Main Nav

Participate in this Group

Search This Group

November 7, 2013 | Brian Helman
There's an excellent description at and on this week's Security Now podcast. -Brian ________________________________________
November 7, 2013 | Roy D. Galang
HI All,

This may have been addressed before but I am being asked if providing a college ID number on our LDAP and other directory services is a security risk.

I’m feeling that it isn’t but I’m press to put a statement behind it that will put people at ease.


Roy Galang
Roy Galang
Director Technology Infrastructure
Library and Information Systems
Wheaton College
26 E. Main Street
Norton, MA 02766

November 6, 2013 | Omen Wild
Any thoughts on the FireEye devices? We have a chance to test one, but it would require some network ... rework ... to test optimally. Assuming they're awesome, does anyone have a business case they used to pitch it to management? I could use a head start. Thanks -- Omen Wild Security Administrator (530) 752-1700
November 6, 2013 | James H. Moore
Mentioning this seems like a shameless plug for a commercial entity, not mentioning would seem to hinder the spread of knowledge that so needs to be spread.  

I know that our student workers were delighted in adding significantly to their security library.

Elsevier has a $1 DRM-free eBook sale going on for a limited time (including Computer Security and Computer Science books, among others).  Some of the books included are "Digital Forensics with Open Source Tools" by Cory Altheide, and "Registry Forensics" by Harlan Carvey.  There are more general computer security books as well, including one CISSP study guide. 
November 5, 2013 | Dan Han
Good afternoon,

If your institution is using Google Apps, Office 365, or any other cloud based collaboration tools, how are the sharing options configured for these tools? Particularly, does your institution allow documents and files to be shared with the public without authentication? (e.g. Making a file publicly available or allow access to anyone with a link) 

If so, and feel free to ignore this part of the question, have you seen any sensitive information posted publicly, and how are you handling these potential incidents? Thank you.  

Dan Han
Virginia Commonwealth University

Dan Han
Virginia Commonwealth University

Sent from my mobile device

November 4, 2013 | James H. Moore
We were guided to Sumuri Paladin several months ago, and have been very pleased.  It mounts disks well read only, as well as, external drives for making forensic images.  I have even used it in an old PC in my lab, which had removable drive bays connected to SATA II connections, so that I didn't need a write blocker but could image at SATA speeds, rather than Firewire 800 or USB speeds.  But, when a system needs to be left in place, or the hard drive needs to be left in place, imaging to an encrypted USB hard drive or at times, over the network, is handy.  I like that it can boot both Intel Pcs and most Intel Macs.

When I went to their website, it sounds like they are coming out an Enterprise product which doesn't restrict their agent.  And a Mac forensic product.  I like this, I will be looking forward to what these products are like.  They seem to be a forensics vendor with vision.  Also from...
November 4, 2013 | Chirstopher Bohlk

Hello All,


I would like to see if anyone could share their experiences with setting up a FISMA compliant data center?  If you don’t wish to share this information to the list, you can contact me privately. 


I would be interested in finding out ballpark estimates of the price range that it cost to create a FISMA compliant data center including technical controls. 


I would also be interested to know the number of staff that were needed to support and maintain this infrastructure in your environment. 







Chris Bohlk, CISSP, C|EH...

November 1, 2013 | Allan Nelson



My institution is currently reviewing its firewall strategy with the aim of upgrading/replacing our current firewall infrastructure.   We are currently a Checkpoint shop, with devices providing both Advanced Networking and firewalling (UTM) capabilities.  We recently met with reps from Palo Alto and Fortinet and on the surface they both seem to provide viable, possibly even cheaper alternatives.   I just wanted to hear from the group of any experiences with Palo Alto and/or Fortinet to help us in our decision making.   We currently have a combination of CP 9075s, 5075s and 576s deployed at our main and satellite campuses.




