositions. In my opinion, it would be a security failure to hold students unquestionably responsible for activity performed under their accounts. One ``cost'' of the security measure that I found here is that students will start running lazy scripts that re-authenticate every minute, loading down the authentication servers. Another security problem that stems from this is glaring potential for Denial of Service - just take down the authentication server, and you've effectively shut down the entire network because nobody can authenticate. 4. What are the costs of the security measure? The costs for the initial deployment of this system are now irrelevant, since they are ``sunk costs.'' At this point, we should only look at the marginal costs of continuing to use the system. This mainly involves running the servers, keeping the accounts up to date, and other such maintenance. The code to do all this is already written and deployed. This is the kicker, and the reason why this authentication measure even exists. *The costs are mainly born by the students themselves*, in terms of annoyance and overhead to log in all the time. If you refer to my prior statements on BYU being a monopoly on prestigious Mormon higher education and the low tuition prices, then you can see why BYU is not so concerned with inconveniencing students. Students are willing to pay the price of this annoyance, because they are paying so low tuition to begin with. In a sense, you can think of this as lowering the value of the BYU experience, which is still way too high for the tuition level. 5. Given the answers to steps two through four, is the security measure worth the costs? From BYU's perspective, absolutely! They may have something to gain, they have very little to lose, the students are already used to jumping through hoops, and they are happy to do so, to get the cheap Mormon education. Anyway, this is really just for personal edification, since BYU really has no incentive to change anything, but I thought I'd contribute to the discussion. :-) Mike
pgpqJjGLUKVQy.pgp
Description: PGP signature
____________________ BYU Unix Users Group http://uug.byu.edu/ ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
