Main Nav

Message from zm23@columbia.edu

Hi All, Quick Poll Please: 1. Is your campus using, or does it plan to use, VPN access for remote users? 2 . What vendor(s) and protocols (SSL, IPSec, other) are you using? 3. How many concurrent remote users can your system support? 4. Do you offer any specialized/custom VPN services for departments, researchers, etc.? 5. Is your VPN offering part of your DR plan/requirement? Thanks! Zahid Mehmood Network Software and IT Enablement Systems Columbia University Information Technology

Comments

1)      We currently use remote access.

2)      We use Aruba RemoteAP’s and the Aruba VIA client. Both use IPSec to split-tunnel back. All non-college traffic is routed locally to the users internet connection while internal, college traffic is routed through the tunnel.

3)      The user count is based on the capacity of the controller (IPSec tunnel count) and the RemoteAP (wireless clients) that is being used.

4)      We currently give remote users almost the same access that they would have over the wireless on campus, with some exceptions.

5)      Essential IT staff have access to a small Cisco SSL VPN setup for emergencies.

 

 

Tim Cappalli, ACMP ACMA CCNA | (802) 626-6456

» tim.cappalli@lyndonstate.edu | it.lyndonstate.edu

 



PRIVACY & CONFIDENTIALITY NOTICE
This message is for the designated recipient only and may

contain privileged, confidential, or otherwise private
information. If you have received it in error, please notify
the sender immediately and delete the original. Any other
use of an email received in error is prohibited.

 

Message from kohster@northwestern.edu

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri Mar 09 2012 08:18:36 Central Time, Zahid Mehmood wrote: > > 1. Is your campus using, or does it plan to use, VPN access for remote users? We have been offering traditional remote access VPN services since 2000. > 2 . What vendor(s) and protocols (SSL, IPSec, other) are you using? We are still using the aging Cisco VPN3000 platform right now for our traditional service, supporting PPTP, L2TP/IPSec, and the Cisco IPSec client. In 2007 we began offering a specialized SSL VPN service for targeted groups of users with the Juniper SA platform. In the coming months we will be replacing the VPN3000s with ASAs, so we will have to drop PPTP support and add the Cisco AnyConnect client as an option. > 3. How many concurrent remote users can your system support? Traditional VPN can theoretically support a /21 of users, but the VPN3000s will start showing slowdowns around 600 users, especially if a lot of them are PPTP users. Normal max load these days is around 300 or so. The SSL VPN service has a hardware limit in the thousands of users, but we're only currently licensed for 500 simultaneous, which is more than enough for now. > 4. Do you offer any specialized/custom VPN services for departments, researchers, etc.? Yes, the SSL VPN service is customized for groups and departments, since that uses split tunneling and reserved IP address ranges. We currently have ~120 distinct groups that have signed up for the service. > 5. Is your VPN offering part of your DR plan/requirement? Yes. - -- Julian Y. Koh Manager, Network Transport Telecommunications and Network Services Northwestern University PGP Public Key: -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iEYEARECAAYFAk9aF40ACgkQDlQHnMkeAWMJ6gCgnZeQbtFl/f5VsXoSaVVxDwXX Z8oAn0dRC0e6XnhMTb2oFuCmfKAJk8pq =LKYc -----END PGP SIGNATURE-----
Hi Zahid,



Message from zm23@columbia.edu

Message from adamschumacher@creighton.edu

> > 1. Is your campus using, or does it plan to use, VPN access for remote > users? Yes. We have offered VPN campus-wide for a number of years now. > 2 . What vendor(s) and protocols (SSL, IPSec, other) are you using? We are currently migrating from the Cisco 3030 Concentrator with the old IPsec client toward the ASA and the new AnyConnect client > 3. How many concurrent remote users can your system support? I believe the limit is based on licensing. I'm not sure exactly what that number is (around a few hundred), but it is for concurrent connections /sessions > 4. Do you offer any specialized/custom VPN services for departments, > researchers, etc.? With the new ASA we are moving towards a model where depending on role an individual will have access to different backend systems or administrative type access for IT staff. > 5. Is your VPN offering part of your DR plan/requirement? > Not that I'm aware of sha1( Adam Schumacher Information Security Engineer Creighton University Don't share your password with ANYONE, EVER. This means YOU! 402-280-2383 402-672-1732 ) = 1a72637cf94189654ab1a827520a5e41738f41b0
Message from ahockett@warnerpacific.edu

