Scott Granneman, 2004-09-15
Academic institutions who have to add, manage, and secure thousands of new users within a period of just a few days face political and social issues on top of the immense technical ones.
Colapse all |
Post comment
Academia Headaches
2004-09-15
Anonymous (1 replies)
Anonymous (1 replies)
Academia Headaches
2004-09-25
Anonymous
Anonymous
We do something similar at the University I work for. We have a way to quar. machines causing problems. If their weekly bandwidth usage (upstream) exceeds 8 gigs they are disabled, and via some DNS redirection system they are redirected to a page explaining what happened and how long they will hav...
[ more ] [ reply ]
[ more ] [ reply ]
Academia Headaches
2004-09-16
Billy
Billy
Good points on all accounts. I agree with the last statement of a requirement to go through a class/test before a student can start. I know of some intuitions that have a policy in place to patch/audit each students computer before it is attached to the network. Cumbersome yes but it does get rid ...
[ more ] [ reply ]
[ more ] [ reply ]
Academia Headaches
2004-09-16
Anonymous
Anonymous
First of all, I would encourage those Perl scripts to be licensed under some form of Open Source license. I would, in fact, love to see them myself.
Second, I like the idea of a mandatory class in "computer literacy" - and not how to use a keyboard or mouse, or do 27 simple things with Windows. ...
[ more ] [ reply ]
Second, I like the idea of a mandatory class in "computer literacy" - and not how to use a keyboard or mouse, or do 27 simple things with Windows. ...
[ more ] [ reply ]
Academia Headaches
2004-09-16
Corporate Security Engineer
Corporate Security Engineer
Having spent work-study hours as the student manager for a computer lab at a private college in the mid 90's, I can empathize with their situation. I think the integration of an Information Security Awareness (or some such) class is a fantastic idea. Target the class at high-level principles, and ...
[ more ] [ reply ]
[ more ] [ reply ]
Academia Headaches
2004-09-16
Travis Barlow
Travis Barlow
Great article and valid points!
As a Manager of Infrastructure Security for a small Canadian University, I agree that this time of year is very difficult with many security related challenges that others do not have.
I would like to take a look at the scripts mentioned above.
Best Regards, ...
[ more ] [ reply ]
As a Manager of Infrastructure Security for a small Canadian University, I agree that this time of year is very difficult with many security related challenges that others do not have.
I would like to take a look at the scripts mentioned above.
Best Regards, ...
[ more ] [ reply ]
Academia Headaches, Good Article
2004-09-16
Dave
Dave
Several years ago I left a small private university IT position for just the reasons you suggest. Most of the administrative and academic staff did not understand the nature of the problem or wanted to. They just wanted it to work with no responsibility for having it work. Even people within the IT ...
[ more ] [ reply ]
[ more ] [ reply ]
Academia Headaches
2004-09-16
Erik Norgaard (1 replies)
Erik Norgaard (1 replies)
The ability to proactively scan network for 0wned hosts and block these automatically will be a great gain for any administrator.
Usually I discover these because the virus also sends a copy to the admin, but the response time is often hours, rather than minutes.
It would be interesting to kn...
[ more ] [ reply ]
Usually I discover these because the virus also sends a copy to the admin, but the response time is often hours, rather than minutes.
It would be interesting to kn...
[ more ] [ reply ]
Academia Headaches
2004-09-16
Anonymous
Anonymous
I like the part about something on the wire checking for things. It sounds similar to an in-line IPS.
I am part of a fairly large university. The way we do our stuff. Every time someone tries to get into the network, wireless or wired, the computer is scanned with Nessus to check if it is vulnerab...
[ more ] [ reply ]
I am part of a fairly large university. The way we do our stuff. Every time someone tries to get into the network, wireless or wired, the computer is scanned with Nessus to check if it is vulnerab...
[ more ] [ reply ]
Academia Headaches
2004-09-16
Anonymous
Anonymous
The paragraph about faculty and their apathy towards proper PC usage hit home for me. I work for a large company (outside of academia) and am currently involved in a project that includes determining what level of access end users will have with their machines (our largest problem is spyware at thi...
[ more ] [ reply ]
[ more ] [ reply ]
Academia Headaches
2004-09-16
Anonymous (3 replies)
Anonymous (3 replies)
Mandatory computer classes? As a former student from the dorms, and having spent nearly four years at a helpdesk--this is insane, utter nonsense.
First, many people will never even grasp the basics, and if they do--they won't take the time to actually monitor them. Once the AV scanner and firew...
[ more ] [ reply ]
First, many people will never even grasp the basics, and if they do--they won't take the time to actually monitor them. Once the AV scanner and firew...
