ITACS students represent security vulnerabilities to Temple University and each other. Students have access to TUPortal, which contains sensitive information about the university, its procedures, professors, courses, and their own personal data. Students can also access databases and other paid services for free through their Temple accounts, which expands the vulnerability to services Temple give students access to.
In my role as a Fox Honors Peer Advisor, I have access to student records. Despite using two-factor authentication and not sharing my TU login, I still represent a potential vulnerability to the university and other students. Many Temple students view security measures as an inconvenience. Complaints about Duo Push notifications and required password changes are common, the attitude towards TUportal security is often, “What are they going to do, pay my tuition?” Also, students frequently study in public places like cafes, relying on insecure public WiFi, which compromises the security of university and student information.
ITACs students like myself represents security vulnerabilities to both Temple University and each other.
For Temple University, since all the students like myself have access to systems such as TUPortal( Which contains a lot of detailed information of ourselves and some payment and reporting systems as well), TU Terms, Canvas and not to mention the E-Mail address giving by the University. These all contains information of different departments of the university and details of people using or connecting each other with the system.
Vulnerabilities to each other, take those trending social medias as examples. I may have had a very private chat with some of my friends on the internet. They may have said something that includes confidential information of him or herself or of someone else, or we might send some pictures to each other that may contain information. All the public posts and comments we left on the internet as well potentially increase the vulnerabilities of security since everyone can see it, including the ” Bad Guys”.
ITACS students represent information security vulnerabilities to both Temple University and each other. Temple requires password changes and dual-authentication but those methods aren’t always secure especially when signing on where the network is insecure. In a transportation survey done by Temple University in 2019, 81.6% of students reported being commuters. Commuters increase information security vulnerabilities to Temple whether that’s through public Wi-Fi usage or the security of the device itself (constant movement to and from school) which often holds a lot of personal information. Students also represent information security vulnerability to each other. This can occur when students are required to work together and documents are being shared whether that’s through airdrop or email. There are also times when students might use their personal emails instead of their Temple emails which can increase security vulnerabilities. Although Temple provides many security features, there are still vulnerabilities whether that’s to Temple University or each other.
Yes, ITACS students represent information security vulnerabilities to both Temple University as an institution, and to other students.
ITACS students are humans and hence form an integral part of the information system security of Temple University. Human carelessness remains the single most common source of loss hence the carelessness of ITACS students while using Temple University resources (i.e. TU portal and Wi-Fi) creates a chance for Template University’s IT system to become vulnerable
ITACS students’ sharing of information on various social media platforms creates room for unintended disclosure of other students’ data implying vulnerabilities to each other and every other ITACS student becomes vulnerable when Temple Information security becomes vulnerable.
ITACS students pose an information security vulnerability to both Temple University and each other. ITACS students have access to Temple University’s information technology infrastructure and thus must maintain high-security alertness. For example, the ITACS student from the TU portal can access all the resources one needs as a student at Temple University thereby making the login details to the TU portal an essential information asset. This, when exposed either by accessing an unsecured website, unsecured WI-FI, negligence, or by sharing their login details with friends or family makes the TU portal vulnerable to not just Temple University but to each other. This could allow malware to be introduced to the system, potentially disrupting the smooth operation of the TU portal and causing school activities to be affected.
Both Temple University and each student will come under the risk of security vulnerability, as Temple University has provided us students with a vast level of information and access to almost every single resource.
It is very easy to find the contacts and emails of every student through mails and Canvas. While ITACS students are generally trustworthy, there’s always a risk of insider threats. A student might use their access to university systems for personal gain or malicious intent.
Even though ITACS students might be careful, some are still susceptible to social engineering attacks. Phishing emails can trick students into revealing sensitive information or downloading malware.
Both ITACS students and Temple University represent vulnerabilities to each other. As students, we have access to several Temple University systems that provide essential services to the student body and contain sensitive data. The use of these systems by us as students increases the chance of introducing malicious software or malware into Temple’s web or email servers. This can be done if a student is targeted by phishing campaigns and downloads external files that infect a student’s laptop and slows down Temple University’s network, harming the availability of key information.