1.) Yes we currently use VPN. 2.) We are running a Juniper MAG 2600 SSL-VPN 3.) IIRC 100 concurrent remote users. 4.) No. 5.) No. -Aaron Hockett Warner Pacific College
Message from russ.leathe@gordon.edu

1. Is your campus using, or does it plan to use, VPN access for remote users? Yes, we do, as a matter of policy when accessing Institutional resources 2 . What vendor(s) and protocols (SSL, IPSec, other) are you using? Juniper SSL VPN Aruba Remote Access Points Aruba VIA client VPN ( testing right now for wireless hotspot users) 3. How many concurrent remote users can your system support? Right now about 100 4. Do you offer any specialized/custom VPN services for departments, researchers, etc.? Our Admissions and Development Staff utilize the Aruba Remote Access Points from their homes All others use Juniper SSL or soon to be VIA 5. Is your VPN offering part of your DR plan/requirement? Not yet, but will be next year Thanks! Zahid Mehmood Network Software and IT Enablement Systems Columbia University Information Technology
Message from kohster@northwestern.edu

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri Mar 09 2012 08:55:11 Central Time, Zahid Mehmood wrote: > > Our number one fear for offering something like this is the long term management of this type of setup (access control, etc). How do you manage this? Our current arrangement has been working fine for just over 5 years now. After the initial setup, changes are pretty infrequent, and we're able to complete virtually all requests within 1 business day. The whole initial setup can take up to a week depending on how much work needs to be done with provisioning LDAP groups, firewall change requests, etc. Each group has a designated set of individuals who are responsible for managing the group membership, serving as the first line of tech support for their users, requesting any changes to resources, and escalating any issues up to us that they can't solve. > Are you using private IP space for this purpose? Nope. - -- Julian Y. Koh Manager, Network Transport Telecommunications and Network Services Northwestern University PGP Public Key: -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iEYEARECAAYFAk9aLJUACgkQDlQHnMkeAWOA/ACeMoOwnQASDAqGQ/G7S9EI4iR2 SioAmgMYdUAqIhayhKoJQiZP14D7YijS =trPK -----END PGP SIGNATURE-----

 

1.    Yes, we’ve provided VPN access to our community since ~ 2000

 

2.    We’ve been using IPSEC via the Nortel Contivity platform.  We’ve been testing the SSL VPN capabilities of the Palo Alto firewalls and have recently begun examining the new global protect features for their SSL VPN.

 

3.    I believe that our Nortel hardware can support up to 500 simultaneous connections per unit though not 100% certain.   Palo Alto indicates a maximum of 5000 simultaneous SSL VPN users for their hardware.

 

4.    We have custom profiles for various needs like vendor and third party support access, but nothing specifically for departments/researchers due to our size.

 

5.    Not currently

 

 

Regards,

Manny

-----------------------

Manuel (Manny) Amaral

Associate Director, Information Technology

Franklin W. Olin College of Engineering

(781) 292-2433

 

 

 

We currently offer VPN connections using our Cisco ASA. We customize the split tunnel lists for different groups to limit access to required systems. Bruce Entwistle Network Manager University of Redlands
For all those who are allowing VPN access, do you allow file sharing/drive mapping to the remote clients? Bruce Entwistle Network Manager University of Redlands
Message from kohster@northwestern.edu

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri Mar 09 2012 10:30:52 Central Time, "Entwistle, Bruce" wrote: > > For all those who are allowing VPN access, do you allow file sharing/drive mapping to the remote clients? Yes. - -- Julian Y. Koh Manager, Network Transport Telecommunications and Network Services Northwestern University PGP Public Key: -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iEYEARECAAYFAk9aMLUACgkQDlQHnMkeAWN3VQCdGs4IkKcdHZBYREAeY1nJT5e0 vioAn39Wsasmz4Baw25k/qmyOmZzYqaU =S7UT -----END PGP SIGNATURE-----
1. Is your campus using, or does it plan to use, VPN access for remote users? Yes. 2 . What vendor(s) and protocols (SSL, IPSec, other) are you using? Cisco ASA -- primarily using Cisco SSL VPN for remote users. 3. How many concurrent remote users can your system support? 5,000+ 4. Do you offer any specialized/custom VPN services for departments, researchers, etc.? There are some separate specialized VPN services. 5. Is your VPN offering part of your DR plan/requirement? Yes.
Message from millerj@uakron.edu

