Network security lax

Measures to protect university computer networks from hackers have lagged behind the growth in the use and importance of the networks, an expert has warned.

Andrew Cormack, chief security adviser for the Joint Information Systems Committee of the UK Education and Research Networking Association, said he was concerned that attitudes towards security had not changed significantly despite institutions' acute dependence on networks.

"There is a worrying lack of appreciation of how much we rely on technology and how little we do to ensure that it is protected," he said.

Ukerna is raising awareness of computer security by hosting a conference in London on Monday to discuss the issue and to convince universities and colleges that better protection is necessary, affordable and achievable.

Security could be improved without affecting the access rights of most network users, Mr Cormack said.

Poor protection has resulted in attacks on universities' systems that disabled internal and external communications and allowed outside parties to send emails advertising unsuitable products that seemed to come from the institution.

More seriously, websites had been taken over to distribute pirated software. "If you have an internet address, you could be targeted," Mr Cormack said.

In such an incident, copyright owners were increasingly likely to take legal action and claim damages, he said.

Detecting violations depended on information technology staff knowing and monitoring a network well, and failure to detect an intrusion quickly meant hackers could glean information.

The advent of wireless networks in a growing number of universities was another cause for concern. No security measures could stop a determined hacker from getting into a wireless network, Mr Cormack said. "It's a new technology, and the implications have not really been worked out yet."

Colleges were potentially in a better position than universities, as many were only just getting permanent internet connections and had less "baggage".

Home computers were not safe either, particularly as the number of high-speed, always-on net connections rose. Jisc last year warned of a "significant increase" in compromises of home-user machines, which intruders use to attack organisations, including universities.

The conference "Computer security - threats and promises" will be held on April 15 at the Royal College of Physicians in London.