Student hackers threaten UAE faculties

The problem of UAE students trying to hack their faculty systems is forcing IT managers and security officers within the different universities in the region to consider means of combating it.

  • E-Mail
By  Colin Edwards Published  February 1, 2006

The problem of UAE students trying to hack their faculty systems is forcing IT managers and security officers within the different universities in the region to consider means of combating it. The issue of student hackers was raised at a CIO roundtable organised by Cisco Systems in Dubai. Delegates from 15 governmental, academic, industrial and commercial organisations discussed the growing incidents of internal attacks especially at universities. “Students sometimes launch attacks against their universities, just for the sake of fame, curiosity, or to test the strength of security,” says Sabri Al-Azazi, CIO, Dubai Holding, one of the roundtable delegates. “How can we solve this? Awareness is the most important thing and the key element. Strict security policies, and maybe (measures to) divert the attention of the students towards labs where they can practise security attacks instead of on the real networks.” Imad Ramadan, ITS supervisor at the Higher Colleges of Technology, Dubai Men’s College, commenting on the roundtable’s concerns, said the college itself had not suffered any intrusion attacks from students, but it was a concern. Prior to going live with its new wireless and wired networks last year, the college hired an ethical hacker to test the systems and advise on measures to comabat intrusion threats. The roundtable also looked at the possibility of setting a hacker contest to challenge students’ misdirected skills. “Maybe they’ll take this to a higher level after they graduate, becoming part of a security department. This way you are absorbing the momentum in a positive way instead of a negative way,” said Al-Azazi. Ramadan, while not a member of the roundtable, believed the key to preparing IT graduates for future employment was to create awareness of the security risks IT departments face on a daily basis. A contest might serve such a purpose, but he stressed that the college would never allow students to test the college’s systems, though they do use IT lab systems as part of its IT security syllabus. In addition to internal intrusion threats, the roundtable discussed the need to increase computer security awareness at the general tertiary level by making information security a component of the first year of a graduate course. “Maybe you need to introduce a new topic called information security in the educational area. I agree. Just to be realistic, if we just include it in every curriculum of the undergrad or bachelor degree, students will start to learn about security from the first year of college,” he says. By doing so, a graduate would be better equipped to cope with security issues, especially as an internet user, both at a personal level and at work. “The education you get in university at least should enable you to protect yourself and be aware. We’re not talking about making you an expert in information security, but at least enough to notice that a particular website is not SSL protected, for example, or it might be subject to phishing. This kind of awareness is going to become an essential part of our education system,” said Al-Asazi.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code