Re: Blocked URL Categories

[Babak Oskouian <boskouia () MILLS EDU>]

At Mills College we follow the same line of reasoning: allowing access to
everything for research purposes while blocking malware, phishing and
Command & Control sites.

Babak

*Babak Oskouian, Ph.D. | Campus Network Engineer | Information Security
Officer*

*Mills College | 5000 MacArthur Blvd | Oakland, CA 94613-1301*


*Babak Oskouian, Ph.D. | Campus Network Engineer | Information Security
Officer*

*Mills College | 5000 MacArthur Blvd | Oakland, CA 94613-1301*

*Office: Stern Hall 007; Phone: 510-430-2224 <510-430-2224>*

On Fri, Oct 27, 2017 at 12:57 PM, Frank Barton <bartonf () husson edu> wrote:

> We block known malicious sites, and we also maintain an internal
> black-list of sites that haven't hit the routine lists yet
>
> other than that, it's open season on the internet.
>
> Frank
>
> On Fri, Oct 27, 2017 at 3:50 PM, Ronald King <ronald.king () morgan edu>
> wrote:
>
> > That is too true.
> >
> > Thank you everyone that has responded. These are great ideas to help
> > strengthen our stance.
> >
> > Ron
> >
> > *Ronald A. King, CISSP*
> > Chief Information Security Officer
> > Morgan State University Office: (443) 885-3372
> > 1700 E. Cold Spring Ln
> > <https://maps.google.com/?q=1700+E.+Cold+Spring+Ln&entry=gmail&source=g>.
> > Email: ronald.king () morgan edu
> > Baltimore, MD 21251 URL: http://www.morgan.edu
> >
> > *Growing the future ... Leading the world*
> > <http://www.morgan.edu/Documents/ABOUT/StrategicPlan/StrategicPlan2011-21_Final.pdf>
> >
> >
> > On Fri, Oct 27, 2017 at 1:46 PM, Ruth Ginzberg <rginzberg () uwsa edu>
> > wrote:
> >
> > > Another thought:  Your AUP also prohibits use for profit-making
> > > purposes, but I bet nobody is complaining about allowing access to business
> > > publications or marketing associations.  What’s the difference?  Students
> > > and faculty have the right, and possibly the obligation, to study
> > > activities that your AUP would not allow them to do.
> > >
> > >
> > >
> > >
> > >
> > > Ruth Ginzberg
> > >
> > > 608-890-3961 <(608)%20890-3961>
> > >
> > >
> > >
> > > *From:* The EDUCAUSE Security Constituent Group Listserv [mailto:
> > > SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Ronald King
> > > *Sent:* Friday, October 27, 2017 11:57 AM
> > > *To:* SECURITY () LISTSERV EDUCAUSE EDU
> > > *Subject:* [SECURITY] Blocked URL Categories
> > >
> > >
> > >
> > > Good afternoon,
> > >
> > >
> > >
> > > We are a public institution in Maryland. We are being questioned by our
> > > state auditors as to why we permit access to the URL categories
> > > abused-drugs, extremism, hacking, and gambling when our AUP states IT
> > > resources are not to be used for illegal activities or "for commercial,
> > > religious, political (including activities supporting the nomination of any
> > > person for political office or attempting to influence the vote in any
> > > election or referendum), solicitation, or profit-making purposes."
> > >
> > >
> > >
> > > Along with academic freedom, the perspective I have been arguing is one
> > > to permit access to the sites. The argument is, just because a student
> > > accesses a gambling website does not mean they are gambling.
> > >
> > >
> > >
> > > So, my questions to the group are:
> > >
> > > ·         Do you block these URL categories by default?
> > >
> > > ·         If so, how do you address the request to research in areas
> > > that might require access to these URLs?
> > >
> > > ·         How did you convince the auditors it was necessary to allow
> > > access to these categories?
> > >
> > > As always, responses can be addressed directly to me or via the listserv.
> > >
> > >
> > >
> > > Thank you for your input!
> > >
> > > *Ronald A. King, CISSP*
> > >
> > > Chief Information Security Officer
> > >
> > > Morgan State University
> > >
> > > Office: (443) 885-3372
> > >
> > > 1700 E. Cold Spring Ln
> > > <https://maps.google.com/?q=1700+E.+Cold+Spring+Ln&entry=gmail&source=g>
> > > .
> > >                                   Email:  ronald.king () morgan edu
> > >
> > > Baltimore, MD 21251
> > >                                                         URL:
> > > http://www.morgan.edu
> > >
> > >
> > >
> > >                                                 *Growing the future ...
> > > Leading the world*
> > > <http://www.morgan.edu/Documents/ABOUT/StrategicPlan/StrategicPlan2011-21_Final.pdf>
>
>
> --
> Frank Barton
> Security+, ACMT
> IT Systems Administrator
> Husson University