Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: What is wrong with schools these days?
From: "Gaddis, Jeremy L." <jeremy () linuxwiz net>
Date: Sun, 30 Apr 2006 20:16:27 -0400

Mike Iglesias wrote:
Many universities do not have a central IT organization running every computer on campus as you would in a commercial enterprise. They have a decentralized model where each school, department, or research group runs their computers. In addition, you have many students, faculty, and staff with personally owned laptops that they take care of (or not) themselves. So you have many little fiefdoms running computers, some with more of a clue than others. The clueless ones have untrained students running the computers, and most of them don't know much about security. They're told to setup a computer and put this data on it so the professor can do his research.

While this often holds true, there should always a central infosec department that has the ability to kill a switch port. Kill the network connection to a critical server exposing private information and people take notice pretty quick.

Central entities in universities, like the registrar, should know what they are doing if they are setting up ways to remotely access information.

Yes, they should, but they often don't. Remember, these end users are just that -- users, not security professionals.

Not responding to emails and/or phone calls to the security/abuse/etc group is irresponsible, if you ask me.

Agreed, though lack of a response doesn't mean nothing is happening. Often times, the first time infosec must do is contact legal for advice. Legal's first advice is often to simply not respond.


eJeremy L. Gaddis
GCWN, MCP, Linux+, Network+

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]