mailing list archives
Re: What is wrong with schools these days?
From: "Gaddis, Jeremy L." <jeremy () linuxwiz net>
Date: Sun, 30 Apr 2006 20:16:27 -0400
Mike Iglesias wrote:
Many universities do not have a central IT organization running every
computer on campus as you would in a commercial enterprise. They have a
decentralized model where each school, department, or research group
runs their computers. In addition, you have many students, faculty, and
staff with personally owned laptops that they take care of (or not)
themselves. So you have many little fiefdoms running computers, some
with more of a clue than others. The clueless ones have untrained
students running the computers, and most of them don't know much about
security. They're told to setup a computer and put this data on it so
the professor can do his research.
While this often holds true, there should always a central infosec
department that has the ability to kill a switch port. Kill the network
connection to a critical server exposing private information and people
take notice pretty quick.
Central entities in universities, like the registrar, should know what
they are doing if they are setting up ways to remotely access information.
Yes, they should, but they often don't. Remember, these end users are
just that -- users, not security professionals.
Not responding to emails and/or phone calls to the security/abuse/etc
group is irresponsible, if you ask me.
Agreed, though lack of a response doesn't mean nothing is happening.
Often times, the first time infosec must do is contact legal for advice.
Legal's first advice is often to simply not respond.
eJeremy L. Gaddis
GCWN, MCP, Linux+, Network+
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/