校园网络安全五步走

Greg Kovich

May 19, 2023

Zero Trust Network Access (ZTNA) cybersecurity allows academic institutions to realise important benefits across all operations.

Trust no one. Sounds ominous, right? Well, unfortunately, it’s today’s reality — at least when it comes to network security. According to experts, the only network cybersecurity strategy that can effectively counter today’s threats is one that trusts no user, 没有设备和应用程序, 不管他们在哪里——在校园里, 在云端或校外. It’s a strategy known as Zero Trust Network Access (ZTNA), and is based on the following assertions:

•网络充满敌意

•外部和内部威胁始终存在

•地点不足以决定信任

• Every device, user and network flow must be authenticated and authorised

• Policies must be dynamic and use as many data sources as possible

Tackling these issues requires a thorough approach to security. A Zero Trust Network Access (ZTNA) strategy provides comprehensive protective mechanisms to stop unauthorised users, 设备和应用程序访问网络. At ALE, we’ve identified five steps to help you develop a ZTNA cybersecurity strategy to protect your academic institution from the nefarious actors who lurk among us.

Step 1 – Monitor: Monitor the network to create an inventory of all devices and applications — authorised and unauthorised — that request or deliver information on the network and the protocols they use to do so. There are many tools available to collect information from the network and create a report that categorises devices by type, manufacturer, model, 操作系统等因素. Flow monitoring tools that identify the different application traffic flows on the network are also available.

Step 2 – Assess: 评估和验证你的库存. Start by assessing devices and applications by their type and role. This process helps identify shadow IT devices that can be eliminated to reduce the attack surface, and limit risk and mitigation measures required in response to cyberattacks.

Step 3 – Plan: Plan your approach to authentication, authorisation auditing and administration. A multidimensional plan that includes macro-segmentation and micro-segmentation is best. Macro-segmentation segregates users, devices and applications on the network. 微细分定义了这些用户如何, devices and applications are mapped to their network segment and security policies.

Step 4 – Simulate: 测试并验证步骤3中开发的方法. Use the insights to fine-tune security policies and ensure they cover all scenarios. 模拟应该包括颁发证书, configuring policies, 配置隔离场景, 模拟日志流和测试防火墙集成.

Step 5 – Enforce: 经过测试和验证后，执行安全策略, unauthorised devices are blocked from accessing the network and unexpected flows are dropped. In addition, devices can be put in quarantine and IT teams alerted to the situation.

While following these five-steps map out a path for ZTNA cybersecurity, it’s not enough on its own. Training, patch management and vigorous shadow IT management are required to ensure comprehensive security.

Successful outcomes

A secure network means faculty and students can take advantage of innovative digital technologies that improve learning opportunities and student success. For example:

•教师可以开发能够激励学生的课程, expose them to cutting-edge innovations and encourage them to participate, 无论是在教室还是远程.

•学生可以尝试新技术, 与他人和来自任何地方的教师合作, and incorporate the latest digital innovations into their assignments to showcase their potential.

With a deeper understanding of the institution’s cybersecurity status, IT teams can make better decisions about new technology strategies, such as adopting a cloud-first approach or supporting BYOD. They can also better protect and control the digital infrastructure and ensure the appropriate use of valuable network resources and bandwidth.

A trusted network foundation ensures academic institutions can remain focused on teaching and learning. 要了解更多信息，请查看我们的“重新思考教育中的网络安全" infographic or contact us today 讨论您的具体需求.

Don’t forget to check back here for my next blog focused on what you need to know, from A to Z, 全面的网络安全战略.