In the wake of my previous post about the iPad and the inaneness of the Bates IT security policy, I've done some additional research and talked the matter over with more than a few of my peers who are likewise frustrated.

Unsurprisingly, many security experts agree that trying to do client-side authentication makes for an ineffective network security policy. In particular, the Cisco NAC that Bates uses is vulnerable to numerous exploits. At a recent Black Hat conference, for instance, some researchers demonstrated that the Cisco product could be spoofed by simply having the computer assert to the NAC that it had the right antivirus and firewall settings and gain access without a hitch, despite having no anti-virus or firewall software installed. (There are many, many more exploits, which interested parties could easily track down via a simple Google search.)

To me, this means that the client-side network authentication layer is utterly superfluous.

Given that the device effectively does nothing to keep really determined hackers off the network, it essentially just serves to inconvenience and annoy normal people. If Swedish intelligence officials decide they want to join the Bates network to wreak havoc on our course database, they'll have no problem. But Ellen T. Student will panic when she can't connect her laptop to the network to print an important paper due to an authentication malfunction, and John T. Student won't be able to share the latest video of his dog surfing in Nantucket with his cousin from his iPhone.

Not to mention, the college likely spends more than a few dollars to keep this ineffective layer in place. Of course, there's the huge cost associated with the purchase of the hardware and software. But there's also the labor cost of maintaining that hardware and software over time. Further, the college has to hire lots of employees for its technology "Help Desk," largely because no one can figure out how to install the parasitic client-side authentication software and the mandated (and equally impotent) Sophos anti-virus software.

It's almost comical. In the midst budgetary problems, the college continues to spend thousands of dollars to inconvenience people to no benefit, while my professors feel compelled to make fewer photocopies.

This doesn't really strike me as the kind of policy consistent with the very liberal values of the college, nor, as I've written in the past, does foster an open, generative computing environment. Yuck.