Main Nav

Participate in this Group

Search This Group

January 15, 2013 | Stephen Bradley
We limit all the P2P traffic to about 1Kbps and that allows the gamers to login and then they switch to whatever works. For some reason they need P2P to login but not to run. steve
January 14, 2013 | Carlos S. Lobato
FYI - I would appreciate sharing this position with anyone interested.
 

Carlos S. Lobato, CISA, CIA <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

IT Compliance Officer

 

New Mexico State University

 
January 14, 2013 | Kevin Shalla

Here’s a Chicago Tribune story on Java security problems:

http://www.chicagotribune.com/business/technology/chi-java-update-oracle-updates-java-security-experts-say-bugs-remain-20130114,0,7822126.story

 

We use Java 6 in order to run Banner.  This article seems to suggest that Java 6 doesn’t have the problem.  People in my department have started to ask me what to do.  What do you all think?

 

Kevin

 

January 11, 2013 | James H. Moore
I am trying to learn Vmware CLI.  I took the Vmware vSphere class, and most of the time when I asked security or investigations questions, they would usually respond that wasn't available through the vSphere gui, but was something that you could find, or monitor through the CLI, and suggested that I take the course.  For now, I am trying to experiment with the vSphere CLI, and maybe build some investigation tools.  But I learn best from example, so I am looking for CLI scripts.  And if anyone has already done the CLI investigations tool building and are willing to share them, then please contact me off list (you will have made my day.)

Thanks!

Jim
- - - -
Jim Moore, CISSP, IAM, ITIL Foundations
Senior Information Security Forensic Investigator
Rochester Institute of Technology
151 Lomb Memorial Drive
Rochester, NY 14623-...
January 11, 2013 | Daniel Bennett
Does anyone on this list know of a RSS feed or web site that consolidates all software patch announcements (product, release date, issues fixed) into a one stop shop?
January 10, 2013 | Listserv Anonymous User
Message from russ.leathe@gordon.edu

We are currently poc with bit9 and FireEye for malware detection. I like both products so far. Do you currently own one of these products? Would you care to give me your pro's/con's, what you would do differently, etc. Perhaps you went another direction? Thanks! Russ -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY@LISTSERV.EDUCAUSE.EDU] On Behalf Of Samuel Gaudet Sent: Wednesday, January 09, 2013 2:25 PM To: SECURITY@LISTSERV.EDUCAUSE.EDU Subject: Re: [SECURITY] Pentest Agreement Ed Skoudis has a good boilerplate memo he shares with his students that is designed to protect employees in a situation similar to yours: http://www.counterhack.net/permission_memo.html Hope this helps...
January 9, 2013 | Adam Vedra
Would any one be willing to share an example of an internal pentest agreement/permission document between an employer and an information security employee, ideally one that is used in your own organization? So far the examples I have turned up are more or less contracts between an organization and an outside third party.

Thank you for your help and input!

Adam
 
 
 
Adam P. Vedra, CISSP, GSEC
Information Security Officer
Calvin College
 
January 9, 2013 | James Pardonek
I'm looking for some information of what your University's stance is on the use of applications such as Jump Desktop, LogMeIn, GoToMyPC, etc.  I tend to have an issue with users connecting to their desktop without the security of our VPN and ability to audit who is connecting and when.  As we all know, most users are not as creative as we would like them to be when it comes to creating passwords for services like the ones above and although I don't think there have been any successful attempts at getting accounts and passwords from these services, you never know.
 
Loyola currently has no policy regarding these services so I'm not sure, based on what others are doing if we should, or do we just let it go.
 