On the other side of things, Temple University can represent a security vulnerability to students by virtue of the sensitive personal identifiable information (PII) the University stores. If an unlikely breach of PII was to happen, students could be harmed through the leak of this data which could be put into the hands of unwanted threat actors. Protecting this data is the responsibility of the University and several safeguards are implemented to account for this.
As students, we also have a responsibility to use Temple’s information systems appropriately and educate ourselves on potential vulnerabilities we introduce. Both the students and Temple University share the burden to minimize the vulnerabilities we represent to each other.
Yes, ITACS students represent potential information security vulnerabilities both to Temple University and to each other.
1) Students like myself can be considered as third parties who are provisioned access to Temple University digital infrastructure (TUportal, canvas, email etc) for educational purposes which is based on need-to-have principle. The inclusion/addition of a third party to an existing system always brings in added risk which might be inherent to the third party.
2) The University’s digital infrastructure contains data such as Personally Identifiable Information aka PII (faculty/students’ names, emails, phone numbers etc) confidential and internal data (course content, policies, procedures etc) which is at risk of exposure because of the students who are provisioned access. Hence, in this case, we can say that such data belonging to both the University and the students is accessible, therefore vulnerable.
3) Students logging in through their own devices (because of BYOD) might have vulnerabilities in terms of endpoint security. There is also the threat due to human error which is the most basic vulnerability. There is risk majorly in terms of data privacy and confidentiality both of which are important factors here.
Yes, ITACS students pose huge numerous security vulnerabilities to Temple University and each other.
1. Since ITACS students are connected on the same Temple Wifi network in the classroom, each device is at risk of being exposed to a threat actor in the case of a breach of Temple’s network for PII (Personally Identifiable Information) and other sensitive information secured on the device. Outdated software or unpatched security flaws on individual devices can make them more susceptible to attacks, even on a secure network.
2. Students are vulnerable to credential harvesting for their accounts on Temple University Digital Infrastructure (TuPortal, Canva, MIS Community). Once unauthorized access is gained, threat actors can harvest PII (Student/Faculty social security, bank information, course content). It can be achieved by sophisticated phishing campaigns targeting students. Furthermore, threat actors can elevate privileges to change sensitive information on the network needed for efficient operations of the university.
3. Students can be vulnerable to each other via unethical acts of attempting to hack other students’ devices for entertainment. In the process, they can make themselves more vulnerable to an external attacker and bring damage to the entire network.
ITACS students definitely pose huge security vulnerabilities to the university and each other. First of all, all Temple Students can connect to the university’s WIFI network, which can be seen as a gateway for potential beaches of important information. The access to Temple’s student infrastructure like the TUPortal and the MIS student site contains numerous personal information of high importance, with the example of TUPortal, the system contains any student or faculty’s address, phone number, email address, and many more confidential information. Students pose risks to each other as well as there may be possibilities of the unauthorized access of student’s devices, which will lead to confidential information too.
ITACS students have the ability to uncover information security vulnerabilities within Temple University and among themselves. For instance, during my ethical hacking class in the spring semester of 2023, we were granted early access to TUPortal6 to identify potential user privilege escalations. Although we were unsuccessful in our original task, we did successfully elevate our privileges on Temple’s Unix server.
To illustrate the real-world implications, it is crucial for students to secure their personal computers to prevent vulnerabilities that could be exploited to access Temple’s servers. For instance, a weak password could grant unauthorized access to a student’s account, potentially leading to phishing scams or the exposure of confidential student information.
On the other hand, the university is responsible for safeguarding sensitive information related to academic and administrative processes. Any breach of this information could result in irreparable damage. Although the university may have fewer vulnerabilities, the impact of such issues would be much more significant.
ITACS students can be the catalyst for a number of security vulnerabilities, which can effect their fellow peers and the university.
When on Temple’s campus, any device can connect to both the TUGuest wifi, as well as the TUSecure wifi (so long as they have obtained a working username and password). The TUGuest wifi is especially accessible, as it is intended to be a convenience to those visiting campus. This convenience comes at the cost of the network being less secure than TUSecure, which could put devices connected to the guest wireless at risk of being unknowingly monitored by another individual.
ITACS students also represent a vulnerability to the school, as ITACS students have access to Temple resources, and are given some security access (access to facilities). A disgruntled ITACS student could attempt to cause damage to Temple networks by scanning into a building and installing malware onto a targeted device inside of the facilities.
In addition, students may not need to have any technical skills at all to pose threats to other students information security. Through social engineering a student could gain access to another students username and password and wreak havoc by combing through the targets TUPortal, class registration, or any profiles the target may have set up using their Temple credentials. Temple has instilled a two-factor authentication through the users device to access the portal, which mitigates risk, but does not fully protect the user in all cases.
ITACS students represent information security vulnerabilities to Temple University and each other.
As ITACS students have access to Temple’s sensitive data and networks through Temple’s Wifi, Tuportal, TU email etc and if these are exploited it will lead to security breaches.
Usually students use online resources to collaborate with each other. If these resources are not secured properly , sensitive information can be leaked to unauthorized users.
ITACS students represent information security vulnerabilities to both Temple University and each other. This is because all ITACS students are part of Temple’s information system, which requires us to follow specific security protocols, such as logging in with our accounts and using multi-factor authentication. As members of the security system, we are integral to its operation.
However, we also represent vulnerabilities to Temple University. Since we understand the login processes, it is possible to identify potential weaknesses in the system. For example, one could theoretically hack into and remotely control the Duo app on a student’s device to bypass authentication, allowing unauthorized access to any student’s account. Additionally, we can easily access information about our classmates, such as names, TUIDs, and contact numbers. Logging into our own accounts also provides access to internal information, which could potentially lead to information leaks.
Sarah Maher says
ITACS students represent security vulnerabilities to Temple University and each other. Students have access to TUPortal, which contains sensitive information about the university, its procedures, professors, courses, and their own personal data. Students can also access databases and other paid services for free through their Temple accounts, which expands the vulnerability to services Temple give students access to.
In my role as a Fox Honors Peer Advisor, I have access to student records. Despite using two-factor authentication and not sharing my TU login, I still represent a potential vulnerability to the university and other students. Many Temple students view security measures as an inconvenience. Complaints about Duo Push notifications and required password changes are common, the attitude towards TUportal security is often, “What are they going to do, pay my tuition?” Also, students frequently study in public places like cafes, relying on insecure public WiFi, which compromises the security of university and student information.
Justin Chen says
ITACs students like myself represents security vulnerabilities to both Temple University and each other.
For Temple University, since all the students like myself have access to systems such as TUPortal( Which contains a lot of detailed information of ourselves and some payment and reporting systems as well), TU Terms, Canvas and not to mention the E-Mail address giving by the University. These all contains information of different departments of the university and details of people using or connecting each other with the system.
Vulnerabilities to each other, take those trending social medias as examples. I may have had a very private chat with some of my friends on the internet. They may have said something that includes confidential information of him or herself or of someone else, or we might send some pictures to each other that may contain information. All the public posts and comments we left on the internet as well potentially increase the vulnerabilities of security since everyone can see it, including the ” Bad Guys”.
Lily Li says
ITACS students represent information security vulnerabilities to both Temple University and each other. Temple requires password changes and dual-authentication but those methods aren’t always secure especially when signing on where the network is insecure. In a transportation survey done by Temple University in 2019, 81.6% of students reported being commuters. Commuters increase information security vulnerabilities to Temple whether that’s through public Wi-Fi usage or the security of the device itself (constant movement to and from school) which often holds a lot of personal information. Students also represent information security vulnerability to each other. This can occur when students are required to work together and documents are being shared whether that’s through airdrop or email. There are also times when students might use their personal emails instead of their Temple emails which can increase security vulnerabilities. Although Temple provides many security features, there are still vulnerabilities whether that’s to Temple University or each other.
