SECURING CAMPUS
WITH INNOVATIVE FLEXIBLE SOLUTIONS
Protecting the various systems and data records at a university is a never-ending job. Threats continue to grow daily, and attack vectors continue to change rapidly. To effectively improve the security of our data, our security team focuses on both personal awareness and training as well as technology solutions and controls.
To inform faculty, staff, and students about
the latest threats and best practices, the Security team conducted “The Biggest Phisher” competition. Many participants crafted their best phish email which was then sent to another group of participants. Awards were provided
for the trickiest phishing email as well as to the individuals who best detected phish-y emails. They also released informative quarterly Security Reports, to provide timely information on both physical and information security.
Several system-wide changes were carefully implemented to provide additional protection. In reviewing the logs of account lockout occurrences, it was determined that the source of many of these lockouts were from the IMAP email protocol. This
protocol was actively being targeted by attackers attempting to brute force guess a user’s password. We eliminated the ability to connect to SMU accounts using this protocol and immediately observed a dramatic decrease in attempted account break-ins.
OIT’s Security and Infrastructure teams worked closely to further improve the security of web traffic travelling between SMU’s academic networks and the networks available in the residential commons. It is understandable that students in the residential commons want open access to network services, streaming platforms, and gaming platforms. However, many of
these platforms can introduce a security risk. Changes were implemented to ensure continued
 18