Re: How do you handle students who attempt to exploit internal resources?

[Samuel Young <syoung () LASIERRA EDU>]

We have a computer and network usage that the students agree when they
signup for their logon.  The agreement allows us to shut the network off.
The insistence is also referred to our Student Life.  After three offences
the student's access is removed.

Sam Young
CIO
La Sierra University

-----Original Message-----
From: Willis Marti [mailto:wmarti () TAMU EDU]
Sent: Sunday, November 12, 2006 5:01 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] How do you handle students who attempt to exploit
internal resources?

> Recently we had an adventurous student who decided that he would try
> some common web based exploits against our intranet website (which is
> available on the internet). He came to us and informed us what he found.
> Through the conversation, it was revealed that this action was
> intentional.
>
> He was let off knowing that we had other options but were not going to
> pursue them. That was with the understanding that he would not continue
> his activities.
>
> Well, activities, though different now, continue. These second
> activities apparently caused an outage of a public website.
>
> How are these type of situations handled at your university?

Like you, first time would have been stern lecture plus pointing out
illegal nature (depending on State law) or rules violations. Second time
is referral to Student Judicial Services. Depending on exact
circumstances (e.g., was it a third party's web site), explanation to the
affected web site.

 Willis Marti
 Associate Director for Networking
 Computing & Information Services
 Texas A&M University