Clement Tetteh Kpakpah says
Yes, ITACS students represent information security vulnerabilities to both Temple University as an institution, and to other students.
ITACS students are humans and hence form an integral part of the information system security of Temple University. Human carelessness remains the single most common source of loss hence the carelessness of ITACS students while using Temple University resources (i.e. TU portal and Wi-Fi) creates a chance for Template University’s IT system to become vulnerable
ITACS students’ sharing of information on various social media platforms creates room for unintended disclosure of other students’ data implying vulnerabilities to each other and every other ITACS student becomes vulnerable when Temple Information security becomes vulnerable.
Daniel Akoto-Bamfo says
ITACS students pose an information security vulnerability to both Temple University and each other. ITACS students have access to Temple University’s information technology infrastructure and thus must maintain high-security alertness. For example, the ITACS student from the TU portal can access all the resources one needs as a student at Temple University thereby making the login details to the TU portal an essential information asset. This, when exposed either by accessing an unsecured website, unsecured WI-FI, negligence, or by sharing their login details with friends or family makes the TU portal vulnerable to not just Temple University but to each other. This could allow malware to be introduced to the system, potentially disrupting the smooth operation of the TU portal and causing school activities to be affected.
Rohith says
Both Temple University and each student will come under the risk of security vulnerability, as Temple University has provided us students with a vast level of information and access to almost every single resource.
It is very easy to find the contacts and emails of every student through mails and Canvas. While ITACS students are generally trustworthy, there’s always a risk of insider threats. A student might use their access to university systems for personal gain or malicious intent.
Even though ITACS students might be careful, some are still susceptible to social engineering attacks. Phishing emails can trick students into revealing sensitive information or downloading malware.
Charles Lemon says
Both ITACS students and Temple University represent vulnerabilities to each other. As students, we have access to several Temple University systems that provide essential services to the student body and contain sensitive data. The use of these systems by us as students increases the chance of introducing malicious software or malware into Temple’s web or email servers. This can be done if a student is targeted by phishing campaigns and downloads external files that infect a student’s laptop and slows down Temple University’s network, harming the availability of key information.
On the other side of things, Temple University can represent a security vulnerability to students by virtue of the sensitive personal identifiable information (PII) the University stores. If an unlikely breach of PII was to happen, students could be harmed through the leak of this data which could be put into the hands of unwanted threat actors. Protecting this data is the responsibility of the University and several safeguards are implemented to account for this.
As students, we also have a responsibility to use Temple’s information systems appropriately and educate ourselves on potential vulnerabilities we introduce. Both the students and Temple University share the burden to minimize the vulnerabilities we represent to each other.
Parth Tyagi says
Yes, ITACS students represent potential information security vulnerabilities both to Temple University and to each other.
1) Students like myself can be considered as third parties who are provisioned access to Temple University digital infrastructure (TUportal, canvas, email etc) for educational purposes which is based on need-to-have principle. The inclusion/addition of a third party to an existing system always brings in added risk which might be inherent to the third party.
2) The University’s digital infrastructure contains data such as Personally Identifiable Information aka PII (faculty/students’ names, emails, phone numbers etc) confidential and internal data (course content, policies, procedures etc) which is at risk of exposure because of the students who are provisioned access. Hence, in this case, we can say that such data belonging to both the University and the students is accessible, therefore vulnerable.
3) Students logging in through their own devices (because of BYOD) might have vulnerabilities in terms of endpoint security. There is also the threat due to human error which is the most basic vulnerability. There is risk majorly in terms of data privacy and confidentiality both of which are important factors here.
Aaroush Bhanot says
Yes, ITACS students pose huge numerous security vulnerabilities to Temple University and each other.
1. Since ITACS students are connected on the same Temple Wifi network in the classroom, each device is at risk of being exposed to a threat actor in the case of a breach of Temple’s network for PII (Personally Identifiable Information) and other sensitive information secured on the device. Outdated software or unpatched security flaws on individual devices can make them more susceptible to attacks, even on a secure network.