Thanks,
 
Jim
 
 
James Pardonek, CISSP, CEH
Information Security Officer
Loyola University Chicago...
January 9, 2013 | Brian Smith Sweeney
Awesome Justin! I've just recently been having conversations with a peer about tools they could use to get up to speed on performing vulnerability assessments. Will definitely give this a look. Cheers, Brian ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Brian Smith-Sweeney Assistant Director ITS Technology Security Services, New York University http://www.nyu.edu/its/security ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
January 9, 2013 | Andrea Di Fabio
NSU is hiring an IT Security and Policy Specialist. If you interested or if you know anyone who may be insterested and qualified, please see or forward the below, or search for position # 00324 on the VA jobs website. https://jobs.agencies.virginia.gov/applicants/Central?delegateParameter=... icantPostingSearchDelegate&actionParameter=getJobDetail&rowId=735691&c=cCK7Q qrvlr8dKTG8CFFq2A%3D%3D&pageLoadIdRequestKey=1357742509403&functionalityTabl eName=8192&windowTimestamp=null
January 9, 2013 | Justin C. Klein Keane
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello all, yesterday I released the latest in a series of capture the flag exercises as part of the LAMP Security project, hosted at SourceForge.net (read: free training!). This exercise was run at the Philadelphia OWASP chapter meeting. It includes a full virtual machine image with custom and open source web applications that demonstrate a number of common web application vulnerabilities and misconfigurations. The goal of the exercise is to break into the target and get access to the root account with no prior information about the target. The exercise includes a full 43 page PDF walk-through that is suited for folks of all levels of technical expertise. You can complete the exercise with or without the walk-through. The exercise uses the BackTrack Linux distribution to demonstrate a number of open source testing tools that you can use in your own organization as well as highlight the strengths and weaknesses of each tool....
January 7, 2013 | Jeff Uebele
Martin, Being as you are touting the merits and suitability of your product, could you respond specifically to David Curry's critical requirement to "send users to some sort of quarantine/remediation portal," (paraphrased from the paragraph below). Thanks, I look forward to your response. *There are plenty of IDS/IPS systems out there that can detect and block the *traffic; that part's easy. But we've been unable to find any products that *can also do the other part--sending users to some sort of *quarantine/remediation portal so that they know why their computer isn't *working on the network anymore. This last part is critical to us, as we do *not run a 24x7 help desk, and we don't want to just silently drop users' *traffic with no explanation when there's nobody they can call to find out *what's happening. * *So finally, my question: Has anybody implemented something like this? If *so, would you be willing to share how you did it? *Date: Sat, 5 Jan 2013 17:52:15 +0000 *
January 7, 2013 | Beth Young
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SANS and REN-ISAC are partnering to bring exceptional security awareness and technical training to the education community at substantially discounted pricing. An interactive webcast is scheduled for January 22 to explain the program and provide opportunity for Q&A. The special pricing is available during a purchase commitment window, January 1 through February 28, for: - SANS Securing The Human security awareness training, and - SANS NetWars interactive technical skills challenges An additional window will occur during June 1 - July 31, for: - SANS Securing The Human security awareness training, and - SANS OnDemand & GIAC, technical training & certification The SANS and REN-ISAC partnership creates economies of scale for purchasing at a significant (75% - 90%) discount during specific time frames (60-day windows of opportunity). The special pricing is available to staff, faculty, and undergraduate students...
January 4, 2013 | David A. Curry
Hello,

We're currently in the process of re-designing our wireless network to split it into a guest side and a "secure" side, add a guest management system, replace the captive portal sign-on with 802.1X authentication on the secure side, etc. As part of this project, we're also taking a look at our use of Network Access Control and thinking about what we're really trying to accomplish. At the moment, we use a "permanent agent" based NAC on PCs and Macs connecting to the wireless network, but the only policy we enforce is that the computer must have antivirus running with up-to-date signatures. If the connecting computer doesn't pass that check, we put it into a remediation VLAN.

Back when we first implemented NAC (this is the second product), requiring antivirus software was a major factor in keeping malware out of our network. But as we all know, it's not that simple anymore--just having antivirus isn't...
January 3, 2013 | Valerie M. Vogel
I’m re-posting this recent message from the CIO list since it may be of interest to members of this group.
Thank you,
Valerie
________________________________
 
Happy New Year!
 
Just 2 months ago the hurricane Sandy proved challenging in many ways. The storm had a significant impact upon campuses along the east coast.  Additionally the ability to stabilize campus IT services was hampered by the fact that Sandy left many IT staff, college staff & students and the surrounding communities scrambling for resources.
 
A session at the upcoming Mid-Atlantic Regional Conference has been scheduled to address emergency preparedness and response by sharing the stories from Sandy.
The intent of the session (http://bit.ly/RtoAHt ) is to collect the experiences from universities & colleges for...
January 3, 2013 | Listserv Anonymous User
Message from kerry.childe@tgslc.org

It’s also important to note that different states have different requirements for the content of a notification letter, so you probably want to check with your counsel’s office regarding whether your letter meets those requirements.

