Magazine HomeUniversity Relations HomeNortheastern home page
Northeastern University Alumni Magazine logo
Staff Awards Advertise Send Class Note Send Letter Update Address Back Issues Subscribe Links Search

Spring 2006 • Volume 31, No. 3

Questions and Answers

Features
The WOW Factor
Where Did All the Women Coaches Go?
Body and Soul

Departments
E Line
Questions and Answers
In the Hub
Alumni Passages
Sports
Books
Classes
First-Person
Huskiana

Director of information security and identity services
Glenn Hill

Northeastern's information-age sentinel, Glenn Hill is charged with keeping all the data pouring into, going out of, or residing somewhere within the university safe and secure. Here, he discusses his penchant for dumpster diving, some simple practices that could
help you guard your home computer, and the overall outlook for information security.

Q. What's the single biggest information-security problem at Northeastern?
A. Awareness. The challenge is to create and maintain awareness in helping to protect information.

Q. Give an example of sensitive information that can be easily mishandled.
A. The Social Security number. It is a very valuable piece of information often sought by identity thieves. We have a vast array of technical means to protect that number, but the hard reality is that it's in wide use throughout the university.

Q. What about paper records at home? Does everyone need a document shredder these days?
A. If you don't shred, your trash contains a treasure trove of information: your Social Security number, credit card numbers, the companies with which you do business, where you take vacations, when you're not at home, details about your children—where they go to school, how old they are, what their activities are. Any of this information can be misused by someone with dishonest motives.

Q. Just how widespread is this problem?
A. People go through trash outside people's homes everyday. If I were a bad guy and wanted to hurt you, the easiest way would be to go through your trash can.

At Northeastern, we routinely check public trash receptacles for sensitive information. It's called dumpster diving. We use the same techniques the bad guys use, to see what's out there. Interestingly, when I approach a dumpster—and I'm always dressed in my business attire—no one has ever asked me, "Why are you sticking your hand in there?"

Q. How has Northeastern handled the problem of spam?
A. At this time last year, over 50 percent of the daily worldwide e-mail was spam. That's a big number. So last year we implemented a program called "Spam 10-Plus"—I invented the algorithm, and worked with others in Information Services to implement it—which was designed to slash almost in half the amount of spam that arrives at the university, without inspecting its content or interfering with the flow of legitimate messages.

Q. Did it work?
A. Flawlessly. Our e-mail volume dropped 40 percent the day we turned it on. Spam complaints are down dramatically. And since most spam contains malicious code, such as viruses or worms, by deflecting spam we also avoid these attacks.

Q. What are the best ways to protect home computers?
A. It's important to have virus software, spyware protection, and a firewall on your computer. Since many sites that appeal to kids offer malicious software for download or contain viruses, you might want to save financial data only on a computer that's not used by children. Also, if there's a media report about some new virus or worm threat, take those warnings seriously. And have your computer do a virus update for a little added security.

Q. How do bad guys steal information from home computers?
A. There are people all over the world who are scanning the Internet, all day and all night, to find computers that may not be properly protected. It's called a port scan. If your computer has what's known as an "open file share," and there's no password protection on that file share, it could very well be viewed by someone you don't know.

Q. What about online-shopping sites that ask for personal information?
A. First of all, read a website's privacy policy. It should spell out how an institution is committed to assuring your privacy. Then, consider its public reputation. For instance, Amazon has a very public, valuable image that is universally recognized. They'd have a lot to lose if they didn't protect personal information. For less-known companies, look more deeply into their reputation and practices before you use them.

Q. What does the future of information security look like?
A. Statistics from the FBI indicate that in 2004 large organizations saw a decrease in the number of security incidents. Organizations and individuals are increasingly understanding why security is important, and what they can do to protect themselves. There's never 100 percent information security. We know there will always be risks. But those risks continue to be manageable.

 Feature Photo
   Glenn Hill
   Photo by Craig Bailey