Information Technology Services puts priority on information security for the 400-plus servers on the DeKalb campus and regional centers, ITS Associate Director Elizabeth Leake said.

According to the University of California-Berkeley Web site, in October 2004, the campus network was hacked into, allowing access to a database containing personal information such as the names and Social Security numbers of about 600,000 people.

NIU has never had an incident of this type, Leake said. She said NIU’s enterprise includes more than 70,000 objects that are maintained in the central directory structure. An object is a user, computer, server or printer.

“In order for a hacker to be successful, they require information,” Leake said. “The more information they get, the sooner they can exploit a system.”

It is in the best interest of the university not to publish how servers are configured, protected or distributed, she said.

But Leake said ITS makes every effort to inform professionals about the latest innovations.

NIU complies with the security requirements of internal and external auditors, Leake said.

There is an internal audit office that does periodic audits for security and other measures, said Jim Fatz, director of the Enterprise Systems Support and IT security.

He said the Illinois Auditor General’s Office also does internal and external audits every couple of years and relies on several different sources for best practices nationwide.

The servers all have up-to-date virus protection, firewalls and alerting systems as well as activity logs, which can be referred to in the event that a system is compromised, Leake said.

ITS also has a security team that makes sure ITS employees are informed so they can help educate the user community on how to best protect their own systems, Leake said.

Of the more than 400 servers, every server has multiple aspects that have been developed with security in mind, Leake said. The servers supported by ITS are managed by ITS Enterprise Systems and support staff, she said.

Most NIU servers perform innumerable functions, Leake said. Many are not supported by ITS but are managed by individual academic departments, she said.

There are hundreds of other servers that certain departments have, Fatz said. ITS oversees the security for the servers that house NIU’s enterprise information, such as student records and e-mail, Leake said. In the event of a security breach, just about any type of information could be exploited, the same as with any other business, she said.

“In spite of the best possible measures, it is still possible for any system to be compromised,” Leake said. “The best security models include detection, a timely response and incident mitigation.”