Re: SECURITY Listserv Instructions and ParticipationGu idelines

["St. Laurent, Tim" <tstlaure () RICHMOND EDU>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm not sure about the research grants that many of you all get, but
I know that the grants we get here typically come with very powerful
computer systems.  I think part of the problem, a very big part in my
opinion, is the fact that many of these government grants do not come
with funds to adequately support such systems.  We find that a
department will get a grant and put these systems up on the network
without any forethought to security. I know that part of the solution
is policy and procedural,  which is a whole separate topic. However,
a large part of this problem is that the research for these grants
take up a large amount of time and give little time for doing
essential system administration.   I think that part of the national
infrastructure protection plan should include a section that
explicitly deals with grants and the support of the systems that go
along with the grant.  This would be a win win situation for both the
institutions and the government!





- -----Original Message-----
From: Wayne Wilson [mailto:wwilson () UMICH EDU]
Sent: Wednesday, July 03, 2002 3:41 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] SECURITY Listserv Instructions and
ParticipationGuidelines


H. Morrow Long wrote:
> The following appeared in the Network World Fusion Security
> Newsletter today and can only reinforce in the mind of the
> public that 'Universities are the worst-secured component
> of the American economy' which I don't believe is entirely
> true (there are plenty of companies of different sizes with
> poor IT security as well as many individuals -- such as
> a large number of high speed Cable/DSL Internet users).
That statement is probably  no longer true, especially in
the context of the 'economy'.
As I recall, most of the thousands of credit card numbers
which have been stolen electronically, most of the extortion
using compromised systems as leverage and most of the fiscal
loss's are due to commerical, for profit entities.  The last
time I saw numbers on the residual pool of Nimda and Code
Red hosts, .edu was not in the lead....

What I find more interesting are the three 'tasks' assigned
to Universities:


> First, help us design the research projects.

> "The second thing we need from the academic sector is to
teach.

> "The third element is securing the universities' own
networks,
> which are the major source of hack attacks today - probably
> three-quarters of the total number of attacks
These are all good tasks.

Since Universities have been on the front lines of acutually
running systems within the Internet as long as anybody, have
experience in large scale systems, especially authentication
systems and have been the past brunt of most 'attacks', it
would seem to me we might have expertise to lend in
operations as well as robust systems design.  In fact,
Kabay's suggestions are mostly operational.

Meanwhile, such things like creating a secure operating
system are being left to Bill Gates ...


> Bill Gates says he will devote the
> resources of this enormous corporation to developing a security
> operating system.

**********
Participation and subscription information for this EDUCAUSE
Discussion Group discussion list can be found at
http://www.educause.edu/memdir/cg/cg.html.

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBPSNb320ND4rSGyCQEQJiUgCeMozTxfenjFaCSSgtLSKWLxj+toAAnjNF
MGY5eUh2tlXZZIfq8avwvF9s
=KCGO
-----END PGP SIGNATURE-----

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/memdir/cg/cg.html.