 

Kerry L. Childe, CIPP/US
Senior Privacy and Regulatory Counsel
TG
P.O. Box 83100
Round Rock, Texas 78683-3100
512.219.2921
800.252.9743 x 2921
kerry.childe@tgslc.org

 

ACC IT, Privacy, and eCommerce Committee Vice Chair

 

January 2, 2013 | Cathy Hubbs
Carlos,
The EDUCAUSE Security Guide has a great Data Incident Notification Toolkit available at https://wiki.internet2.edu/confluence/display/itsg2/Data+Incident+Notification+Toolkit

Section 2 discusses constructing a Data Notification letter and includes links to several University's samples.

Best wishes,

Cathy

Cathy Hubbs
Chief Information Security Officer
Office of Information Technology
American University




From:        Carlos Lobato <clobato@NMSU.EDU>
To:        SECURITY@LISTSERV.EDUCAUSE.EDU,
Date:        01/02/2013 01:39 PM
Subject:        [SECURITY] Sample Notification Letter to Affected Parties related to IT Data Breaches
Sent by:...
December 18, 2012 | David Grisham
TrustCC has done good work on main , north (health science Center) campuses and UNM hospitals. Cheers.-Grish David Grisham, PhD, CISM Manager, IT Security, UNMH, HSC >>> "Blair R. Bernhardt" 12/18/2012 3:01 PM >>> Does anyone have any recommendations for companies that do penetration testing? We are considering bringing in an outside company to do penetration testing on Lehigh's systems and network and would like someone with experience in the higher ed domain. Reply here or off-line if you prefer. Thanks. -- Blair R. Bernhardt, Ed.D. Security and Information Policy Officer Lehigh University
December 12, 2012 | Christopher Jones

Our anti-spam system has a rate control feature that begins throttling outbound messages on a per-user basis after more than 50 messages have been sent within a half hour period.  Fortunately, we are able to exempt specified mail lists and individuals so that larger volume mail-outs are not hampered.  We have found this this feature to be a good early warning that a user’s account may have been compromised.

 

 

IT Services will never ask you to divulge your login credentials or complete a form via email.  All such requests are illegitimate and should be ignored or deleted.

 

Regards

Christopher Jones

IT Security Analyst

Information Technology Services

...

December 11, 2012 | James Pardonek
We have a very segmented management approach to our NAC deployment.  We currently use Bradford Campus Manager.  Our Server Operations staff manage the policy creation, web pages, device whitelisting and most other daily tasks.  Our Network Services staff manages the network connectivity of the enforcement points, the helpdesk monitors the license counts and approves the connection of personal routers in the res halls, and the infosec team approves endpoint policy and device blacklists (for bad behavior).
 
I am thinking about making an effort to move most if not all of these responsibilities under one area.  My question is, where do all of these responsibilities rest at your institutions?
 
Thanks,
 
Jim
 
 
James Pardonek, CISSP, CEH
Information Security Officer
Loyola University Chicago...
December 12, 2012 | Christopher Jones

Our anti-spam system has a rate control feature that begins throttling outbound messages on a per-user basis after more than 50 messages have been sent within a half hour period.  Fortunately, we are able to exempt specified mail lists and individuals so that larger volume mail-outs are not hampered.  We have found this this feature to be a good early warning that a user’s account may have been compromised.

 

 

IT Services will never ask you to divulge your login credentials or complete a form via email.  All such requests are illegitimate and should be ignored or deleted.

 

Regards

Christopher Jones

IT Security Analyst

Information Technology Services

...

December 11, 2012 | James Pardonek
We have a very segmented management approach to our NAC deployment.  We currently use Bradford Campus Manager.  Our Server Operations staff manage the policy creation, web pages, device whitelisting and most other daily tasks.  Our Network Services staff manages the network connectivity of the enforcement points, the helpdesk monitors the license counts and approves the connection of personal routers in the res halls, and the infosec team approves endpoint policy and device blacklists (for bad behavior).
 
I am thinking about making an effort to move most if not all of these responsibilities under one area.  My question is, where do all of these responsibilities rest at your institutions?
 
Thanks,
 
Jim
 
 
James Pardonek, CISSP, CEH
Information Security Officer
Loyola University Chicago...
December 10, 2012 | Robert Yoka
Our institution has started having the discussion of whether or not we will allow students to use anti-virus software other than our corporate standard (McAfee).

Are other schools out there allowing students to use the AV programs of their choosing?  If so, what impact has it had on your help desk as far as support time/issues?  If not, are you allowing students to choose from a limited, pre-selected set of AV choices or forcing all of them to use one corporate standard AV program, enforced by a NAC solution?