Allan Nelson

Manager, Security and Governance


November 1, 2013 | Jane Drews

IT Security Architect and/or Sr. IT Security Analyst position now open at the University of Iowa in Iowa City, IA: 


As a member of the technical workgroup of the Information Security and Policy Office, an individual filling this position will assist with security services delivery and support, using a variety of skills in networking, system administration, user support, and security analysis.  This team of analysts is responsible to monitor the university data network, detect and respond to information security issues, perform security assessments, assist with educational programs, as well as share responsibility for tuning and management of the infrastructure providing our security services. 


Details and information for applying can be found at...

October 31, 2013 | Jodi-Ann Ito
Greetings everyone!

National Cyber Security Awareness Month (NCSAM) 2013 is wrapping up today. Here are 5 things we'd like to share about what's been happening this month and what's next.

1) Thank you and congratulations to you, the higher education community, for a very successful celebration of the 10th anniversary of NCSAM! We've enjoyed learning about the fun, creative activities and events taking place on your campus.

2) Over 190 institutions (our highest number in 10 years!) shared their plans with us during the month of October. See what events took place by visiting our NCSAM Resource Kit:

3) We had 100 higher ed institutions sign up as NCSAM Champions (twice as many as 2012). For a complete list, visit:
October 31, 2013 | Valerie M. Vogel
Greetings, The EDUCAUSE Security Professionals Conference will be held in St. Louis, MO, and online, May 6-8, 2014. The closing keynote speaker will be Charlie Miller (Security Engineer, Twitter). On behalf of the program committee, I invite you to submit a proposal to present on an information security, privacy, or IAM topic that would be of interest to this audience of higher education CISOs, CIOs, CPOs, and other security practitioners. You have two more weeks (until November 14) to submit your proposal. Providing a content-rich session as an individual or a team is a wonderful way to learn from each other as we share experiences, ideas, and information. Submit a proposal to share future directions, best practices, stories on successful collaborations, or solutions to community-wide issues of interest for this audience. Please let me know if you have any questions or would like to discuss this opportunity with me. Thank you, Valerie Valerie Vogel Program Manager...
October 30, 2013 | Joseph Lee

Hi, for those of you who have implemented password protected screen savers on teaching podium computers (i.e., mainly used by professors for purposes such as showing slides), what’s the amount of idle time before the password protected screen saver will come up? 


Similarly, for forced logoff on teaching podium computers, what’s the amount of idle time before forced logoff will take place?





IT Security Compliance Officer

Seneca College


October 29, 2013 | Listserv Anonymous User
Message from

Just wondering if any of you have or are looking into ISO 27001 for your campus? Is it worth going through? Have you used and outside firm to help you through the process? Thanks Russ Gordon College
October 25, 2013 | Roger Safian
We have been testing Duo as a multi-factor authentication solution for protecting services, such as PeopleSoft. We're looking at using Duo's Admin API to provision and de-provision users. Is anyone else using the Admin API? Would you be willing to share code and/or experiences with us? Thanks.
October 22, 2013 | Alex Jalso



I’m working on projects to implement an enterprise end point protection solution and selecting a vendor to provide credit protection in the event of an information security event.  If you have been involved in such a project would you share what were the project’s requirements, the selected vendor and any lessons learned?  Thanks.




Alex Jalso, PMP, CISM

Director, Information Security Services

Interim Director, PMO

One Waterfront Place Box 6500

Morgantown, WV 26506

p: 304-293-4457


October 18, 2013 | Beth Young
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 REN-ISAC and SANS are teaming up to target developers for National Cyber Security Awareness Month. In addition to end users, we believe developers need guidance and continuing education opportunities as they are a critical piece of the security puzzle. The REN-ISAC and SANS will host a webcast on Securing the Developer. Join us as we talk about how common application security flaws can be addressed through developer security awareness training. Date: October 28, 2013 Time: 11:00AM EST (8:00 PDT) Title: Web Application Security By Example Registration link: Organizations today rely on critical software systems to conduct business. It's these systems, however, that are often at the root of many headlines about data breaches and corporate hacks. Despite maturing software development processes...
October 18, 2013 | Listserv Anonymous User
Message from

We currently have two requests where content that is available only on my institution’s Intranet site (Sharepoint) require access from external parties.