[ more ] [ reply ]
Academia Headaches
2004-09-17
Erik Norgaard
Erik Norgaard
You can't really blame your users getting virus, spyware or other stuff if you have done nothing to warn them about it. A basic course should cover how to install and update the virus scanner, what to do when zone alarm shows an alert etc. When things go wrong - and they do - the user can't say "but...
[ more ] [ reply ]
[ more ] [ reply ]
grow up
2004-09-17
Anonymous (1 replies)
Anonymous (1 replies)
That is exactly the way I was thinking three years ago. But in the meantime, I grow up and realized that it is impossible to solve all security related problems with the help of technical solutions only. I hope you are not working in the security field as short-minded people like you are one of the ...
[ more ] [ reply ]
[ more ] [ reply ]
grow up
2004-09-17
Erik Norgaard (3 replies)
Erik Norgaard (3 replies)
First: I think it would be appropriate that you grew up and learned a decent language, I have a hard time understanding your need to explicitly attempt to offend people.
Secondly: I believe that you are confusing the word incompetent with lack of resources. Faculty IT-staff are actually usually q...
[ more ] [ reply ]
Secondly: I believe that you are confusing the word incompetent with lack of resources. Faculty IT-staff are actually usually q...
[ more ] [ reply ]
grow up
2004-09-19
Original Anonymous In SubThread
Original Anonymous In SubThread
As the party who wrote: "Mandatory computer classes? As a former student from..." I state that I am not the person who wrote:
"I know who the misguided idiot is."
*sigh* I'm going to have to start publishing temporary GPG keys with anonymous posts to keep my anonymous separate from other anon...
[ more ] [ reply ]
"I know who the misguided idiot is."
*sigh* I'm going to have to start publishing temporary GPG keys with anonymous posts to keep my anonymous separate from other anon...
[ more ] [ reply ]
grow up
2004-09-20
Wremes (1 replies)
Wremes (1 replies)
First :
the corporate example tells me they don't adher to the Defense in Depth principles, Antivirus, IDS and systems patching should be combined to fight off these threats) and there is no policy for laptops returning from abroad.
Secondly :
Why don't universities implement thin client solut...
[ more ] [ reply ]
the corporate example tells me they don't adher to the Defense in Depth principles, Antivirus, IDS and systems patching should be combined to fight off these threats) and there is no policy for laptops returning from abroad.
Secondly :
Why don't universities implement thin client solut...
[ more ] [ reply ]
Why don't universities...
2004-09-21
Erik Norgaard
Erik Norgaard
On your second point: Students are not a big uniform group with the same needs. There is a huge number of special purpose applications which are used in various fields, and keeping track of licences is difficult.
Also, it may be difficult to get a campus licence that takes into account that most...
[ more ] [ reply ]
Also, it may be difficult to get a campus licence that takes into account that most...
[ more ] [ reply ]
grow up
2004-09-20
Anonymous (1 replies)
Anonymous (1 replies)
As you may already have noticed, I didn't send it to you. I just responded to the previous post. It was he that called people misguided idiots. I only used some of his own words. Bad, I know...
And yes, I'm not a native English speaker. ...
[ more ] [ reply ]
And yes, I'm not a native English speaker. ...
[ more ] [ reply ]
grow up
2004-09-22
Orig Anonymous (1 replies)
Orig Anonymous (1 replies)
"It's your network--you protect it. 'Cause I can't stand hearing another lecture from some misguided idiot on how to use McAfee and not open attachments. At least *my* SMTP server authenticated its users and didn't have relaying enabled..."
As you may or may not have realized--network admins and ...
[ more ] [ reply ]
As you may or may not have realized--network admins and ...
[ more ] [ reply ]
Real world
2004-09-23
Erik Norgaard
Erik Norgaard
"In the 'real' or corporate world sure these problems exist. But that doesn't make them...something to be accepted. Loss of security begins with compromise of best practices for ease of use or efficiency. That's the only problem I can think of that technology is incapable of addressing."
I'd aggr...
[ more ] [ reply ]
I'd aggr...
[ more ] [ reply ]
Academia Headaches
2004-09-22
A new anonymous (1 replies)
A new anonymous (1 replies)
As someone who's done information security work in academia, government, and different sizes of corporations, the most important thing I've learned is this: Throw everything you've got at it. The professional term for this is "defense in depth."
Security awareness training is one of the most va...
[ more ] [ reply ]
Security awareness training is one of the most va...
