Educause Security Discussion mailing list archives

Re: SECURITY Listserv Instructions and ParticipationGuidelines

From: Wayne Wilson <wwilson () UMICH EDU>
Date: Wed, 3 Jul 2002 15:40:58 -0400

H. Morrow Long wrote:

The following appeared in the Network World Fusion Security
Newsletter today and can only reinforce in the mind of the
public that 'Universities are the worst-secured component
of the American economy' which I don't believe is entirely
true (there are plenty of companies of different sizes with
poor IT security as well as many individuals -- such as
a large number of high speed Cable/DSL Internet users).

That statement is probably  no longer true, especially in
the context of the 'economy'.
As I recall, most of the thousands of credit card numbers
which have been stolen electronically, most of the extortion
using compromised systems as leverage and most of the fiscal
loss's are due to commerical, for profit entities.  The last
time I saw numbers on the residual pool of Nimda and Code
Red hosts, .edu was not in the lead....

What I find more interesting are the three 'tasks' assigned
to Universities:

First, help us design the research projects.


> "The second thing we need from the academic sector is to
teach.

> "The third element is securing the universities' own
networks,
> which are the major source of hack attacks today - probably
> three-quarters of the total number of attacks
>
These are all good tasks.

Since Universities have been on the front lines of acutually
running systems within the Internet as long as anybody, have
experience in large scale systems, especially authentication
systems and have been the past brunt of most 'attacks', it
would seem to me we might have expertise to lend in
operations as well as robust systems design.  In fact,
Kabay's suggestions are mostly operational.

Meanwhile, such things like creating a secure operating
system are being left to Bill Gates ...

Bill Gates says he will devote the
resources of this enormous corporation to developing a security
operating system.


**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/memdir/cg/cg.html.

Current thread:

Re: SECURITY Listserv Instructions and ParticipationGuidelines H. Morrow Long (Jul 03)
- <Possible follow-ups>
- Re: SECURITY Listserv Instructions and ParticipationGuidelines Wayne Wilson (Jul 03)
- Re: SECURITY Listserv Instructions and ParticipationGuidelines Rodney Petersen (Jul 07)
- Re: SECURITY Listserv Instructions and ParticipationGuidelines Randy Marchany (Jul 08)
- Re: SECURITY Listserv Instructions and ParticipationGuidelines Gene Spafford (Jul 08)