Re: Campus VPN Services

["H. Morrow Long" <morrow.long () YALE EDU>]

It bought us a little time, though not much.

We escaped the original manual nonworm (but automated) attacks week.
We were hit by Stealther, then by Blaster and Nachi was delayed by a
day or so.

In almost all cases netflow showed that the initial vectors for the
infections within the Yale network were PPP & VPN users (though we are
now seeing early returning grad students bringing in infected
notebook PCs and plugging them in).

Morrow

Mark Poepping wrote:
> Since you had this setup in place, did you escape the recent rpc (or Nachi)
> stuff?
> Mark.
>
>
> > -----Original Message-----
> > From: The EDUCAUSE Security Discussion Group Listserv
> > [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of H. Morrow Long
> > Sent: Thursday, August 21, 2003 10:41 PM
> > To: SECURITY () LISTSERV EDUCAUSE EDU
> > Subject: Re: [SECURITY] Campus VPN Services
> >
> > We're also using brand 'C' VPN concentrators.
> >
> > We've had one production, plus one spare/test unit on our network
> > since 2001 (we had the original units before they had the brand
> > 'C' logo on them).  One of the main reasons that we put the first
> > unit into production was to allow users to connect to disk shares
> > after we put in the NetBIOS block (on Jan 1, 2001).  We'd had the
> > unit up for testing for the last six months of 2000.  Now many
> > use the unit to access computers which are on private networks
> > and/or otherwise blocked from direct login from the Internet -- as
> > well as the ability to use our email servers from their home or
> > on the road connection without getting a 'relaying denied' error
> > from our SMTP servers.
> >
> > Some users also use it for the ability to access IP address restricted
> > on campus websites and similar resources (although they could also use
> > an authenticated proxy service we provide for that instead).
> >
> > Recently the Medical School has purchased one (plus spare/test unit)
> > and the independent plus hospital their own (which some of our
> > doctors use so it 'falls back' to authenticate against our RADIUS
> > servers also).
> >
> > We've had almost 250 users (clients) on the original production unit
> > during the large snowstorm in the northeast in the winter of this year
> > when a large number of employees apparently decided to work from home
> > (telecommute).
> >
> > - H. Morrow Long, CISSP
> >   Director - Information Security Office
> >   Yale University, ITS
> >
> > **********
> > Participation and subscription information for this EDUCAUSE Discussion
> > Group discussion list can be found at http://www.educause.edu/cg/.
>
>
> **********
> Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
> http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.