Universities are so tricky. If you put up too many roadblocks you wind up with official shit on completely external resources. Which makes it hard to figure out what's legitimate and what's a scam.
But make it too easy, you wind up with CNAMEs to external domains, that expire, get bought and now you have scams running on your .edu.
You just don't have the same ability to do top-down management and requirements that you do with the private sector. Individual researchers will get grants and really drive how things need to get done because they're the ones bringing money in.
Universties usually have restricted access and a userbase of people who are more intelligent than the general population. They should have much higher hope than popular social media sites that cater to the bottom of the barrel
Restricted access, yes but I'd argue intelligence, tech-savvy, and common sense aren't really the same thing.
There's two big issues I saw on a large University network (talking something like 60k users).
Issue one was account compromises. I cannot tell you how many times faculty, staff, and students would get emails that were clearly phishing and fall for it. Things like, filling out a Google Form with their username and password, despite literally every Google Form saying "never ever put your password in these things."
So then you pair this with universities offering web hosting for students and stuff, and now you've got a bunch of porn being served from your school's web servers because you've got students with no idea how email and phishing work being given university email addresses.
Issue two is their decentralized nature. You'll have some person you've never heard of pop up and say "I run a lab, can I get ailab.(university).edu to point to (university)ailab.com?"
You can try to throw up some road blocks and hassle the user about "why did you do all this and not come to IT sooner, we can host a website for your lab, we have branding guidelines you need to meet to use our domain." Then feathers start getting ruffled, jimmies get rustled, people start flexing about the grant money they pull in, deans get involved, and next thing you know, you're making a CNAME to an off-site domain that you'll never get real control over.
Then that professor or whoever leaves, that pet project of theirs goes away, that off-site domain expires, scammers buy it up and now you've got porn from off-site webservers but using your own domain.
People can be intelligent enough to push our knowledge boundaries into new frontiers, but not have enough common sense or tech-savvy to reach out to IT before setting up a website for their lab.
I have better hopes of social media sites keeping porn out because you can't have dick-measuring contests about the millions of dollars of research grants you're pulling in and get exemptions to policies. They just take the porn off and tell you no, you can't do that.
Universities are so tricky. If you put up too many roadblocks you wind up with official shit on completely external resources. Which makes it hard to figure out what's legitimate and what's a scam.
But make it too easy, you wind up with CNAMEs to external domains, that expire, get bought and now you have scams running on your .edu.
You just don't have the same ability to do top-down management and requirements that you do with the private sector. Individual researchers will get grants and really drive how things need to get done because they're the ones bringing money in.
When even trillion-dollar social media giants can't keep p** off their networks, what hope do universities have?
Universties usually have restricted access and a userbase of people who are more intelligent than the general population. They should have much higher hope than popular social media sites that cater to the bottom of the barrel
Restricted access, yes but I'd argue intelligence, tech-savvy, and common sense aren't really the same thing.
There's two big issues I saw on a large University network (talking something like 60k users).
Issue one was account compromises. I cannot tell you how many times faculty, staff, and students would get emails that were clearly phishing and fall for it. Things like, filling out a Google Form with their username and password, despite literally every Google Form saying "never ever put your password in these things."
So then you pair this with universities offering web hosting for students and stuff, and now you've got a bunch of porn being served from your school's web servers because you've got students with no idea how email and phishing work being given university email addresses.
Issue two is their decentralized nature. You'll have some person you've never heard of pop up and say "I run a lab, can I get ailab.(university).edu to point to (university)ailab.com?"
You can try to throw up some road blocks and hassle the user about "why did you do all this and not come to IT sooner, we can host a website for your lab, we have branding guidelines you need to meet to use our domain." Then feathers start getting ruffled, jimmies get rustled, people start flexing about the grant money they pull in, deans get involved, and next thing you know, you're making a CNAME to an off-site domain that you'll never get real control over.
Then that professor or whoever leaves, that pet project of theirs goes away, that off-site domain expires, scammers buy it up and now you've got porn from off-site webservers but using your own domain.
People can be intelligent enough to push our knowledge boundaries into new frontiers, but not have enough common sense or tech-savvy to reach out to IT before setting up a website for their lab.
I have better hopes of social media sites keeping porn out because you can't have dick-measuring contests about the millions of dollars of research grants you're pulling in and get exemptions to policies. They just take the porn off and tell you no, you can't do that.