University networks are commonly viewed as open environments that can foster education and research. At the same time, this puts campus network systems at high risk and they are vulnerable to security breaches that may compromise confidential information and expose the university to losses and other risks.

Unfortunately, education networks are a breeding ground for malware infections.


Statistically speaking, university students tend to spend significantly more time on the web than average, making them prime targets for malware exploits.  These Generation Z students, as they are sometimes called, have been raised in an “online” environment where they were and are always connected and electronically available, in both their personal and educational lives.

The technical acumen that students have, combined with the breadth of applications, and the premise that university networks are “open” while meeting privacy issues, places extraordinary pressures on university security teams. It is challenging to protect the network and the corresponding data within the open environment, while students still use applications that enable them to mask their activities. So, how much vulnerability are the networks exposed to with tech-savvy Gen Z swamping university networks? And what are the patterns of bandwidth consumption like?

In analyzing 326 university networks around the world, Palo Alto Networks found a wide range of applications that span the social, entertainment and educational spectrum – which was not all that surprising!

One critical security threat that is often unique to university and college networks is related to the use of P2P software. File sharing and P2P software were designed to facilitate the exchange of music, movies, videos and other files over the internet, but malicious software like viruses, worms and Trojans are regularly distributed using these same P2P applications.

Peer-to-peer file sharing continues to be used while browser-based file sharing applications are increasing in their use. Not surprisingly, applications that are more focused on entertainment than on education were used heavily.

An unexpected finding in this analysis, though, is the relatively high usage of proxies, encrypted tunneling and remote desktop access applications. Thus, it begs the question, why use applications that can mask user activities when the university networks are supposedly “open”? Are there control efforts that drive students to use these applications?

On one hand, the high frequency of encrypted tunnel applications used shows the contradiction in the “open” environment universities say they offer. On the other hand, the high usage of applications for non-educational purposes supports the premise of network openness. Whatever the reasons, the statistics show that students are using whatever applications they want and security administrators are struggling to keep pace.

Encrypted tunnel applications: Hamatchi shows dramatic growth

There are two types of encrypted tunnel applications: those that are endorsed by the university and used for secure communications (IPSec, IKE, ESP, Secure Access) and those that are not endorsed (Hamachi, Tor, UltraSurf, Gpass). Such applications were developed with the explicit purpose of bypassing detection and are commonly used to send sensitive information, and gather sensitive information that is Wikileaks-worthy.

When compared to the previous study of university application activity, there were some significant changes in frequency for use for non-VPN related encrypted tunnel applications. Hamachi, in particular, showed a dramatic 12 fold increase of use from the 2009 report.

  • Hamachi showed a significant increase in frequency of use, appearing on 42% of the 326 university networks, a 12 fold increase from the 2009 report.
  • Use of Tor and UltraSurf remained relatively flat at 40% and 34% compared to 43% and 26% relatively speaking.
  • Gpass nearly dropped off the chart, moving from 37% frequency to a mere 4%.

Students and employees, who choose to use non-VPN related encrypted tunnel applications like Hamachi or Tor, are taking the effort to ensure privacy and evade detection with an extra step beyond tools like proxies or remote desktop control applications. Most of the encrypted tunnel applications found will require some effort to install and manage, making the fact that they are in use even more significant.

The growing adoption of Hamatchi in these university networks makes it clear that security in university networks should be even more effective in giving visibility and control in order to prevent the loss of sensitive information from employees or threats that students carelessly allow in.

Bandwidth consumption: entertainment of education?

As the cost of bandwidth continues to drop, universities are able to increase the size of their internet connection to deploy more online offerings and provide their students with an improved end-user experience. High-speed connectivity, combined with increased amounts of content that may not be educational in nature, means that university networks are saturated to the point where university business and research applications may suffer.

The analysis found that roughly 48% of the applications found (486 of 1,022), were consuming 86% of the total bandwidth observed. For comparison, the same categories within non-university networks represent 45% of the applications (489 of 1,075), but they only consumed 76% of the total. The most striking element in the bandwidth comparison is not so much the total bandwidth itself, which shows a mere 10% variance, but the significant variances at the categorical level.

  • On university networks, file sharing of all types and photo-video applications are consuming at least three times and six times the percentage of overall bandwidth consumed on non-university networks. As shown earlier, the bulk of the file sharing traffic is across a range of P2P networks. In terms of photo-video applications, YouTube, PPStream and HTTP video were the top consumers of bandwidth, indicating that there may be a valid mix of educational (some YouTube, HTTP video) and entertainment (PPStream) oriented content. Audio applications on university networks are consuming ten times the percentage of bandwidth consumed when compared to non-university networks. Not surprisingly, the top audio applications were HTTP audio and iTunes.
  • On non-university networks, internet utilities are consuming nearly double the bandwidth and encrypted tunnels are consuming nearly three times the bandwidth when compared to university networks. Examples of internet utility applications include web-browsing, a wide range of toolbars, and several Google tools. The usage of these applications in both environments indicates heavy use of the web to accomplish daily tasks.

Visibility on network traffic a necessity

The average university student is a lot more computer savvy than ever before. In order to regain visibility into what students are doing, universities need to deploy solutions that provide visibility into the applications (not ports or protocols) on the network and then control them where appropriate.

By Song Tang Yih, Vice President of Palo Alto Networks, Asia Pacific