2. Students are vulnerable to credential harvesting for their accounts on Temple University Digital Infrastructure (TuPortal, Canva, MIS Community). Once unauthorized access is gained, threat actors can harvest PII (Student/Faculty social security, bank information, course content). It can be achieved by sophisticated phishing campaigns targeting students. Furthermore, threat actors can elevate privileges to change sensitive information on the network needed for efficient operations of the university.
3. Students can be vulnerable to each other via unethical acts of attempting to hack other students’ devices for entertainment. In the process, they can make themselves more vulnerable to an external attacker and bring damage to the entire network.
Haozhe Zhang says
ITACS students definitely pose huge security vulnerabilities to the university and each other. First of all, all Temple Students can connect to the university’s WIFI network, which can be seen as a gateway for potential beaches of important information. The access to Temple’s student infrastructure like the TUPortal and the MIS student site contains numerous personal information of high importance, with the example of TUPortal, the system contains any student or faculty’s address, phone number, email address, and many more confidential information. Students pose risks to each other as well as there may be possibilities of the unauthorized access of student’s devices, which will lead to confidential information too.
Steven Lin says
ITACS students have the ability to uncover information security vulnerabilities within Temple University and among themselves. For instance, during my ethical hacking class in the spring semester of 2023, we were granted early access to TUPortal6 to identify potential user privilege escalations. Although we were unsuccessful in our original task, we did successfully elevate our privileges on Temple’s Unix server.
To illustrate the real-world implications, it is crucial for students to secure their personal computers to prevent vulnerabilities that could be exploited to access Temple’s servers. For instance, a weak password could grant unauthorized access to a student’s account, potentially leading to phishing scams or the exposure of confidential student information.
On the other hand, the university is responsible for safeguarding sensitive information related to academic and administrative processes. Any breach of this information could result in irreparable damage. Although the university may have fewer vulnerabilities, the impact of such issues would be much more significant.
Elias Johnston says
ITACS students can be the catalyst for a number of security vulnerabilities, which can effect their fellow peers and the university.
When on Temple’s campus, any device can connect to both the TUGuest wifi, as well as the TUSecure wifi (so long as they have obtained a working username and password). The TUGuest wifi is especially accessible, as it is intended to be a convenience to those visiting campus. This convenience comes at the cost of the network being less secure than TUSecure, which could put devices connected to the guest wireless at risk of being unknowingly monitored by another individual.
ITACS students also represent a vulnerability to the school, as ITACS students have access to Temple resources, and are given some security access (access to facilities). A disgruntled ITACS student could attempt to cause damage to Temple networks by scanning into a building and installing malware onto a targeted device inside of the facilities.
In addition, students may not need to have any technical skills at all to pose threats to other students information security. Through social engineering a student could gain access to another students username and password and wreak havoc by combing through the targets TUPortal, class registration, or any profiles the target may have set up using their Temple credentials. Temple has instilled a two-factor authentication through the users device to access the portal, which mitigates risk, but does not fully protect the user in all cases.
Sara Sawant says
ITACS students represent information security vulnerabilities to Temple University and each other.
As ITACS students have access to Temple’s sensitive data and networks through Temple’s Wifi, Tuportal, TU email etc and if these are exploited it will lead to security breaches.
Usually students use online resources to collaborate with each other. If these resources are not secured properly , sensitive information can be leaked to unauthorized users.
Lili Zhang says
ITACS students represent information security vulnerabilities to both Temple University and each other. This is because all ITACS students are part of Temple’s information system, which requires us to follow specific security protocols, such as logging in with our accounts and using multi-factor authentication. As members of the security system, we are integral to its operation.
However, we also represent vulnerabilities to Temple University. Since we understand the login processes, it is possible to identify potential weaknesses in the system. For example, one could theoretically hack into and remotely control the Duo app on a student’s device to bypass authentication, allowing unauthorized access to any student’s account. Additionally, we can easily access information about our classmates, such as names, TUIDs, and contact numbers. Logging into our own accounts also provides access to internal information, which could potentially lead to information leaks.