Educause Security Discussion mailing list archives

Re: policy question?

From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Fri, 29 Oct 2010 12:07:25 -0400

On Fri, 29 Oct 2010 09:34:55 MDT, "SCHALIP, MICHAEL" said:

Do you enforce the "you must be this tall..." strictly through policy, or
through technology?....NAC?  Something else?


Mostly policy, with the occasional reminder that failures are your own problem
(see below). We also distribute a free 'VTNet' CD (components also available
online), which will automatically install A/V software and do most of the
security hardening needed, so there's really no excuse for having a too-short
system.

http://www.vtnet.vt.edu/

A number of years ago, we had a relatively high-profile hack on campus. The
upshot was that a professor ended up with one of his machines missing a hard
drive, which was in an evidence bag (this was back when a hard drive was still
a good chunk of change).  Prof asks department chair for department funds for a
new hard drive, department chair says "No, you didn't secure the system, so the
money's coming out of *your* budget, not mine".

Randy was *very* busy with giving security classes to departments once that
story started going around the rumor mill... :)

Attachment: _bin
Description:

Current thread:

policy question? Anand S Malwade (Oct 28)
- Re: policy question? SCHALIP, MICHAEL (Oct 28)
  - Re: policy question? Dr. Wole Akpose (Oct 29)
    - Re: policy question? randy marchany (Oct 29)
    - Re: policy question? Joel Rosenblatt (Oct 29)
    - Re: policy question? SCHALIP, MICHAEL (Oct 29)
    - Re: policy question? Bristol, Gary L. (Oct 29)
    - Re: policy question? randy marchany (Oct 29)
    - Re: policy question? Valdis Kletnieks (Oct 29)
- Re: policy question? Brad Judy (Oct 28)
- <Possible follow-ups>
- Re: policy question? Rosenthal, Jane E. (Nov 04)
  - Re: policy question? Soldi, Miguel (Nov 04)