1. Is your campus using, or does it plan to use, VPN access for remote users? Yes 2 . What vendor(s) and protocols (SSL, IPsec, other) are you using? Currently a Cisco VPN 3000 Concentrator. About to upgrade to an ASA 5550 Currently only IPSEC supported. 3. How many concurrent remote users can your system support? 10,000 New unit will support 5,000 4. Do you offer any specialized/custom VPN services for departments, researchers, etc.? Yes. Some highly secure segments for specialized access. 5. Is your VPN offering part of your DR plan/requirement? Yes it is. Jim Miller CISSP,CCSP Lead Network Engineer The University of Akron (330) 972-7958 millerj@uakron.edu
#1- yes, using Cisco's VPN client Rev 5.0.06.0110, supplied to students and staff for connection from home #2- Cisco VPN boxes (3) using Group Authentication with IPSec Transparent Tunnelling over UDP #3 - unknown #4- no, access control determined by network account used to login to VPN #5- not really, used for extending access from outside college environment mostly Sincerely, Patrick Ouellette Algonquin College - School of Advanced Technology Program Coordinator: Computer Systems Technician & Technology Programs Professor - Information and Communications Technology Department >
For those that have answered yes, would you mind outlining whether you allow split tunneling or not? I would also appreciate your rationale one way or the other. I've always been taught that split tunneling is a really bad idea, but this topic has recently come up in our remote access project. -- Kris Monroe, CISSP, CISA, CISM Information Security Officer Office of Information Technology Services Job Hall Ithaca College 953 Danby Rd. | Ithaca, NY 14850 607.274.1997 | 607.274.1484 fax kmonroe@ithaca.edu | ithaca.edu Follow us: facebook.com/ICInfosec | twitter.com/IC_infosec On 3/9/2012 9:18 AM, Zahid Mehmood wrote: > Hi All, > > Quick Poll Please: > > 1. Is your campus using, or does it plan to use, VPN access for remote users? > 2 . What vendor(s) and protocols (SSL, IPSec, other) are you using? > 3. How many concurrent remote users can your system support? > 4. Do you offer any specialized/custom VPN services for departments, researchers, etc.? > 5. Is your VPN offering part of your DR plan/requirement? > > Thanks! > > Zahid Mehmood > Network Software and IT Enablement Systems > Columbia University Information Technology >
Message from millerj@uakron.edu

We disable the use of split tunneling. There are several thoughts on this but we feel that the possible risks with this are not really worth any type of benefits it may provide a small percentage of the users. Jim Miller CISSP,CCSP Lead Network Engineer The University of Akron (330) 972-7958 millerj@uakron.edu
Message from kohster@northwestern.edu

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri Mar 09 2012 14:25:52 Central Time, Kris Monroe wrote: > > For those that have answered yes, would you mind outlining whether you > allow split tunneling or not? I would also appreciate your rationale one > way or the other. We do not use split tunneling on our traditional VPN service. We originally tried to do it back in 2000 in the interest of bandwidth conservation, but given the huge number of off-campus resources (primarily from the Library) that were restricted to our IP address space, this quickly became unmanageable. For our SSL VPN service, given its targeted and customized nature, we went back to split tunneling. - -- Julian Y. Koh Manager, Network Transport Telecommunications and Network Services Northwestern University PGP Public Key: -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iEYEARECAAYFAk9aaCwACgkQDlQHnMkeAWODCQCg9wULYLKVja3TV7Q0dgjEcZE8 AnIAoIW9She8+BQsnAdgU3Zzn2+ZuWfk =Yxc9 -----END PGP SIGNATURE-----
generic campus credentials, so we may have more knowledgeable (than usual) users. Caveat2: our campus is on private addresses, so there is less ambiguity in the split-/full-tunnel cases. We used to do exclusively split-tunnel operation to conserve on bandwidth, the campus was exceedingly constrained early on. Our new VPN (about to enter production) provides the user with both split- and full-tunnel profiles with the caveat that full-tunnel is our recommendation for any open / unencrypted WiFi environment. Jeff On 3/9/2012 3:25 PM, Kris Monroe wrote: > For those that have answered yes, would you mind outlining whether you > allow split tunneling or not? I would also appreciate your rationale one > way or the other. > > I've always been taught that split tunneling is a really bad idea, but > this topic has recently come up in our remote access project. >
Quick Poll Please:

1.      Is your campus using, or does it plan to use,  VPN access for remote users?
Yes
2 .     What vendor(s) and protocols (SSL, IPSec, other) are you using?
Aventail/SonicWall SSL
3.How many concurrent remote users can your system support?
200
4.Do you offer any specialized/custom VPN services for departments, researchers, etc.? 
No
5.Is your VPN offering part of your DR plan/requirement?
No

 
 
Hugh Burley
Thompson Rivers University
ITS - Senior Technology Coordinator
Information Security Officer
CISSP, CIPP/C, CISA
Security, Privacy, Audit
BCCOL - 222D
250-852-6351
Message from adamschumacher@creighton.edu

> For those that have answered yes, would you mind outlining whether you > allow split tunneling or not? I would also appreciate your rationale one way or > the other. > Our current IPsec solution does not do split tunneling, but the AnyConnect/SSL solution that we are moving to will. Our stance is that if anything going out to the internet isn't already "secure", isn't going to get that much of a benefit from going through us first. It saves our bandwidth and improves the overall experience for the customer. The solution is smart enough that any traffic destined for either our public or private address space goes through the tunnel. > I've always been taught that split tunneling is a really bad idea, but this topic > has recently come up in our remote access project. > It just depends on what risks are/aren't acceptable to you or your institution. Personally, I'd rather not be a conduit for all the crazy stuff that ends up on home/personal devices any more than I have to. > -- > Kris Monroe, CISSP, CISA, CISM > Information Security Officer > Office of Information Technology Services Job Hall > > Ithaca College > 953 Danby Rd. | Ithaca, NY 14850 > 607.274.1997 | 607.274.1484 fax > kmonroe@ithaca.edu | ithaca.edu > Follow us: facebook.com/ICInfosec | twitter.com/IC_infosec > > On 3/9/2012 9:18 AM, Zahid Mehmood wrote: > > Hi All, > > > > Quick Poll Please: > > > > 1. Is your campus using, or does it plan to use, VPN access for remote > users? > > 2 . What vendor(s) and protocols (SSL, IPSec, other) are you using? > > 3. How many concurrent remote users can your system support? > > 4. Do you offer any specialized/custom VPN services for departments, > researchers, etc.? > > 5. Is your VPN offering part of your DR plan/requirement? > > > > Thanks! > > > > Zahid Mehmood > > Network Software and IT Enablement Systems Columbia University > > Information Technology > >
This topic is always a lively discussion! ;-) But I believe the conversations of old may need to be re-examined with today's technology options in mind. First disclosure, we only allow supervisor approved access to our VPN for our users, and only on institutionally owned machines. A fall back for a pandemic or other emergency is in place where those rules change. Like many of you, we ran Cisco VPN concentrators for years and forced our remote users through our limited bandwidth pipe whenever they needed a campus resource, and ALL traffic came through our pipe for security reasons. Since we did not allow split tunneling, our remote office users could not even do simple things print to their local printers from our ERP system. We have recently upgraded our systems to use the Palo Alto SSLVPN / Global Protect Client. This is generally setup as a purely SSL VPN, but can also act as a Cisco Style IPSec VPN for site to site VPN Tunnels, or setups on iPads and the like. So, we have moved away from not allowing split tunneling to embracing it - with proper control and network access limitations. With Palo Alto we can determine which traffic we allow into our core, and all others are blocked. And even the traffic that comes into our core must pass the IPS rules to ensure that the safe traffic safe. It's always a delicant balance to enable users, yet protect our networks. I believe modern technology can give you that balance, if properly configured. Don't ask a 10 year old product to try to do this. On 3/9/2012 3:25 PM, Kris Monroe wrote: > For those that have answered yes, would you mind outlining whether you > allow split tunneling or not? I would also appreciate your rationale one > way or the other. > > I've always been taught that split tunneling is a really bad idea, but > this topic has recently come up in our remote access project. > > -- > Kris Monroe, CISSP, CISA, CISM > Information Security Officer > Office of Information Technology Services > Job Hall > > Ithaca College > 953 Danby Rd. | Ithaca, NY 14850 > 607.274.1997 | 607.274.1484 fax > kmonroe@ithaca.edu | ithaca.edu > Follow us: facebook.com/ICInfosec | twitter.com/IC_infosec > > On 3/9/2012 9:18 AM, Zahid Mehmood wrote: >> Hi All, >> >> Quick Poll Please: >> >> 1. Is your campus using, or does it plan to use, VPN access for remote users? >> 2 . What vendor(s) and protocols (SSL, IPSec, other) are you using? >> 3. How many concurrent remote users can your system support? >> 4. Do you offer any specialized/custom VPN services for departments, researchers, etc.? >> 5. Is your VPN offering part of your DR plan/requirement? >> >> Thanks! >> >> Zahid Mehmood >> Network Software and IT Enablement Systems >> Columbia University Information Technology >>
Message from valdis.kletnieks@vt.edu