[ more ] [ reply ]
Academia Headaches
2004-09-23
Orgiginal Anonymous
Orgiginal Anonymous
A new anonymous wrote: "Two of the most intractable problems with security in any large organization are lack of resources and counterproductive user behavior. A "computer user good behavior" class would address the latter while leveraging standard academic resources to reduce the impact of the form...
[ more ] [ reply ]
[ more ] [ reply ]
Special Thanks
2004-09-17
Anonymous
Anonymous
It was nice to read this article. I am the only one in my office that knows how to cut and paste so when it comes to security that is the last thought on the staff's minds. Therefore I have been the self appointed IT department. I have had to incorporate new technologies which also means more securi...
[ more ] [ reply ]
[ more ] [ reply ]
Culture of infosec responsibility
2004-09-17
Anonymous (1 replies)
Anonymous (1 replies)
In answer to the question of how to promote infosec awareness by faculty, there is a simple solution.
It's clear that the faculty need and want admin rights, but those right need to be revoked unless and until faculty:
1. Receive infosec training provided by IT
2. Receive administration policie...
[ more ] [ reply ]
It's clear that the faculty need and want admin rights, but those right need to be revoked unless and until faculty:
1. Receive infosec training provided by IT
2. Receive administration policie...
[ more ] [ reply ]
Have you ever worked with college faculty?
2004-09-17
Foo
Foo
I have, in minor roles, and I can tell you that your suggestions probably wouldn't fly at most schools. You have to understand that many (not all, but many) college professors have the following attitudes:
- They're extremely knowledgable about some specific field, therefore they feel they're sm...
[ more ] [ reply ]
- They're extremely knowledgable about some specific field, therefore they feel they're sm...
[ more ] [ reply ]
Academia Headaches
2004-09-17
enforcer
enforcer
I'm not convinced about the "scanning" approach. I consult for several universtities and I've found that most new students have XP and SP2 installed on the machines anyway and as a result are firewalled. I may be able to detect strange network traffic but scanning the machine is not a real possibi...
[ more ] [ reply ]
[ more ] [ reply ]
another vote for open-sourcing the perl code
2004-09-17
Anonymous (1 replies)
Anonymous (1 replies)
I would really like to get my hands on the perl script your friend describes, Scott. I work for an organization that manages the external network connections for a number of universities, and this could come in very handy for us....
[ more ] [ reply ]
[ more ] [ reply ]
another vote for open-sourcing the perl code
2004-09-18
Anonymous (1 replies)
Anonymous (1 replies)
another vote for open-sourcing the perl code
2004-09-21
James (1 replies)
James (1 replies)
Academia Headaches
2004-09-17
C. Wilson
C. Wilson
I work in IT security at a /16 .edu and would most certainly like to see the scripts. We use nessus, nmap, and a few other tools here and there, and I'm in the process of trying to automate some log grepping and analysis with regards to compromised/vulnerable machines. It would be helpful to get the...
[ more ] [ reply ]
[ more ] [ reply ]
Academia Headaches
2004-09-18
Anonymous
Anonymous
I, too, would like to see that script.
Now, on to the comment:
I think the descriptions of the students/faculty regarding their machines is pretty accurate of all users. They don't know and don't care.
Even the CS professors are a little ignorant of computer security. This is illustrated by m...
[ more ] [ reply ]
Now, on to the comment:
I think the descriptions of the students/faculty regarding their machines is pretty accurate of all users. They don't know and don't care.
Even the CS professors are a little ignorant of computer security. This is illustrated by m...
[ more ] [ reply ]
Been done @ UF
2004-09-20
a student (2 replies)
a student (2 replies)
First, do your research!
The University of Florida Division of Housing has implemented a much more advanced system for some time now. It's called ICARUS. Full control of every layer, 1-7. 110Mbit to UFcore, VMPS, MAC based regisration, IDS/IPS, p2p protocol detection and control (even encrypted was...
[ more ] [ reply ]
The University of Florida Division of Housing has implemented a much more advanced system for some time now. It's called ICARUS. Full control of every layer, 1-7. 110Mbit to UFcore, VMPS, MAC based regisration, IDS/IPS, p2p protocol detection and control (even encrypted was...
[ more ] [ reply ]
Been done @ UF - and doesn't work???!!!?
2004-09-21
Anonymous
Anonymous
hmm googling turns up articles which suggest that Icarus mostly blocks people's legitimate internet use and some p2p traffic (which could also be legitimate internet use e.g. bittorrent to get Fedora ISOs.) and disables internet access which students have actually paid for themselves. Probably Ica...