Thanks,
--
Robert J. Yoka, CISSP
Information Security Administrator
Information Technology
York College of Pennsylvania
441 Country Club Road
York, PA 17403

Email: ryoka@ycp.edu
Voice: 717-815-1784
Cell: 717-577-0737

This information is...
December 3, 2012 | Richard Baker
We are wondering what other higher education institutions are doing with their functional accounts in active directory.  The functional accounts are for service purposes that we implemented 180 days password policy but service could break after the password expires - some are asking to enable "password never expires" (PNE) on these accounts.

Other question is if we enable PNE on accounts, how do you keep track of which accounts are being in use or not for "housekeeping" to keep our active directory clean?

Rick
November 28, 2012 | Mark Reboli

Has anyone dealt with an scenario whereby an employee that is required to live on campus (Resident Director) and thereby their spouse lives with them and both would like Internet access.  While the spouse is not an employee nor student and could not be considered a guest as they will be on campus for several months. Has anyone addressed this and/or how did you deal with the issue?

 

m

 

Mark Reboli

Network/Telecom/IT security Manager

Misericordia University

570-674-6753

 

November 19, 2012 | Listserv Anonymous User
Message from jtatum1@utk.edu

Does anyone know if the 360.cn website, or associated software is legitimate antivirus and antimalware?

 

I’ve noticed some odd traffic heading to qurl.f.360.cn on port 53.  They’re not DNS queries, but seems to be a large payload of encoded data.

 

Jeff Tatum

Network Admin III, Office of Information Technology

Communications: Network Services

 

The University of Tennessee

103D6 Kingston Pike Building 

2309 Kingston Pike

Knoxville, TN  37996

Phone: 865-974-7424

 

November 16, 2012 | Roger Safian
We have a limit the number of returns when looking up entries in our directory of twenty. We've had this limit, or something like it in place since we discovered fire. I always thought this was fairly typical. Recently we have been asked to justify that choice. As part of that, I'm wondering now, what do others do. Is this pretty common?
October 9, 2012 | Nicholas M. Tella
Sincerely, Nicholas M. Tella Information Security Manager Information Security Services (ISS) Johnson & Wales University Nicholas.Tella@jwu.edu 401-598-3030 Sent from my iPad
October 8, 2012 | Michael G. Carr

In late August, I developed a simple SurveyMonkey and asked a few questions about Private vs. Public IP Addresses (to see if any consistent thread could be gleaned.)  The responses follow:

 

 

 

 

 

 

 

Question 5 - If you have any College/Dept IT Mgrs, faculty or researchers who have insisted on keeping/maintaining public IP addresses, what were their reasons?

 

Other (responses)

 

...

October 8, 2012 | Gary Flynn
Anyone had problems with or used VMWare Fusion for SANS classes? I'm particularly interested in the SEC508 Metasploit class. thanks, -- Gary Flynn Security Engineer James Madison University
September 25, 2012 | Listserv Anonymous User
Message from markm196@netscape.net

I have posted an opening for a Security Analyst - Specialist.


This position will work with the University’s Information Security Officer in providing high-level security expertise and assisting in securing all aspects of the University’s IT environment.

  • Serve as an active part of the campus security team.
  • Work with the information security officer, system administrators and technology support center in knowledge transfer and incident response.
  • Actively respond to and report on abuse emails, phishing and other security events in a timely manner.
  • Utilize commercial auditing software...
September 20, 2012 | Michael Osterman
I'm currently investigating adding two-factor authentication for terminal services. It appears that there are products ready to go for Windows (http://www.duosecurity.com/docs/rdp), but I'm looking for something that would work for both Windows and Mac clients. The Mac Remote Desktop Client that comes with Office 2011 does not appear to support this capability. The terminal environment need not be Microsoft Terminal Services if it can support Mac clients as well. Does anyone know of such a product? I'm willing to hear from vendors _directly_ with the understanding that I am simply looking for ballpark pricing. Thank you, Mike Osterman IT Security Officer/ Deputy Director, Enterprise Technology Whitman College
September 7, 2012 | Petr R. Brym

The following is a message from the EDUCAUSE HEISC Marketing, Communications & Outreach Project Team

 

Have you ever considered having a speaker for National Cyber Security Awareness Month in October, or January's Data Privacy Month programs?  We have noted speakers within our academic community who are ready to speak to your needs related to IT security, policy and privacy. Topic range:  Policy, PCI-DSS, Forensics, Mobile Device Security, Malware, Governance, Security Programs, Awareness, State Privacy Laws, Identity Management, Shibboleth, PKI, Data Stewardship, Cloud Computing, US Cyber Challenge, Access Control, HIPAA, Business Continuity, SPAM, Bots, DNS, IPv6, Data Driven Approaches to Security, Cyber Crime, SCADA, CALEA, Lawful Intercept, Security Training Program, CISSP, and Safeguarding Research Data.  Check out the HEISC Speakers Bureau...

