Securing networks and computers in an academic environment.

List Archives

Latest Posts

Re: email address as directory information Shalla, Kevin (May 21)
We have defined e-mail as part of directory information. Not doing so would have seriously hampered students'
communicating with each other. We do get FOIA requests, but we do charge for that, and they're not overwhelming.

Kevin

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of John
Forker
Sent: Friday, May 17, 2013 11:17 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject:...

UTM Firewall vs IPS appliance John Kaftan (May 20)
Hello:

We are looking at refreshing our firewalls and are wondering what others
are doing in terms of IPS. Is the UTM firewall winning over a separate IPS
appliance? What are you using and why?

I could see a few different factors when considering this decision.

1. Budget. Single appliance is likely less expensive than 2.
2. Culture. If security is a separate dept than networking perhaps it
would make more sense to have the security team...

Re: Question About Password Resets Schumacher, Adam J. (May 17)
We have two mechanisms in place. One is a two-factor online reset process. When a person activates their account,
they must provide answers to security questions as well as either an external email or cell phone number to which we
send a reset code. Once they've answered the questions and entered the code, they can set a new password.

The other mechanism is for individuals who either can't remember the answers to their questions,...

Re: Palo Alto Firewall and Sorenson VP 200 (Video Phones) Peter Setlak (May 17)
Harry,

We use PA 5050's on our edge. We do not use Sorenson video phones. However,
we did experience an issue with Jumbo Frames with a device on our network.
Are the video phones wired? Are they on 1Gb or 100Mb ports? Try 100Mb and
see if that fixes the issue. There are also settings on the FW to allow
jumbo frames (which we did not adjust as we're hesitant to change the
entire edge for one device). Otherwise, are the video phones...

Palo Alto Firewall and Sorenson VP 200 (Video Phones) Harry Zahlis (May 17)
Our District just purchased and implemented a new Palo Alto Networks firewall. We have run across an issue which has
stumped a lot of people.

Our deaf faculty and students use a device provided by Sorenson (Sorenson ntouch VP-200) for telecommunication. At
first we opened the specific ports required by the Sorenson devices but we could not place phone calls. We opened all
ports, TCP and UDP in both directions (any-any) and we still cannot...

email address as directory information John Forker (May 17)
We are deliberating over whether we should or shouldn't include student
email addresses in our list of directory information elements as allowed
by FERPA. If you institution has chosen not to include email addresses as
part of directory information, how do you control unauthorized access in a
way that doesn't stymy collaboration among students and among students and
industry representatives If your institution has chosen email...

REN-ISAC and SANS partner for highly discounted technical and awareness training; WEBCAST May 21 Doug Pearson (May 17)
SANS and REN-ISAC are partnering to bring exceptional security awareness
and technical training to the education community at substantially
discounted pricing.

An interactive webcast is scheduled for Tuesday, May 21 to explain the
program and provide opportunity for Q&A.

The special pricing is available during a purchase commitment window,
June 1 through July 31, for:

- SANS Securing The Human security awareness training,
- SANS...

Re: Question About Password Resets Valdis Kletnieks (May 16)
On Thu, 16 May 2013 11:00:00 -0500, Jim Pardonek said:

No matter what you end up doing, remember to leave a flag for "this account
may not be reset by phone/self-serve/whatever", so you can flag high-value
or high-risk accounts as "tough noogies, they have to come in with official ID".

And remember - it doesn't have to be a high-priv account. I've heard of
plenty of incidents of stalkers and ex-SO's social...

Re: Question About Password Resets David Curry (May 16)
We require everyone to provide their university identification number,
their username, and their date of birth. If the person is (or ever has
been) an employee, we also require the last four digits of their SSN/ITIN.

If the individual does not know his or her username he or she can look it
up by providing identification number and last name.

If the individual does not know his or her identification number, the
various departments (Human...

Re: Question About Password Resets David Seidl (May 16)
Jim
We use a voice recognition process - our helpdesk finds a co-worker who is known to us who we can conference in with
that person to identify them. It's not ideal, but we can almost always find someone who we do know and recognize. If
that fails - and it does at times - we don't feel as bad about making them come in with their ID in hand.
David

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV...

Re: Question About Password Resets Roger A Safian (May 16)
We have security questions and answers set when the accounts are created. I'm not a fan of them myself, but, I
recognize their usefulness in situations like this. If those fail, the user would need to contact a department chair,
program coordinator, etc. and have that person contact our help desk in order to authorize the change.

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf...

Question About Password Resets Jim Pardonek (May 16)
We've recently had some issues with our current password reset process, particularly when a faculty or staff member is
out of town and calls for a password reset. We also have an issue because our campuses are spread out geographically
which makes it difficult for someone to come in person. I apologize if this has been discussed before, but I was
wondering what other institutions are doing regarding password resets via telephone? Or do...

Job Openings - Appalachian State University - CISO and Director of Information Analytics Anthony J. Santucci (May 15)
Greetings!

We have two new positions at AppState that are currently being advertised.
Please pass this along to anyone you think might be interested in coming to
the beautiful Blue Ridge Mountains of North Carolina!

Chief Information Security Officer
http://hrs.appstate.edu/employment/epa-jobs/801

Reporting to the Associate Vice Chancellor and Chief Information Officer of
Information Technology Services, the Chief Information Security Officer...

clickable links in instant messaging programs Fowler, Becky Thurmond (May 15)
I'm trying to gauge what other institutions are doing regarding clickable links in instant messaging programs. We
currently block links that are sent through our Microsoft Lync implementation but we'd like to determine what other
peer institutions are doing.

Does your university block clickable links through technical means? Do you allow clickable links but display a pop-up
or warning message? Or do you deal with this issue...

Job: Info Sec Analyst in Salem, MA George Moore (May 14)
Greetings:
I'm hiring an Information Security Analyst (ISA) for Salem State University in Salem Massachusetts. An ideal candidate
is motivated and enthusiastic about security. The ISA is responsible for monitoring the university network for security
vulnerabilities and compromised systems. The candidate accomplishes these goals by monitoring intrusion detection
systems, performing vulnerability assessments and management of network...

More Lists

Dozens of other network security lists are archived at SecLists.Org.