The two cases are:

1. Institutional Policies which must be made available to student council representatives


2. Research collaboration with external parties.


I realize these are very different issues, but am wondering what some on the list are doing to facilitate similar requests.








October 18, 2013 | Josh Flaherty


We have been having an ongoing issue with the transfer of files large files across firewall contexts (Cisco FWSM).  We have identified the problem as the initial sequence number randomization feature of the FWSM being enabled.  The feature is causing a miss-alignment TCP sequence numbers that causes some software firewalls to block traffic and stall the transfers. 

The sequence number randomization is a legacy security feature that is enabled by default.  Most operating systems since around 2000 already do ISN randomization so we are discussing disabling the feature on all of our FWSM firewall contexts.

Has anyone else encountered this issue with a FWSM or any other firewalls?  If so was the solution to disable the sequence number randomization?


Josh Flaherty

Information Technology Security Officer


October 16, 2013 | Andrea Di Fabio

Apologies for the cross posting. We have been asked to incorporate mandatory training for the following which appears to be due by 12/1/2013. Our institution uses MOAT for mandatory security awareness training and we are considering placing training on MOAT as a required training for all current and new employees.


·         How is your institution addressing this training?

·         Is it mandatory for all employees?

·         Are you enforcing non-compliance and how?


Thanks for your feedback.

December 9, 2013 | David A. Curry


Looking to answer the "well, what do other schools do?" question here...

Do you allow remote access to Banner (or whatever system you use) for employees working from home, on the road, etc.? If so, how are you doing it -- VPN, VDI, Citrix or similar, LogMeIn/GoToMyPC, over the open Internet, etc.? And do you require any additional authentication (such as two-factor authentication)?

Do you have a reporting instance (Argos, Hyperion, etc.) attached to Banner (or whatever system you use)? If so, so you allow remote access to that, and if so, how (same questions as above)?






February 20, 2013 | Listserv Anonymous User
Message from

Has anyone else NOT received their email notification from EduCause about the security breach?  The only reason I found out about it yesterday is because my CIO was watching the chatter on the CIO list about the notification.  I get my security list discussions in digest form, so I had not seen the discussion here.  Anyone else peeved that they waited 14 days to (supposedly) notify everyone?  I’m not trying to stir up a  flaming discussion (although I probably have succeeded), I really am just curious as to the mood here.




Daniel H. Boyd (94C)
Senior Network Architect
Network Operations
Berry College
Phone: 706-236-1750
Fax:     706-238-5824

There are two rules to follow with your...

December 4, 2012 | Dick Jacobson

My understanding is that the Subject Alt Name (SAN) is designed for this scenario – multiple hosts on a single box (IP address ?) – and the wildcard was designed for multiple boxes.


We do use wildcard certs – very sparingly !


August 14, 2012 | Charles Scott
The Information Security Office at the University of Texas at Austin is looking for an Information Security Analyst to be part of our Risk Management team. This team performs network vulnerability assessments, application vulnerability assessments, and risk assessments for departments, colleges, schools, and research units on campus. It is primarily a technical position with a dash of policy/compliance/awareness work. Additional information can be found here: Thank you, Charlie -- Charlie Scott, CISSP, GSEC, GCIH, GWAPT Information Security Office The University of Texas at Austin 512-475-9482 "Securus * Vigilare * Insanus"
July 31, 2012 | Benjamin Parker

Hello Everyone,

Reading through the news, I saw that at Defcon MSCHAPv2  has been effectively compromised. This includes the use of it in WPA2 connections to radius servers for authentication.  Per the article, the current recommendation for enterprise wireless deployments is to move to using client certificates for authentication.


It seems that using client certificates for authentication will be difficult for many schools because of the issue of publishing and distributing certificates to user on their multitudes of different devices. Does anyone have any good thoughts or recommendations on migrating to certificate based authentication with the  proliferation of students owned...

