Devices owned by new students may pose a risk to campus networks

Colleges and universities are being warned to carefully check for malware on any device owned by newly enrolled students.

Jisc’s director of security, David Batho, explains:

“With educational institutions beginning a new academic year this week, student onboarding has been the priority for many organisations, and with this comes an element of risk.

“Student-owned devices may be infected with malware, which will present a risk to other devices connected to the same network unless appropriate security controls are implemented.

“In addition, accounts and remote access solutions that are provided to students to aid the education and learning journey are also at risk if they are accessed from infected devices.”

Jisc has logged several instances where one of the most common forms of malware, an information stealer, has been used to facilitate cyber attacks against the education sector.

An info stealer, as they are known, is a type of malware called a Trojan that gathers information from a system - typically login information like usernames and passwords - which it sends to another system either via email or over a network.

These credentials can be directly used by threat actors to gain unlawful access to a network or sold on the dark web for other nefarious purposes.

How to mitigate the impact of infected devices

Jisc’s security team has this advice for IT and security staff at member organisations:

  • Assume device compromise when thinking about the approach to protecting key infrastructure and networks from bring-your-own devices (BYOD)
  • Segment guest and student Wi-Fi networks from core networks and key infrastructure
  • Implement "device isolation" controls for guest and student networks, to ensure the device can only reach out to the internet and cannot connect to other devices in this same network "zone"
  • Implement port-based network access control (PNAC) and 802.1X authentication controls for LAN and WLAN connectivity. PNAC is essential for managing, monitoring and reporting on device authentications to campus regions, especially where machines are connecting to core networks and infrastructure
  • Implement web content filtering and IPS/IDS network security at the gateway for guest and student networks, to help control content and protect the machines connected to these networks
  • Sign up for Jisc’s Janet Network resolver service, which could prevent the Trojan from ‘dialling home’
  • Provide training for students which covers topics such as password protection, the importance of multi-factor authentication, anti-virus protection and the dangers of connecting to public networks

Further information