Home page logo
educause logo
Educause Security Discussion Mailing List

Securing networks and computers in an academic environment.

List Archives


Latest Posts

Re: Firewall Vendors Bob Williamson (Oct 30)
We are a small K-12 boarding school and am a big fan of our Palo Alto. I realize we use it differently than colleges,
but I really have enjoyed it. Our primary usage is blocking content and time by age, student, prefect etc. Primarily
OS/x, IPad, and BYOD.

Here is a case study that we did with them, at my request: Case

Bob Williamson
Network Administrator...

Re: Response to phishing e-mails Paul Chauvet (Oct 30)
Hi Nick,

I appreciate the response. Our remaining phishing issues are extremely rare compared to what we once had. It used to be
5-6 people a month falling for phishing scams, now its down to not that many in 2014 all together. Our training program
has led to a large drop in malware issues on client PCs as well.

Aside from two-factor (which we will have eventually), we already have in place many of the features you've had. I...

Re: Firewall Vendors Roger A Safian (Oct 30)
We use Palo Alto. Not sure what you are using the packetshaper for, but, the PA may also be able to help there. We do
use the Palo Alto to block applications, and it's successful, but, not 100%.

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kubb,
Sent: Wednesday, October 29, 2014 4:55 PM
Subject: [SECURITY] Firewall Vendors...

Re: Firewall Vendors King, Ronald A. (Oct 30)
They offered training, but, it was in DC (four hours away) so not prudent. We have been using the WebUI as our primary
management interface without issue. I’d be curious to know what issues are being experienced.

I have used the CLI for a number of things. From a reporting and troubleshooting perspective, the CLI provides much
more granularity.

I have started playing with the XML API for some tasks and potential scripting capabilities....

Re: Firewall Vendors David Escalante (Oct 30)
As I seem to point out every year or two, this is a public list,
archived and indexed on Internet search engines.

IMHO it's not a great idea to post, "I have a brand XXX security device"
because were there ever to be a known vulnerability with said device,
and someone with bad intent were trying to develop a list of entities
with that type of device to exploit, there you are, easily
"google-hackable." Others may...

Re: Firewall Vendors Ramon Hermida (Oct 30)
+1 on Palo Alto as well. We have been running a cluster of 5060s for a
couple of years. We have been using their application-id feature to group
p2p apps and block/shape accordingly. We have also used this feature to
better handle bandwidth needs when IOS updates are released. Because of
this, we got rid of our bandwidth shaper altogether.



From: The EDUCAUSE Security Constituent Group Listserv

Re: Response to phishing e-mails Kalal, Robert (Bob) (Oct 30)
As with Nick’s comments, this situation is truly more a reflection of an overall failure of the institutional
security enterprise than of two individual victims.

Re: Response to phishing e-mails Jones, Mark B (Oct 30)
Revocation of computer access is an interesting consequence. Isn't this the
same as termination or expulsion? Is it possible to be a student or an
employee without accessing computing resources? But I suppose it is easier to
get away with saying "stop or you lose computer access" than saying "stop or
you are fired/expelled".

Re: Firewall Vendors Jason Cook (Oct 30)
We had training and professional services bundled in .

Interested in what issues you are experiencing with the GUI, been smooth sailing for us.

Re: Firewall Vendors Jason Cook (Oct 29)
+1 for Palo's. Closing in on 2 years with a pair of 5060's. Highly recommend them, they have been awesome.

They have some abilities to packet shape, but certainly do not have the same granularity you can achieve in a dedicated
box. This can probably be said for other features like web content filtering, however what functionality it does have
suits our current requirements so it's working very well for us.

Re: Firewall Vendors Rich Graves (Oct 29)
We got training units as part of our purchase 3 years ago. The class materials were an improvement over the
not-so-great documentation. CLI was not seriously covered.

They really don't have a CLI. They have an XPath API that you can use within an SSH session. "set cli
config-output-format set" will show you some things in a more IOS-style format, but it still doesn't make a lot of
sense to me. I use the GUI for...

Re: Firewall Vendors Jeremy Kurtz (Oct 29)
Curious if anyone has jumped on board with Cisco and their Sourcefire
acquisition - even more so if moving from PAN...

Re: Firewall Vendors Walter Petruska (Oct 29)
Pair of Palo Alto 5050s at edge replacing Cisco FWSMs. Running for 2+
years now.

More being built into a new core.

Re: Firewall Vendors Garmon, Joel (Oct 29)
We use palo alto and love them

Re: Firewall Vendors T. Shayne Ghere (Oct 29)

We just moved from Cisco FWSM’s to two PA 5050 firewalls. We’re having
some issues with the GUI, which is what they recommend using, but we’re
used to the CLI. When you purchased them, did they offer any type of
training or offer training?

I’d appreciate any information you could provide.




*Bradley University*

T. Shayne Ghere, CCNP

Network Engineer

1501 W. Bradley Ave.


More Lists

Dozens of other network security lists are archived at SecLists.Org.

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]