170 likes | 176 Views
Explore the privacy and security issues faced by online learning environments, including student authentication, confidentiality, and data integrity. Discover effective solutions for ensuring privacy and security in online courses.
E N D
Privacy and Security Issues in Online Learning Environmentshttp://csc.colstate.edu/summers/Research/privacy-and-security-issues.ppt
Goals • Confidentiality (privacy) - limiting who can access assets of a computer system. • Integrity (authentication) - limiting who can modify assets of a computer system. • Availability (authorization) - allowing authorized users access to assets. Columbus State University
Problems • Student authentication • How do we get user ids/passwords to students? • How do we authenticate students for the first time? • How do we ensure confidentiality and privacy for our students? • How do we ensure security in an online course? • How do we help students maintain security on their personal computers / networks? Columbus State University
Solutions (authentication) • Face-to-face class – no problem (ask for picture IDs) • Blended class – also no problem (ask for picture IDs) • Online classes • Require a class meeting to distribute user ids / passwords • Require student come to campus to pick up ID/password • E-mail ids / passwords • Use a standard format with required change of password • Add biometric authentication as front-end to CMS • Use a federated ID management system (portal) • Password Policy Columbus State University
Solutions (privacy) • Face-to-face class • Nothing assumed • Blended class (online portion does not ensure privacy) • Online classes (typically NOT encrypted) • “You have zero privacy anyway. Get over it.” (Scott McNealy, CEO, Sun Microsystems, 1999). • “Privacy is the future. Get used to it.” (Marc Rotenberg, Director, Electronic Privacy Information Centre - EPIC) (Fortune, 2001). • Email • Chat rooms • Discussion Groups • File Space • Privacy Policy Columbus State University
Privacy policy • E-mail • All email between students and between student and faculty will be kept confidential • Discussion Groups • All discussions are designed to be public unless specifically indicated as private • Chat Rooms • All chat discussions are designed to be public unless specifically indicated as private • Student File Space • Student Files • Homepages • MyGrades • MyProgress • http://www.ils.unc.edu/daniel/210user/privacy.html • http://csc.colstate.edu/summers/Notes/privacy.html Columbus State University
Internet-specific privacy issues • Personal information collected during registration • Information provided by browsers • IP address • computer name • link followed to reach site • browser type • browser plug-ins • operating system • Information in cookies • SHOULD WE HAVE A PRIVACY POLICY ON CLASS WEBSITES ADDRESSING THIS? Columbus State University
Security in an online course • Problems: • Course Management Systems (e.g. WebCT) do not typically use encryption • Cookies must be enabled • Java must be enabled • Tied to portal log-in Columbus State University
Security in an online course (cont’d) • Solutions: • Limit access to online courses by authorized students only • Make sure the browser on your computer is not set to store your log-in information. • Make sure to click on Logout when finished with your session. Close the browser. Columbus State University
Solutions (security) • Apply “defense in-depth” • Run and maintain an antivirus product • Run and maintain anti-spyware software • Keep your patches up-to-date • Do not run programs of unknown origin • Disable or secure file shares • Deploy a firewall • Policy (Design sound policies) Columbus State University
Critical Microsoft Security Bulletin MS03-039 • Verify firewall configuration. • Stay up to date. Use update services from Microsoft to keep your systems up to date. • Use and keep antivirus software up-to-date. You should not let remote users or laptops connect to your network unless they have up-to-date antivirus software installed. In addition, consider using antivirus software in multiple points of your computer infrastructure, such as on edge Web proxy systems, as well as on email servers and gateways. • You should also protect your network by requiring employees to take the same three steps with home and laptop PCs they use to remotely connect to your enterprise, and by encouraging them to talk with friends and family to do the same with their PCs. (http://www.microsoft.com/protect) Columbus State University
Defending against information sabotage • Analyze your risks. • Plan for disasters. • Write and implement policies. • Install front-end security. • Install back-end security for additional protection. • Install physical security. • Protect against viruses. • Install firewalls. • Use encryption. • Use backups. http://www.star-host.com/library/secure.htm Columbus State University
Conclusions • Layered Defense • Culture of Security • Security Policy • Acceptable use statements • Password policy • Privacy policy • Training / Education • Education Columbus State University
“The most potent tool in any security arsenal isn’t a powerful firewall or a sophisticated intrusion detection system. When it comes to security, knowledge is the most effective tool…” Douglas Schweizer – The State of Network Security, Processor.com, August 22, 2003. Columbus State University
Resources • http://www.sans.org • http://www.cert.org • http://www.cerias.purdue.edu/ • http://www.linuxsecurity.com/ • http://www.linux-sec.net/ • http://www.microsoft.com/security/ • Cuckoo’s Egg – Clifford Stoll • Takedown – Tsutomu Shimomura • The Art of Deception – Kevin Mitnick Columbus State University
Bibliography • Privacy Policy Statements for WebCT - http://www.webct.com/ask_drc/forum/message?discussion=30469&topic=35986&message=35986&style=e • Privacy and online learning by Roger Gabb of Centre for Educational Development and Support, Victoria University http://ceds.vu.edu.au/conferences/elearning/slideshow/rgabbSlides.txt • http://www.webct.com/ • http://www.ecollege.com Columbus State University