On Fri, 09 Mar 2012 19:56:02 EST, Dave Koontz said: > First disclosure, we only allow supervisor approved access to our VPN > for our users, and only on institutionally owned machines. A fall back > for a pandemic or other emergency is in place where those rules change. OK, I'll bite - have you *tested* being able to get VPN enabled on user-owned machines on short notice when everybody is out sick? If so, what snags did you hit, and any advice for others who are looking at having to do this sort of emergency rollout? (Sorry, anytime I see "rules change in an emergency", I see potential for screw-ups, either from people and systems that don't know that the rules are different, or from insufficient testing of cut-over).
I am interested in getting a quick estimate of how many of us force password changes to institutional accounts and at what interval (monthly, 60,90 days?). With the increase in spamming and phishing, increase in security breaches and our own experience recently of being blacklisted based on clients responding to these nefarious attempts to gather secure information we have started a debate about this on our campus. The costs associated with cyber crimes and the open nature of our campuses makes it more concerning that we move to offer some attempt at securing our systems. What are you doing? Tom Thomas H. Carnwath | Vice President | Technology and Information Services The University of the Arts | 320 South Broad Street | Philadelphia, PA 19102 | Tel: 215-717-6440 [cid:B67F5F7B-0AD0-4D49-B9F6-69C96D61193B] Need Assistance? Call Oops (215-717-6677) to get answers. OTIS will never ask for your personal information or password in an email. Never share this information with anyone. This message and any attachment may contain confidential or privileged information and is intended for the intended individual named as addressee. If you are not the intended recipient of this message, please notify the sender immediately by return email and delete this message and all attachments from your system. Any unauthorized disclosure, use, distribution, or reproduction of this message or any attachments is prohibited and may be deemed unlawful. Please consider the environment before printing this email. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
One (1) Year at STLCC. Craig ========================================= J. Craig Klimczak, D.V.M., M.S. Vice Chancellor for Technology and Educational Support Services St. Louis Community College 300 South Broadway St. Louis, MO  63102 Phone: (314) 539-5436 Email: cklimczak@stlcc.edu
Our policy is 60 days. --Bret Sent from my iPad >
Yes we do force a change. 180 days here at TLU William R. Senter Director of Information Technology Texas Lutheran University wsenter@tlu.edu -----Original Message----- From: The EDUCAUSE CIO Constituent Group Listserv [mailto:CIO@LISTSERV.EDUCAUSE.EDU] On Behalf Of Bret Ingerman Sent: Tuesday, March 04, 2014 9:01 AM To: CIO@LISTSERV.EDUCAUSE.EDU Subject: Re: [CIO] Quick poll Our policy is 60 days. --Bret Sent from my iPad >
Message from ellisj@mail.strose.edu

Passwords must be changed every 180 days here at The College of Saint Rose. John R. Ellis Executive Director Information Technology Services The College of Saint Rose 432 Western Avenue Albany, New York 12203 518-454-5166 ellisj@strose.edu www.strose.edu ITS.strose.edu
45 days Scott Crow Director of Information Technology Lourdes University 6832 Convent Blvd. Sylvania, OH 43560 Direct: 419-824-3938 scrow@lourdes.edu www.lourdes.edu
Message from dthibeau@post03.curry.edu

We currently use 120 days.  We find that when someone loses their password (well you know what I mean J), that it takes only 24-36 hours before their e-mail is hijacked and we get black-listed.  I’m not sure that lowering the password expiration will help.  We have started a comprehensive education process which started at the monthly faculty meeting.  We plan to put the issue of spam and phishing front and center on a regular basis.  We are even considering a pop-up every time you open your e-mail that warns you about it.  We’re testing that now to see how it works.