August 13, 2012 | Carlos S. Lobato

Hello Colleagues,

 

For those of you with an Information Security Function,  do you know of any good information security staffing metrics?  For example, 1 information security employee for 1000 FTEs, etc.  Also, if you have an Information Security function please let me know the name of your University and the number of current full time employees fully dedicated to Information Security.

 

Thanks in advance,

 

Carlos

 

Carlos S. Lobato, CISA, CIA

IT Compliance Officer

 

New Mexico State University

Information and Communication Technologies

MSC 3AT PO...

August 10, 2012 | Listserv Anonymous User
Message from daniel.bennett@pct.edu

Hello All,

 

I am currently working on developing our department’s 5 year strategic security plan and was wondering if anyone is willing to share what they feel their focus will be over the next 5 years in regards to their information security infrastructure.  I have some ideas but want to see what a broader community is working towards as well.

 

Thanks,

 

Daniel Bennett

IT Security Analyst

Adjunct Faculty

Vice-Chair North Central PA Members Alliance

 

Pennsylvania College of Technology

One College Ave

...

July 24, 2012 | David Seidl

Like many schools, we have have purchased Identity Finder for MacOS and Windows use, but we’re starting to hit parts of campus with a higher percentage of Linux systems as we remediate. Thus…

 

What’s your take on Linux friendly sensitive number (SSN, credit card) search tools? We’ve previously looked at Spider and we’ve run SENF, but it’s time to see if there are better tools out there with lower false positive rates, the potential to report centrally, or other useful enterprise style features.

 

Thanks!

 

David

 

David Seidl

Director of Information Security

Office of Information Technologies

University of Notre Dame

...
June 13, 2012 | Gary Flynn
Hi, We've gone without a PKI a long time because every use case that came up couldn't justify the outlay to stand up a PKI and alternatives were always found. Sometimes the concern over the operational costs and risks associated with failures overrode the perceived benefits. We're using Incommon for server certificates and plan to use them for user and code signing certificates. EFS certificates for the few places we implemented it were created on an ad-hoc basis and manually backed up. Once again, a use case has come up causing us to revisit the decision for a campus PKI. This time to support management of off-campus Windows computers through Microsoft's Direct Access feature. We currently manage almost all on-campus JMU owned Windows computers using SCCM/SUP and Secunia and would like to extend that to JMU owned computers off-campus. Given the Incommon services, I don't see a huge need for something on campus other than to handle machine certificates (for Direct Access and IPSEC...
May 29, 2012 | Beth Young
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greetings, I am trying to see if there is enough interest to hold a SANS LEG523 - Law of Data Security and Investigations class in October/November 2012. I have created a short (5 question) survey located: http://www.surveymonkey.com/s/YDYDJ96 Would you please take a moment to answer this survey. Please answer for yourself. If you believe others at your organization would be interested, please pass them the survey link. I took this class 3 years ago and I still reference the textbooks, especially the discussion about wiretap laws. There is something for just about everybody in this class -- Thinking about cloud security, you will need the section about contract law and e-discovery; run a sniffer or intrusion detection system, you should think about wiretap laws; do you have a computer forensics team, Day 4 is for you!...
May 24, 2012 | Randy Marchany
The VA Tech IT Security Office is advertising for 2 IT Security Analyst positions. The job description is at listings.jobs.vt.edu/applicants/Central?quickFind=195408. If you have any questions, feel free to contact me. Thanks.


-Randy Marchany
VA Tech IT Security Office and Lab

May 24, 2012 | James L. Mayne

Our Student Organizations group is looking to use single sign-on with OrgSync and a SAML 2.0 solution from SSO Easy was proposed. We currently do not have CAS or any SSO solution to offer them. Has anyone used SSO Easy and if so what are your impressions?

 

Thanks,

Jim

 

Group Leaders

University of Florida
University of Maryland, Baltimore
EDUCAUSE

Related to this Group...

Close
Close


EDUCAUSE Connect
View dates and locations

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

EDUCAUSE Institute
Leadership/Management Programs
Explore More

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.