Re: IHEs & NATIONAL STRATEGY: Single Point-Of-Contact

[Gary Flynn <flynngn () JMU EDU>]

Rodney Petersen wrote:
> One of the recommendations in the "National Strategy To Secure
> Cyberspace" (www.securecyberspace.gov) is that "each college and
> university should consider establishing a point-of-contact, reachable at
> all times, to Internet service providers (ISPs) and law enforcement
> officials in the event that the school's IT systems are discovered to be
> launching cyber attacks."
>
> Is this a good idea?

Sure. But the ISPs should reciprocate :)

> How could it be implemented across higher education?

Most places have something equivalent to abuse () org edu.

However if real-time response is desired a problem develops.
Many places don't have IT phones manned 24x7. On the other
hand, they do have campus law enforcement available 24x7.
Initial contact could be made through campus law enforcement
who could have a call-down list to contact the appropriate
IT folks. This would have to be a list of people or a
pointer to whomever is currently on call. A single person
is unrealistic.

> What are obstacles or challenges for moving forward with this
> recommendation?

Calls in the middle of the night because someone's personal
firewall told them they were undergoing a "hacking attack"
when in reality they only got scanned for peer sharing or
net game ports because they received an IP address previously
used by a computer running such software.

Calls in the middle of the night complaining about spreading
Klez and similar viruses.

Calls in the middle of the night because a student's computer
was infected with Nimda or similar worm.

In other words, some type of triage would have to be performed.

--
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/memdir/cg/.