 

Dennis Thibeault

CIO, Curry College

 

Can I add to the pole.... Do you treat employee and student accounts differently for password change intervals?
120 Days at SVSU. Kind Regards, Jim James M. Maher II Executive Director of Information Technology Services Saginaw Valley State University Information Technology Services 7400 Bay Road University Center, MI 48710 www.svsu.edu Tel: (989) 964-2222 E-mail: jmmaher@svsu.edu This email may contain legally privileged and/or confidential information. If you are not the intended recipient, or the employee or agent responsible for delivery of this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this email is strictly prohibited. If you have received this message in error, please immediately notify the sender and delete this email from your computer. Your cooperation is appreciated.
At U of Maine System passwords expire at 180, but you can change it within the next 180 using the old password (just can't log into anything).

We've been cranking up the required password complexity too. 


John Grover
Director | Enterprise Computing and Application Services
University of Maine System | (207) 561-3510 (desk) | (207) 949-4208 (cell)


And How many old passwords are remember by the system In our case we force to change the password every 60 days, remember 3 passwords and treat employee and student accounts in the same way. ________________________________________ Atentamente, Andres Holguin Coral
Message from dthibeau@post03.curry.edu

Yes, we treat the groups differently. Faculty/Staff 120 days Students - no password expirations Curry College
We do not require password changes at Boston University. We have had discussions to that effect and are moving in the direction of two factor authentication as opposed to password changes. Bobby Sprinkle Executive IT Director Boston University Medical Campus 801 Massachusetts Ave, Suite 485 Boston, MA 02118 617-414-1493 813-217-1279
Message from rwoody@emich.edu

180 days for faculty/staff


Ron Woody

Executive Director & Deputy CIO
Division of Information Technology
Eastern Michigan University
ron.woody@emich.edu
(734) 487-2290

From: "Thomas Carnwath" <tcarnwath@UARTS.EDU>
To: CIO@LISTSERV.EDUCAUSE.EDU
Sent: Tuesday, March 4, 2014 9:59:14 AM
Subject: [CIO] Quick poll

I am interested in getting a quick estimate of how many of us force password changes to institutional accounts and at what interval (monthly, 60,90 days?). With the increase in spamming and phishing, increase in security breaches and our own experience recently of being blacklisted based on clients responding to these nefarious attempts to gather secure information we have started a debate about this on our campus. The costs associated with cyber crimes and the open nature of our campuses makes it more concerning that we move to offer some attempt at securing our systems. What are you doing?

Tom

Thomas H. Carnwath | Vice President | Technology and Information Services
The University of the Arts | 320 South Broad Street | Philadelphia, PA 19102 | Tel: 215-717-6440

[cid:B67F5F7B-0AD0-4D49-B9F6-69C96D61193B]
Need Assistance? Call Oops (215-717-6677) to get answers.
OTIS will never ask for your personal information or password in an email. Never share this information with anyone.

This message and any attachment may contain confidential or privileged information and is intended for the intended individual named as addressee. If you are not the intended recipient of this message, please notify the sender immediately by return email and delete this message and all attachments from your system. Any unauthorized disclosure, use, distribution, or reproduction of this message or any attachments is prohibited and may be deemed unlawful.

Please consider the environment before printing this email.


**********
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.


********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.

Hi All We are at one year for employees - not sure if that really helps prevent anything. We find the best way to avoid getting blacklisted is rate limiting outgoing messages. On the rare occasion this happens we are able to stop it before we are on any spam lists. Thanks Patrick ---------------------------------------- Patrick Burns CIO - Yavapai College 928.776.2055 (O) 928.237.0944 (M) patrick.burns@yc.edu 'Yavapai College - life explored' ----------------------------------------
90 days. This is what our Price Waterhouse Cooper financial auditors require. We haven't fully integrated all of our apps into a single signon (currently Angel LMS is an outlier because it doesn't play well with IDAM frameworks), but we are working to replace it. Then it will be 90 days for everything.

Dee

--
M. Dee Childs
Associate Provost and Chief Information Officer
Office of Information Technology
University of Alabama in Huntsville
Huntsville, AL 35899



At Wayne State faculty and staff must change twice a year, students and alumni who retain accounts only once a year.

Geoffrey S. Nathan
Faculty Liaison, C&IT
and Professor, Linguistics Program
http://blogs.wayne.edu/proftech/
+1 (313) 577-1259 (C&IT)

Nobody at Wayne State will EVER ask you for your password. Never send it to anyone in an email, no matter how authentic the email looks.


From: "Mike Cunningham" <mike.cunningham@PCT.EDU>
To: CIO@LISTSERV.EDUCAUSE.EDU
Sent: Tuesday, March 4, 2014 10:07:39 AM
Subject: Re: Quick poll

Can I add to the pole....
Do you treat employee and student accounts differently for password change intervals?


Fairfield University is at 120 days. Our security specialist monitors traffic (threat and valid) daily. Weekly we receive about 600k-1.2mil threat messages. Thankfully all but a small percentage are blocked by our systems in place. However, it's a constant concern. Sent from my iPhone >
Tom, At Pepperdine University, our Network ID passwords automatically expire in 365 days. We are dealing with all or many of the same issues as you. Couple of things that we¹ve done in the past two years are: (1) Identify as many or all institutional users that need access to restricted information to do their work. We¹ve encrypted their computers. (2) Implemented an IdM system that facilitates password self-reset but also enforces strong passwords. We literally had passwords like Fall2013, Spring2014, etc. Here¹s more on Pepperdine¹s guidelines and technical requirements for passwords: http://community.pepperdine.edu/it/security/policies/strongpassword.htm And of course, ongoing information security education is key and necessary. Since Fall semester, we¹ve created and sent two spear phishing emails to our user community. Our phishing messages were created in such a way that it looked somewhat legitimate. In Fall (actually on Halloween Day), 17% of our fac/staff clicked the message link only to be greeted by a message from the IT division with further online educational material. In Spring, the second spear phishing message only yielded about 4%. So, it appears that people are learning. But at the same time, there are still some clicking links of actual phishing emails. Our info sec educational efforts will continue with no end in the foreseeable future. Best, Jonathan Jonathan See Chief Information Officer Pepperdine University Jonathan.See@pepperdine.edu
Berkshire Community College forces password changes every 182 days. And we keep a password history of 12.
Tom,

Passwords are changed every 90 days.

Jim


We require our employees to change theirs every 180 days and have criteria that the passwords must meet.

 

Erik VanLaecken

Director, Information Technology/CIO

Southeast Technical Institute

Phone: 605-367-4800

www.southeasttech.edu

 

CONFIDENTIALITY NOTICE:  This email, including any attachments, contains information which may be privileged, confidential and/or protected from disclosure.  The information is intended only for the use of the individual or entity named above.  If you think you have received this message in error, please email the sender then delete the email from your computer system and destroy any hard copies of the email.  If you are not the intended recipient any dissemination, distribution or copying of this email is strictly prohibited.

 

 

 

 

From: The EDUCAUSE CIO Constituent Group Listserv [mailto:CIO@LISTSERV.EDUCAUSE.EDU] On Behalf Of James Burns
Sent: Tuesday, March 04, 2014 9:56 AM
To: CIO@LISTSERV.EDUCAUSE.EDU
Subject: Re: [CIO] Quick poll

 

Tom,

 

Passwords are changed every 90 days.

 

Jim

 

Tom, Our policy is 90 days. Regards Darrell K J. Darrell Kulesza Vice President of Information Technology and Chief Information Officer Dean College 99 Main Street Franklin, MA 02038 508-541-1864 - phone CONFIDENTIALITY NOTICE This e-mail message from Dean College is intended only for the individual(s) to whom it is addressed. This e-mail may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you received this e-mail by accident, please notify the sender immediately and destroy this e-mail and all copies of it.
180 days for all accounts at Portland State University. 

-------------------------------------------------------------
Kirk Kelly
Associate Vice President and CIO

Office of Information Technology
Portland State University
2121 SW 4th Ave 
Portland, OR 97201

kkelly@pdx.edu
503-725-6246


90 days for domain and SIS accounts only.
Bill Betlej
Mary Baldwin College


Hi Tom;

We force the change on institutional ID every 6 months (require strong passwords) and a little more frequently (every 90 days) on our ERP.  We are implementing two factor authentication on our ERP and a couple other systems this semester.  This very topic came up recently in our faculty advisory group because they want longer passwords with no special chars (which we require now).  We are discussing it and are interested in how others are requiring their passwords to be constructed....length and required char types.

Thanks,

Louise A. Finn

CIO & Associate VP Technology Services

4501 N. Charles Street

Baltimore, MD  21210

lafinn@loyola.edu

Office- 410-617-5252

Fax - 410-617-5130

Website: www.loyola.edu/cio

 

 

Technology services will never ask for your password, please do not give it to anyone.

 

 

Close
Close


Annual Conference
September 29–October 2
Register Now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.