Educause Security Discussion

Re: IPv6 and DHCP

Tue, 22 May 2012 22:16:18 GMT

Posted by Curtis, Bruce on May 22

In the anything else category would be that Macintoshes did not have an IPv6 DHCP client until Lion Mac OS X 7. So
if you have some older Macs on the network they will still need to use SLAAC.

Even with DHCPv6 on a subnet some clients may still use IPv6 Privacy addresses for outgoing connections.

---
Bruce Curtis bruce.curtis () ndsu edu
Certified NetAnalyst II 701-231-8527
North Dakota State...

Chief Information Security Officer position announcement - Kansas State University

Tue, 22 May 2012 18:48:29 GMT

Posted by Anthony Phillips on May 22

Chief Information Security Officer - Kansas State University

The Office of Information Technology Services at Kansas State University is
seeking applicants for a Chief Information Security Officer.

The Chief Information Security Officer (CISO) leads the planning,
development, and implementation of the Kansas State University information
systems security program to promote K-State information systems reliability
and accessibility while...

eDiscovery - E-mail Archiving Policy & Software

Tue, 22 May 2012 14:54:30 GMT

Posted by Carlos Lobato on May 22

All,

If you have an e-mail archiving policy and use an "E-mail Management Platform/software" to monitor i.e. ensure
compliance, would you share a copy of your policy and let us know the name of the tool your University uses.

Thanks,

Carlos S. Lobato, CISA, CIA
IT Compliance Officer

New Mexico State University
Information and Communication Technologies
MSC 3AT PO Box 30001
Las Cruces, NM 88003-8001

Phone: 575-646-5902
Fax:...

Re: Hard Disk Degaussers

Mon, 21 May 2012 13:34:50 GMT

Posted by Chris Green on May 21

Our form is http://main.uab.edu/Sites/it/documents/80781.pdf which is then batched and taken off site for shredding
and/or incineration (tape media).

+1 to Steve Werby. Degaussers don't give you a visual indication they didn't work.

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Dan
Sarazen
Sent: Monday, May 21, 2012 7:09 AM
To: SECURITY () LISTSERV EDUCAUSE EDU...

Re: Webcast Today - May 21 regarding SANS training

Mon, 21 May 2012 12:28:06 GMT

Posted by Beth Young on May 21

Don't forget: REN-ISAC and CACR are hosting a web seminar with SANS
today to talk about the next aggregate purchasing window. Join us to
learn how you can get exceptional SANS training at a steeply
discounted price.

Date: Monday, May 21, 2012
Time: 11:00 Eastern Daylight Time

Agenda for web seminar:
- Introduction by Doug Pearson
- Securing The Human security awareness training
- OnDemand technical training
- Voucher Credits for live...

Re: Hard Disk Degaussers

Mon, 21 May 2012 12:08:51 GMT

Posted by Dan Sarazen on May 21

HI All,

Sorry for hi-jacking this thread, but can anybody tell me what they do (If
anything) to document the sanitization of hard-drives? Once they are
removed from the PC (Which is what is usually tracked in the asset
inventory) how do you track the hard-drives to show they have all been
through the degausser?

Or do you?

Thanks,
Dan

*From:* The EDUCAUSE Security Constituent Group Listserv [mailto:
SECURITY () LISTSERV EDUCAUSE EDU] *On...

Re: Hard Disk Degaussers

Mon, 21 May 2012 11:51:18 GMT

Posted by Shamblin, Quinn on May 21

We just got one of these which is doing a very good job. http://www.semshred.com/manual_hard_drive_crushers

Contact me off list if you want a picture of what this thing does. They also have a powered one.

The manual one does need to be bolted to something, but it can destroy a hard drive in 5-10 seconds depending on the a
variety of factors.

Quinn R Shamblin...

Re: Hard Disk Degaussers

Mon, 21 May 2012 00:37:37 GMT

Posted by Steve Werby on May 20

Paul,

Hard drive destruction is handled by our university's surplus property
department. They use a hard drive shredder that works well (it replaced
a drill press), but can't destroy small storage media like SIM cards and
SD cards. My previous university used a manually powered hard drive
bender, which was also effective and about 1/3 of the cost. In a past
environment I discovered a degausser that was in use, but when my office
tested...

Re: Malware (antivirus) software for Macintosh

Fri, 18 May 2012 14:47:25 GMT

Posted by Everett, Alex D on May 18

Well put, Louis.
There must be a good reason why you had fewer- maybe more systems with AV (it was a wake up call for many here) or more
secure web surfing habits for your users.

Sincerely,

Alex Everett, CISSP, CCNA
University of North Carolina

Alex

You are correct Apple knew about this we all know that a response was slow incoming. I am not sure why Flashback was a
non-event for us, since I have a very small population on McAfee...

Re: Malware (antivirus) software for Macintosh

Fri, 18 May 2012 14:22:21 GMT

Posted by Louis APONTE on May 18

Alex

You are correct Apple knew about this we all know that a response was
slow incoming. I am not sure why Flashback was a non-event for us, since
I have a very small population on McAfee anti-malware 1.x or
(9.1.0.4478) I spot checked critical systems at the start of this, what
I found was tons of needed updates queued up. I guess what I said badly
was you need an AV solution in place (McAfee does rather well on snow
leopard and Mt lion ),...

Re: Malware (antivirus) software for Macintosh

Thu, 17 May 2012 21:22:48 GMT

Posted by Cal Frye on May 17

We use Intego VirusBarrier here. Didn't find the first cases, but is
fairly good at cleaning them up afterward. It can be a bit too
aggressive by default, but doesn't seem to impair performance much at all.

Re: Malware (antivirus) software for Macintosh

Thu, 17 May 2012 21:09:56 GMT

Posted by Justin Azoff on May 17

The majority of flashback infected machines were personal laptops that
were already infected while on an off campus location. Almost all were
student owned machines, but a few were faculty/staff.

We would see IDS alerts < 10 seconds after the WPA login.

We focused on detection+suspension, we had ~200 infections total.

Re: Malware (antivirus) software for Macintosh

Thu, 17 May 2012 20:55:00 GMT

Posted by John Ladwig on May 17

Which "network security mitigation techniques," didn't work out for Flashback at your site?

-jml

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Everett,
Alex D
Sent: Thursday, May 17, 2012 3:51 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Malware (antivirus) software for Macintosh

Louis:

Maybe I am misreading this, but Apple Updates did not...

Re: Malware (antivirus) software for Macintosh

Thu, 17 May 2012 20:52:37 GMT

Posted by Everett, Alex D on May 17

Louis:

Maybe I am misreading this, but Apple Updates did not offer protection in time, though patching is of course sound
advice.
A Java vulnerability was not patched until after exploitation took place.
We did have good experience with anti-malware software if the user had it already installed.
We had poor experience with network security mitigation technologies.

References:...

Re: Malware (antivirus) software for Macintosh

Thu, 17 May 2012 20:43:47 GMT

Posted by Gallese, Brady T. on May 17

Also using Symantec Endpoint Protection 12.1 here. We saw some issues with version 11 as John mention, but things have
been very good with 12.1. I like that the macs are centrally managed for reporting, just like our PC clients - pricing
is also the same as our PC clients. There haven't been many mac–only viruses show up, but it's been great for stopping
the PC viruses that the macs had been carriers for.

Regards,
Brady Gallese...