Educause Security Discussion mailing list archives
Re: [EXT] Re: [SECURITY] Access to Porn sites?
From: randy <marchany () VT EDU>
Date: Thu, 15 Aug 2019 10:34:29 -0400
Looking at the replies on this thread, it's not clear what the problem is. Are we making the assumption that all porn/gambling/"adult" site are the source of all/most successful malware attacks against our institutions (the technical defense) or is the reason for blocking these site based on arbitrary non-technical reasons? If we look at the technical side, we're talking about basic threat intel which can be addressed by aforementioned solutions like Palo Alto, Barracuda, DNS-RPZ, Cisco Umbrella, etc. Services like these don't care what the site does/provides, only that the sites historically have been the source of successful malware attacks. How does a domain get put into these filters and more importantly how does a domain get removed from these filters? This is one of the key questions I like to ask providers of filtering services. I mention this because we were the victim of an email spam DOS attack a couple of years. A couple of our hosts sent out a bunch of spam. External emailers flagged our domain as being a spam source and put us in their "blacklist". We didn't know we were put in these blacklists and it was a challenge to get removed from them. We only found out months later when alumni started complaining that they could email us because their email systems block us. This is why I believe great care should be taken if arbitrary blocks are put in place. We all know that the majority of malware source come from regular machines/servers/domains. Do you have data to support/justify your technical approach? I focus on the metrics side of things in order to address the "academic" freedom issue. I suppose if an org can show the 75% of their successful attacks came from adult/gambling sites that can justify putting blocks in place. My point is that if you're considering any type of blocks at the border, make sure this response addresses the root cause and you have metrics to show why a response is necessary. Of course, there are sites that should be blocked or access to them restricted in some way but the reason for the block should be clear. Address the root cause. -Randy Marchany VA Tech IT Security Office and Lab. On Thu, Aug 15, 2019 at 9:18 AM Gary McCullors <gary.mccullors () athens edu> wrote:
We’ve been blocking porn sites for years using Barracuda’s web filter. I think they call it Web Security Gateway, now. The only pushback we had was from the library. They tried to say that a student researching breast cancer would be blocked from accessing valid breast cancer sites because of the word breast. A quick demonstration to the administration showed that the library’s argument was not valid. We took the same approach as Norfolk State for academic access to porn sites. The have to make a formal request and it must be approved by the Provost’s office. We get a few false-positives a month, but not enough to make it unmanageable – benefits of being a small school. Interestingly, when we started blocking porn sites we did not find any faculty or day-time staff in the logs for attempting to access porn sites. The only consistent facility showing up in the logs was the library. Once the public visitors found out they couldn’t get to porn sites from our network, they quit coming to our library and the entries dropped to almost zero. Gary -- Gary W. McCullors Director, Information Technology Services Information Security Officer Athens State University *From:* The EDUCAUSE Security Community Group Listserv [mailto: SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *King, Ronald A. *Sent:* Thursday, August 15, 2019 7:47 AM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* [EXT] Re: [SECURITY] Access to Porn sites? We block it here. Have done so since I first started in 2006. This is because we have significant state oversight. Should a professor need access for academic reasons, they can request it. We use Palo’s URL filtering which blocks 99%. We also block gambling. Ron *Ronald King* *Chief Information Security Officer* *Office of Information Technology* (757) 823-2916 (Office) raking () nsu edu www.nsu.edu @NSUCISO (Twitter) [image: NSU_logo_horiz_tag_4c - Smaller] *From:* The EDUCAUSE Security Community Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Babak Oskouian *Sent:* Wednesday, August 14, 2019 7:08 PM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* [SECURITY] Access to Porn sites? Hi All, We at Mills College have been kicking around the idea of blocking access to porn sites on our network. Needless to say, we have gotten some push back. Our plan (if it is green-lighted) is to use the built-in "adult" filters that our Palo Alto firewall provides. I am curious as to how many of you block porn sites, and if you do and especially if you use a Palo Alto device, have you had to do a lot of fine-tuning of your filters to eliminate false-positives? Thanks. Babak * Babak Oskouian, Ph.D. | Campus Network Engineer | Information Security Officer* *Mills College | 5000 MacArthur Blvd | Oakland, CA 94613-1301* *Office: Stern Hall 007; Phone: 510-430-2224 <510-430-2224>* ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Re: [EXTERNAL] [SECURITY] Access to Porn sites?, (continued)
- Re: [EXTERNAL] [SECURITY] Access to Porn sites? Gene LeDuc (Aug 14)
- Re: Access to Porn sites? Jacobs, Mike (Aug 14)
- Re: Access to Porn sites? Alfred Barker (Aug 14)
- Re: Access to Porn sites? Jeremy Livingston (Aug 14)
- Re: Access to Porn sites? Ralph Hogaboom (Aug 14)
- Re: Access to Porn sites? WALTER KERNER (Aug 14)
- Re: Access to Porn sites? Alfred Barker (Aug 14)
- Re: Access to Porn sites? Bradley, Stephen (Aug 14)
- Re: Access to Porn sites? Jeff Borton (Aug 15)
- Re: Access to Porn sites? King, Ronald A. (Aug 15)
- Re: [EXT] Re: [SECURITY] Access to Porn sites? Gary McCullors (Aug 15)
- Re: [EXT] Re: [SECURITY] Access to Porn sites? randy (Aug 15)
- Re: [EXT] Re: [SECURITY] Access to Porn sites? Gary McCullors (Aug 15)
- Re: Access to Porn sites? Boyd, Daniel (Aug 15)
- Re: Access to Porn sites? Scott Gennari (Aug 15)
- Re: Access to Porn sites? Boyd, Daniel (Aug 15)
- Re: Access to Porn sites? King, Ronald A. (Aug 15)
- Re: Access to Porn sites? Pete, Andrew (Aug 15)
- Re: Access to Porn sites? Scott Gennari (Aug 15)
- Re: Access to Porn sites? Babak Oskouian (Aug 15)
- Re: Access to Porn sites? John McCabe (Aug 15)
- Re: Access to Porn sites? Valdis Klētnieks (Aug 15)
- Re: Access to Porn sites? David Eilken (Aug 15)
- Re: [External] Re: [SECURITY] Access to Porn sites? Thomas Dugas (Aug 15)