I just don't get it. "It" is why university IT departments persist in running networks that are wide open to the Internet, leaving individual users and departments to fend for themselves.
UConn does it. The individual schools and colleges are on their own to put up (or not) firewalls and other defenses. I know that some aggressively protect themselves with firewalls, and I know others that don't. Either through choice, lack of resources, lack of knowledge, or lack of expertise, their systems are hanging out in the breeze waiting to be attacked and compromised.
I've been helping a friend who part-times at the student newspaper of another BNU (Big Name University) in these parts. That friend is presently dealing with that BNU's "wide open" policy. One or more of my friend's charges got pwned by foreign hackers last week. BNU's IT security people helpfully sent my friend Snort logs and other traces from their IDS identifying the problem. But, the BNU -- like many others -- still leaves actually securing systems to the end-user departments.
I think this is indefensibly nuts. I've heard the arguments made by campus IT people about their campus networks being for the free and unfettered exchange of information, and that putting in firewalls would cut against that ethos. That's hogwash. In today's risk environment that stance, which was quaintly liberal in 1997, is flatly irresponsible. Firewalls can be configured (quite easily -- I do it all the time) to permit inbound traffic of selected types to selected hosts. No free exchange of information need be squashed by adding basic security at the boundary between a university network and the Internet.
That old model -- where every host was a source of information -- applied when there were only a few thousand systems on the Internet, but not now. Now 99.9% of the hosts on the 'net are PCs used solely to consume information, not provide it. That 99.9% needs protection from the crooks and vandals on the Internet, and as responsible network professionals, we need to provide it. We also need to protect them from each other. The anti-virus/anti-malware filters on my firewalls stop as much crap from leaving my network as they do coming in. I wish that our desktop anti-virus environment were perfect, but it's not. So, policing what we let out onto the Internet is part of being a responsible participant.
Which brings me back to colleges and universities with their antiquated wide-open network philosophies. You campus IT guys sure as shootin' firewall off your own servers and administrative networks. Why do you leave your end users -- the people least able to protect themselves -- out in the wilderness on their own?