Home page logo
/
educause logo
Educause Security Discussion Mailing List

Securing networks and computers in an academic environment.

List Archives

Jan–MarApr–JunJul–SepOct–Dec
201428430071
2013442329240262
2012674408280247
2011428358478392
2010825660728388
2009759751657702
2008596624430484
2007446520301516
2006536473507498
2005409416431349
2004495359552336
2003147163405234
200248755

Latest Posts

Re: National Cyber Security Awareness Month 2014 is just around the cornerŠ Barrett, Bruce (Jul 30)
Hi all,

I'm losing track of who I sent this to, but anyway the Community College of Rhode Island is hosting a Security
Awareness Day Oct. 30. www.ccri.edu/securityawareness. As mentioned I may already be on your list somewhere but lost
track of it.

Regards,
Bruce

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Valerie
Vogel
Sent: Wednesday, July...

National Cyber Security Awareness Month 2014 is just around the cornerŠ Valerie Vogel (Jul 30)
October is National Cyber Security Awareness Month (NCSAM) and it is coming up quickly!

Please let us know if your campus is planning any events or activities in October. We are creating a list of 2014
campus events and we’d like to include as many higher education institutions as possible in our NCSAM Resource Kit.
Feel free to share the URL or your plans with this list, or send an e-mail directly to security-council () educause
edu<...

Re: PCI - Third party vendors Bruce Curtis (Jul 29)
As several people have mentioned there may be ways to reduce the scope of the CDE. This document contains info on
how tokenization can be used to reduce scope.

https://www.pcisecuritystandards.org/documents/Tokenization_Guidelines_Info_Supplement.pdf

---
Bruce Curtis bruce.curtis () ndsu edu
Certified NetAnalyst II 701-231-8527
North Dakota State University

Submit a Proposal for EDUCAUSE Connect 2015 in San Diego by August 7 Valerie Vogel (Jul 29)
Please consider submitting a proposal for EDUCAUSE Connect: San Diego (January 28-30, 2015).
http://www.educause.edu/events/educause-connect-san-diego

The topic of information security is included under two of the 2015 Program Learning Themes: Enterprise Service
Delivery and Partnerships and Collaborations. Share your practical experience and thought leadership with others in the
higher ed community.

Proposals are due next Thursday, August 7....

Re: VPN Guidelines Julian Y Koh (Jul 29)
We have been providing “traditional” VPN services (L2TP/IPSec, Cisco IPSec, no split tunneling) since 2000 or so to any
user with valid University credentials.

We do not place any restrictions on which devices can connect to our traditional VPN - if it supports L2TP/IPSec or the
Cisco VPN client, it should work.

Re: VPN Guidelines Dexter Caldwell (Jul 29)
Same method here.

Dexter Caldwell
Dir. Systems & Networks
Information Technology Services
Furman University
3300 Poinsett Hwy
Greenville, SC 29613
email: dexter.caldwell () furman edu<mailto:dexter.caldwell () furman edu>
office: 864-294-3566
facsimile: 864-294.3001

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Tim
Faircloth
Sent: Monday, July 28, 2014 3:19 PM
To:...

Re: VPN Guidelines Tim Faircloth (Jul 28)
We allow users to VPN from home and from personal machines, but only after they've read our Remote Access Standard and
signed a VPN agreement. I'd attach copies of these documents, but I cringe at the thought of sending an attachment
(even a small one) to a list of any decent size.

/tim

VPN Guidelines Russo, Dan (Jul 28)
Hello,

I have a quick question in regards to VPN, and was hoping others would comment on how they are currently offering their
VPN services.

Do you allow all administration/faculty to remote in via home ?
Do you allow the same users use their personal PC's ?

What pros/cons have you encountered ?

Thank you for your time.

Re: Security Education Training Douglass G. Burak (Jul 28)
Good morning Kevin…We have been using Inspired eLearning for 3 or 4 years now…feedback from the end-users has been
positive and we have shown a decline in phishing attacks by the users that have taken the course(s)…They also provide
excellent technical support…thanks Doug

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kevin
Robert Hayes
Sent: Tuesday, July 22, 2014 9:56...

Re: PCI - Third party vendors Aube, Jane M. (Jul 25)
Blake,

I would agree with your conclusion. Our QSA firm has provided us with the same information as you imparted below (and
for those wondering, it is not TrustWave). It seems with V3.0 the significance of the Merchant Account holder may not
be the determining factor and more emphasis seems to be put on the components and services that could impact cardholder
data.

It will be interesting to see how different QSA firms interpret Third...

Re: PCI - Third party vendors Robert Lau (Jul 25)
When there is a breach… in addition to the negative publicity, you will lose the trust of your students, faculty and
staff because as Peter said, they bought their coffee at your university. Granted, our customers are more captive than
Target’s, but the blowback is just as painful. They will ask questions like “You knew that vendor wasn’t safe but yet
you still let us buy from them?” Deflection of responsibility, however legally...

Re: PCI - Third party vendors Blake Penn (Jul 25)
Mike,

I’m not sure that we actually disagree – when I say “compliance requirements” these are in the eyes of the PCI
Industrial Complex, not you or your lawyers, or my personal view, etc. – hence the “enforcement” blurb. Just letting
you guys know how the “system” views this issue.

Blake Penn CISSP, PCIP, MCSE, MCSD, MCDBA, QSA, ISMS Principal Auditor
Principal Consultant
t: 678.685.1277

Trustwave | SMART SECURITY ON...

Re: PCI - Third party vendors Peter Setlak (Jul 25)
Mike, good point. If you accept Visa or MC, at some point, you signed
something with someone that said you will (reasonably) comply no matter how
fine the print was.

It is always key to remember that the PCI-DSS standard extends beyond the
technology and into the land of paper... A great way for a merchant to
protect their customer's CHD is to use terminals that encrypt the data upon
swipe (or key entry) and transmits the data directly to...

Re: PCI - Third party vendors Blake Penn (Jul 25)
Mike,

General rule - Internet infrastructure itself gets a pass on the standard (that is, ISPs do not require mandatory
treatment as PCI DSS SPs) - at least so far. Probably due to the impractical nature of the alternative.

Again, talk with your QSA and/or acquirer for advice about your specific case, though.

Blake Penn CISSP, PCIP, MCSE, MCSD, MCDBA, QSA, ISMS Principal Auditor
Principal Consultant
t: 678.685.1277

Trustwave | SMART...

Re: PCI - Third party vendors David James Anderson (Jul 25)
Agreement with the legal waters bit. I’ll still add what we found in our experience so far with PCI compliance so far
in conjunction with our QSA.

We have similar operations going on with a third party operating foodservice venues within our campus buildings and
network. For our compliance status, it came down to who owned the merchant IDs. In essence, our goal is to be able to
accurately and truthfully fill out SAQ’s for all of the...

More Lists

Dozens of other network security lists are archived at SecLists.Org.


[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]