This chapter continues to build on the core concepts investigated in Chapter 1, “Payload Delivery and Command and Control.” In doing so, it presents a very different environment and a very different target concept.

Universities have long been considered “soft” targets for attackers and rightly so. Very few colleges have the budget to develop and maintain a coherent security strategy. Creating a collaborative academic environment is in a sense an anathema to implementing information security at any level. Colleges can have vast sprawling networks containing many different operating systems and technologies. There is often no effective central authority for security and the overall infrastructure will have evolved over years with considerable reliance on legacy systems. The painful truth is that at some point you become too big to survive.