Re: Blocked URL Categories

[John Ruggirello <jruggirello () GOODWIN EDU>]

We generally use the categories already in place on our firewall.
When we are asked to unblock a site we take a look, usually with our phones since it’s blocked.
I don’t think we have ever had a staff/faculty request that wasn’t legit.
I worked at a company that if you typed in Essex it would block it since it had that word in it.
We teach nursing and other health sciences so they need access to those sites. However, we don’t teach gambling.  We 
are also not a residential college, so the students can go home and look up the blocked sites.

Hope this helps,


John Ruggirello
Director of IT
Goodwin College
One Riverside Drive.
East Hartford, CT 06118
jruggirello () goodwin edu<mailto:jruggirello () goodwin edu>
Office:  (860)727-6907
[CG_EmailSigCombine_1.12.16]



From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ronald 
King
Sent: Friday, October 27, 2017 12:57 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Blocked URL Categories

Good afternoon,

We are a public institution in Maryland. We are being questioned by our state auditors as to why we permit access to 
the URL categories abused-drugs, extremism, hacking, and gambling when our AUP states IT resources are not to be used 
for illegal activities or "for commercial, religious, political (including activities supporting the nomination of any 
person for political office or attempting to influence the vote in any election or referendum), solicitation, or 
profit-making purposes."

Along with academic freedom, the perspective I have been arguing is one to permit access to the sites. The argument is, 
just because a student accesses a gambling website does not mean they are gambling.

So, my questions to the group are:

  *   Do you block these URL categories by default?
  *   If so, how do you address the request to research in areas that might require access to these URLs?
  *   How did you convince the auditors it was necessary to allow access to these categories?
As always, responses can be addressed directly to me or via the listserv.

Thank you for your input!
Ronald A. King, CISSP
Chief Information Security Officer
Morgan State University                                                                                           
Office: (443) 885-3372
1700 E. Cold Spring Ln.                                                                                           
Email:  ronald.king () morgan edu<mailto:ronald.king () morgan edu>
Baltimore, MD 21251                                                                                 URL:    
http://www.morgan.edu

                                                Growing the future ... Leading the 
world<http://www.morgan.edu/Documents/ABOUT/StrategicPlan/StrategicPlan2011-21_Final.pdf>


Confidentiality.  
This electronic transmission is strictly confidential to the sender and intended solely for the addressee.  
It may contain information which is covered by legal, professional or other privilege. If you are not the 
intended addressee, or someone authorized by the intended addressee to receive transmissions on behalf 
of the addressee, you are notified that disclosing, copying, distributing or taking any action in reliance 
on the contents of this information is strictly prohibited. If you have received this transmission in error, please 
notify the sender as soon as possible and destroy this message

WARNING: Computer viruses can be transmitted  via e-mail.  The recipient should check this 
e-mail and any attachments for the presence of viruses.  The company accepts no liability 
for any damage caused by any virus transmitted by this e-mail.  E-mail transmission cannot be 
guaranteed to be secure or error-free as information could be intercepted, corrupted, 
lost, destroyed, arrive late or incomplete, or contain viruses.  The sender therefore 
does not accept liability for any errors or omissions in the contents of this message, 
which arise as a result of e-mail transmission.