June 22, 2012 | Listserv Anonymous User
Message from

Seems like a lot of folks fall on one side of the fence or the other;

Side 1;   Do not have it - do not technically feel the need for it .
Side 2 -  Have it deployed and are using it .

Just wondering if you;

1. Have it?  or feel it is warranted?
2. What product  are you using ?  
3. Would you recommend the solution you are using?
4. Any performance impact ?

Thank you.

Jim Furstenberg |IT Security Analyst  

"In God we trust, all others bring data."    W. Edward Demmings
Ferris State University
330 Oak St  | Big Rapids, MI 49307
Office: 231.591.5335
Mobile: 231.645.5821
EFax: 888.396.6269
June 1, 2012 | Listserv Anonymous User
Message from

I was just reading EFF's chart about how different companies handle requests for users' data and I got to wondering: Does any educational institution commit in their Privacy Policy to notify users of legal demands for their data (unless required otherwise by law)? I mean Policy with a capital "P". I know some institutions take that approach in practice, but I'm actually wondering if anyone has formalized that practice in written Policy. Thanks, Dave -- David Millar Consultant Massachusetts Institute of Technology IS&T | Operations & Infrastructure | IT Security www....
March 30, 2012 | Doug Markiewicz
Hey all, Curious what others are currently doing for PCI DSS training. Did you purchase something or are did you build your own? If home grown, is your training online or in-person taining? If purchased, what solution did you go with and are you happy with it? Thanks, Doug
January 30, 2012 | Tim Doty
It would appear that Larry Page and Mark Zuckerberg were right on a scale I didn't realize: people as a whole don't place any value on privacy, even in the information security realm. I've ordered items from Amazon and thus have an account there. But their information on me is not complete, lacking (for example) any connection with information security. Were I to download this book that would be an additional item in their database about me. The reason I'm posting isn't to claim that the price is excessive, that Amazon is evil, that the book should not have been made available in this fashion, or anything of the sort. What I'm trying to point out is that people are making decisions based on value judgements whether they realize this or not. There is a difference between something being public and it being correlated. What that difference amounts to is a personal evaluation in a particular context. And it doesn't have to be as distinct of a correlation as my case for it to have...
June 7, 2013 | Kevin Halgren
For those of you already using Google or Microsoft cloud e-mail solutions, I'll be curious to hear the reactions on your campuses to this news. I believe the tech companies are telling the truth when they say they don't provide direct backdoor access into their systems and that the PRISM presentation may overstate the cooperation and capabilities of the system, however that doesn't preclude the government from abusing existing systems and capabilities e.g. those under CALEA lawful intercept capabilities. Kevin -- Kevin Halgren Assistant Director - Systems and Network Services Washburn University (785) 670-2341
April 11, 2013 | John Ladwig
Not sure about this particular technology, but you describe the general problem I have with most biometric authentication proposals that involve untrusted processing pathways. -jml
June 11, 2012 | James Pardonek
I'm looking for some policies/opinions on how some other universities treat guest access to their networks.  We are in the process of reconfiguring the network in our school of nursing and the staff there is requesting open guest access w/o authentication.
James Pardonek, CISSP, CEH
Information Security Officer
Loyola University Chicago 
1032 W. Sheridan Road | Chicago, IL  60660

: (773) 508-6086
March 29, 2012 | David Seidl
Folks, I'm curious if you currently require all or most of your IT staff to sign a confidentiality agreement at hire on a recurring basis, and if so, what your reasons for doing so are. We've had one in place for new hires for years, and our business staff has asked if we can dispense with it as a general requirement for all IT staff. I've done a bit of review, and can't find a direct requirement to point to for people who don't have direct compliance related assignments. Thanks in advance for your feedback and comments! David David Seidl, CISSP, GCIH, GPEN Director of Information Security Office of Information Technologies University of Notre Dame Notre Dame, IN 46556 (574) 631-7305
March 14, 2012 | Christopher Jones

We have a situation where we need to set up temporary wireless access for 140 guests.  This access will be limited to Internet only.   If it were just one or two people, we would simply create a network account for them.  For obvious reasons, we don’t want to do that for such a large number of temporary users.  Has anyone faced a similar issue and come up with a workable solution?  I would appreciate hearing from you.  Thanks.