[ more ] [ reply ]
[ more ] [ reply ]
Been done @ UF
2004-09-22
Anonymous (1 replies)
Anonymous (1 replies)
Aware of the work at UF, however,
can't find evidence of open sharing
of the tool with other univs.
If you know different, please share.
thanks!...
[ more ] [ reply ]
can't find evidence of open sharing
of the tool with other univs.
If you know different, please share.
thanks!...
[ more ] [ reply ]
UF stepped in
2004-09-22
student
student
http://www.dhnet.ufl.edu/forums/viewtopic.php?t=197
"It's probably not going to be. The powers that be decided that we couldn't just do it. If we are able to release it, it won't be real soon."
"There has certainly been interest. Subjugation of the masses is basically every university it admin...
[ more ] [ reply ]
"It's probably not going to be. The powers that be decided that we couldn't just do it. If we are able to release it, it won't be real soon."
"There has certainly been interest. Subjugation of the masses is basically every university it admin...
[ more ] [ reply ]
UF ICARUS
2004-09-20
uf student
uf student
http://energycommerce.house.gov/108/Hearings/05062004hearing
1264/Dunkel1974.htm
"pulls information from commercial and open-source tools used to monitor the network and spots traffic patterns that look like P2P transfers."
"Before it was turned on, there were as many as 3,500 simultaneous viol...
[ more ] [ reply ]
1264/Dunkel1974.htm
"pulls information from commercial and open-source tools used to monitor the network and spots traffic patterns that look like P2P transfers."
"Before it was turned on, there were as many as 3,500 simultaneous viol...
[ more ] [ reply ]
Macintosh perspective?
2004-09-20
Anonymous (2 replies)
Anonymous (2 replies)
The article and (so far) all the comments focus on the Windows world where viruses and spyware are every day occurances. But what about colleges that are mostly Mac oriented? Do their IT staff have to deal with security issues too?
It seems to me that colleges could reduce their IT headache if th...
[ more ] [ reply ]
It seems to me that colleges could reduce their IT headache if th...
[ more ] [ reply ]
Academia Headaches
2004-09-22
Anonymous
Anonymous
Great Article, nice to see that we are not the only ones struggling for solutions.
Extra hardware is nice if you got the cash, manpower is always short, and you get a mix of students from the hardcore hackers to the guy who barely knows how to open a file (let alone patch the computer).
Soluti...
[ more ] [ reply ]
Extra hardware is nice if you got the cash, manpower is always short, and you get a mix of students from the hardcore hackers to the guy who barely knows how to open a file (let alone patch the computer).
Soluti...
[ more ] [ reply ]
Academia Headaches
2004-09-22
Anonymous
Anonymous
I agree you should open source the scripts, but be carefull. As a sysadmin at the University of Arizona I know there can be problems with that. Legally the University owns the scripts, since they were written for the school and you were paid to do it. We have had problems with that, we need to go...
[ more ] [ reply ]
[ more ] [ reply ]
Cyber Security with Absolute Certainty
2004-09-22
Dennis Meharchand (1 replies)
Dennis Meharchand (1 replies)
Solutions are available for those that want it. Canadian Colleges are leading the way with both La Cite Colege of Ottawa and Mohawk College of Hamilton using the Valt.X Cyber Secure Hard Drive Adapters - devices which secure and instantly clean and recover computers from any malicious attack instant...
[ more ] [ reply ]
[ more ] [ reply ]
resources Re: Academia Headaches
2004-09-23
Internet2 SALSA Chair..
Internet2 SALSA Chair..
Scott,
Might I request that while preparing for future articles on academia that you consider consulting some of the available resources and collaborative materials by and for academia, and perhaps include some of these references in your articles. In particular, the security efforts of EduCause...
[ more ] [ reply ]
Might I request that while preparing for future articles on academia that you consider consulting some of the available resources and collaborative materials by and for academia, and perhaps include some of these references in your articles. In particular, the security efforts of EduCause...
[ more ] [ reply ]
Security Trainer, Penn State
2004-09-23
Ken Layng
Ken Layng
This notion of parents not being supportive of shutting a users access is an interesting one, and one that we are faced with at Penn State. However, I must say (and I'm a parent too) that I am more concerned about how one student's irresponsibility can effect so many other parent's kids ability to ...
[ more ] [ reply ]
[ more ] [ reply ]
Academia Headaches
2004-09-24
Insider
Insider
After working for a while in a IT department at a college in a medium size university I have concluded that most of the people make decisions at the top should not be the one running the show. They do what they think is right (not right for the university as a whole). The problems in dorms will alwa...
[ more ] [ reply ]
[ more ] [ reply ]
[ more ] [ reply ]