Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Risks of File Transfer on a Fully Switched Network

From: Gary Dobbins <dobbins () ND EDU>
Date: Wed, 30 Nov 2005 10:45:15 -0500
For all the reasons the other respondents have pointed out, you may want to
choose to simply expect the campus net is just as potentially hostile as
any cyber cafe, harden the endpoint machines, and use only encrypted
transmission for sensitive data as a matter of policy.

Then, permit variance from that default policy only by deliberate choice,
and in the presence of sufficient local compensatory controls, such as
within a managed datacenter.


Sadler, Connie wrote:


I am being told that the risk of transferring sensitive files over our
InTRAnet is so low that we should not require encryption for these
internal file transfers. Transferring over the Internet in the clear is
clearly a problem, but are others willing to share your position on the
transmission of sensitive data in the clear internally (assuming a fully
switched network)??

Thanks...

Connie J. Sadler, CM, CISSP, CISM, GIAC GSLC
Director, IT Security, Brown University
Box 1885, Providence, RI 02912
Connie_Sadler () Brown edu
Office: 401-863-7266
PGP Key: _http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x91E38EFB_
<http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x91E38EFB>
_http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x91E38EFB_
<http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x91E38EFB>
PGP Fingerprint: DA5F ED84 06D7 1635 4BC7 560D 9A07 80BA 91E3 8EFB




--

  ------------------------------------------------------------
  Gary Dobbins, CISSP -- Director, Information Security
  University of Notre Dame, Office of Information Technologies
Previous By Date Next
Previous By Thread Next

Current thread: