Keywords: smartcard, security, educational licensesSURFdiensten, a subsidiary of the SURF Foundation, is an intermediair between ICT-providers and Dutch (higher) education and research providing them with ICT-licenses covering a wide range of license levels like the single-copy license and the site-license. Authentication based on smartcard technology is used for access control and tailor made information. When a client requests the application server for information, the application server asks a third party, the authentication server, for authentication of the client. If the client has a valid smartcard for this authentication protocol, access is permitted to the application server which controls the application on data stored in the chip. SURFnet, also a subsidiary of the SURF Foundation, is now developing the authentication service.
Coordinating
the Swedish admission systems using the Ping-system
Peter Lundberg.
The LADOK-Unit, University of Umeå, Sweden
At EUNIS-97 we presented the Ping- system as a public interface to the Swedish University admission system using WWW-technology and smart cards" Through 1998 , we have developed and tested the system and it is currently under installation within the LADOK-consortium.
The original paper was presented with the name " Ping: an electronic interface for the Swedish universities" and is available At EUNIS-99 we present Ping as a multi-tier product which allows users an easy and secure access to a large administrative system and makes the coordination of student records from many universities possible.
Remote
Management of Computing Resources in
Academic Institutions
with Secure Shell
Timo J. Rinne
SSH Communications Security Ltd, Finland
In academic institutions, part of the less critical computer administration
is done by part time employees and students. While it is wise to restrict
some administration to the physically protected space, some administration
can be done remotely. In this paper, we outline some security problems
in computer administration and show how the SSH program can be used in
securing remote computer administration.
Security concerns in
medium-sized academic institution. An implementation at the University
of Las Palmas de Gran Canaria
Antonio Ocon-Carreras, Manuel Galan-Moreno, Mario
Marrero-Ruiz
and Enrique Rubio-Royo
CICEI - Univ. of Las Palmas de Gran Canaria, Spain
With the widespread use of Information Technologies in the universities,
it has become of most importance to guarantee the integrity and fair use
of Information Resources. The security concerns in an academic institution
are not the same than those of an ISP or a commercial enterprise. The popularity
of Internet, giving easy access to millions of people, has produced an
exponential increase in the number of security incidents in our University.
Those considerations led us to the initial deployment of a Security Plan,
which is based upon the identification of security-sensitive points and
the development of adequate standard responses to security breakage scenarios.
Finally, the deployment of a full-fledged firewall policy is under consideration,
but faces the special characteristics of an academic institution, in which
the use and availability of resources is based in the "mostly open" paradigm.
Security: Policy and
Education of Users at the Level of an Institute
F. Morris, C. Guidi-Morosini, Y. Epelboin
LMCP, UMR 7590 CNRS, Paris, France
In the present paper we will describe the policy security of the
institute and how it has been implemented using a firewall built with cheap
PC hardware and free software. We will also describe how the users were
educated and their reaction to the establishment of such a policy.