Christopher Jones

IT Security Administrator

Information Technology Services

University of the Fraser Valley

33844 King Road

Abbotsford, B.C.  V2S 7M8



February 8, 2012 | Mark Reboli

Has anyone received a letter from the US DOJ regarding the above case? 


Mark Reboli

Network/Telecom/IT security Manager

Misericordia University



February 7, 2012 | Listserv Anonymous User
Message from

Hello, Does anyone here have any recommendations for tools (preferably open-source) that will scan web-servers for vulnerable application frameworks + plug-ins? Stuff like looking for out-of-date Drupal, Joomla, etc. Obviously I can find some of these tools with Google on my own, just curious if anyone has any positive experience with any in particular. Thanks! -- -~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~ Michael Sheinberg Network Security Administrator, CETS School of Engineering and Applied Science -~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~
January 31, 2012 | Listserv Anonymous User
Message from

We are upgrading our core routers, and I've been wading thrpough vendor bumf ... It seems that routers generally support stateless firewalling (ingress/egress filters, port blocking) at full line rate as part of the default configuration. Then you can layer stateful protocol-aware firewalling on top of that for more money, at reduced bandwidth. And then again, deep inspection, antivirus and app tracking for yet more money and yet less bandwidth. I'm wondering what the ROI is for installing these products, apart from what the vendors tell us. I'm a bit wary of sinking a lot of time and money into a digital Maginot Line, in an academic environment where we can't easily categorize network connections into good and bad. I'm more in favour of hardening sensitive assets close in. What experience do others have of deploying firewall products like Cisco ASA 5000's or Juniper SRX ? Do you see a big dropoff in downtime and trouble...
January 5, 2012 | Listserv Anonymous User
Message from

Greetings all,


We have been reviewing our current process for logging Internet use of students/faculty/staff.  One aspect we’ve been debating is how long to store the firewall logs for Internet use of our users.  This includes building and teardown of connections, as well as NAT translation records.  Our perimeter firewall generates a copious amount of logs per day and we are trying to determine how long “long enough” is.


Would anyone be willing to share their input as to how long they store this type of information.  Any and all input is greatly appreciated.


Thank You,


Andy Hoggatt

Ozarks Technical Community College...

December 9, 2013 | Michael Kenney

We’ve been getting these notifications pretty much on a daily basis and trying to find the problem is like finding a needle in a haystack.


Anyone happen to have a short term solution that could help find the infected computer(s) such as traffic patterns that are being sent to Google? Also a long term solution possibly an anti-malware appliance such as FireEye that could help protect against these types of threats that our Sonicwall IPS cannot? We have a Snort server, but that is more reactive than proactive and there are just too many.






December 6, 2013 | Listserv Anonymous User
Message from

We are thinking about creating a login process where user's pick a picture and/or word before getting a password entry box.[1] The main driver is to prevent phishers from copying our "static" login pages. The process would go something like.... 0) Training, Training, Training...and other carbon based life form user issues...... :) 1) User gets to our login page 2) User enters login ID 3) login process retrieves user's picture and word choice 4) login process displays user's picture with 8 (or 11) others randomly 5) User selects their picture 6) If correct, login process displays user's word with 8 (or 11) others 7) If correct, login process give user a password text box to finish authenticating. (Yes, a phisher could duplicate the pictures and words and disregard what the user the user would always get to the password box, but our current thoughts is that it would take to much "work" for them to...

Group Leaders

University of Florida
University of Maryland, Baltimore

Related to this Group...


View dates and locations

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.


EDUCAUSE Institute
Leadership/Management Programs
Explore More

Career Center

Leadership and Management Programs

EDUCAUSE Institute
Project Management



Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.


EDUCAUSE organizes its efforts around three IT Focus Areas



Join These Programs If Your Focus Is


Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.



2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations

Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.