The Insecurity of Our Colleges.

One would think that in a reputable college or institution, mind you teaching security and information technology, there would be a great emphasis on security. No longer in todays Internet society are we to assume, "If you are on our LAN, you would never be malicious". What would you say if I told you I could ARP spoof, DNS poison, and own an entire college? But wait, we have IDS systems, we couldn't possibly get attacked or owned, but wait, yes you did. This "college" also does not have any countermeasures for deauthentication attacks on public wireless. But we have a VPN! Sorry, it isn't enough to stop people who are not authenticated/associated. They are using expensive Cisco AP's why not just implement deauthentication queue's? It is just an example of how lazy, or trusting (I cannot decide) these admins really are. To top everything off, these attacks can not only be untraceable, but can happen from any computer connected to the LAN. What is to stop a curious individual to booting up from a flash drive or CD of BackTrack and owning the network? Yeah, they don't want to password protect the BIOS or disable alternative boot mediums. I no longer feel safe using a school desktop/laptop, I now only trust my SSH tunnel that I immediatly connect to upon logging into one of these machines (provided my domain login credentials have not already been owned). So why not follow what they teach? How are we, as college students, supposed to learn to secure and think outside of the box for information security if we are terrified to login to our colleges workstations? I give a good old wag of the finger to our admins and beg they wake up and smell the pwnage.