Educause Security Discussion mailing list archives
Re: Spaf did not receive your email (was Re: Job Descriptions)
From: Jim Wilcox <jim () WILCOXS NET>
Date: Wed, 26 Feb 2003 17:06:08 -0800
At the risk of making enemies, I would like to support Spaf to the extent of promoting the sending of read-only files (e.g., .pdf) that pose less risk, especially when forwarding files to a mailing list. Seems to make sense, and it is simple. James Wilcox, CISSP Director of Business Development Cylant, Inc. PO Box 19777 Portland, OR 97280-9777 503 799-8438 james () cylant com www.cylant.com CylantSecure, LinuxWorld "Best Security Solution" -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Dan Updegrove Sent: Wednesday, February 26, 2003 4:09 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Spaf did not receive your email (was Re: [SECURITY] Job Descriptions) Colleagues - The UT System (15 campuses) has a multi-year enterprise license for Microsoft Office products and for Windows upgrades. When we discussed renewing this license last year, I was advised that support costs had declined and end user productivity had increased substantially because of the standardization thus enabled. It was also judged to be a substantial benefit to the University to be relieved of license audit overhead as well as the legal/financial/p.r. risk of failing an audit. In my experience here (two years), Word docs, Excel spreadsheets, and PowerPoint files are exchanged routinely and successfully, both within the 15 campuses and with colleagues and vendors far and wide. In most cases, this success extends to Macintoshes as well. Given my interest in *both* security and satisfying and serving thousands of users of widely varying technical skills and interest in computing, what reasonable alternative can I practice and preach? Thanks, Dan At 04:57 PM 2/26/2003, Bruhn, Mark S. wrote:
This is an age-old discussion and issue -- not whether security people should personally boycott MS products, which I suppose we could discuss
as well, but whether we should (and in fact can, given alternatives) actively attempt to influence our communities to avoid MS products. More discussion on this list would be quite interesting, esp. if it leads to something actually useful in this contentious space. In a perfect world, all systems would be secure (or there wouldn't be a
need to secure them), and I could be running a restaurant right now. I'm sure someone knows the statistics -- I would guess 65% of our community use Windows and MS products. We can certainly grouse about that and strongly encourage them to use something else (What? Someone could start by listing the suite of products that equate), but the reality is that they are not going to stop using that suite of applications, and we're going to have to spend time on helping them secure them. As an aside, is there a way to configure my Outlook client (clearly I'm
in that 65%) to NOT let me send .doc files? :-) M. -- Mark S. Bruhn, CISSP Chief IT Security and Policy Officer Office of the Vice President for Information Technology and CIO Indiana
University 812-855-0326 Incidents involving IU IT resources: it-incident () iu edu Complaints/kudos about OVPIT/UITS services: itombuds () iu edu -----Original Message----- From: Kevin Shalla [mailto:Kevin.Shalla () IIT EDU] Sent: Wednesday, February 26, 2003 10:18 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Spaf did not receive your email (was Re: [SECURITY] Job Descriptions) I can't help but jump in here. As leaders in security, shouldn't we strive to behave uncommonly if by doing so we can improve security, and
also set a good example? On the other hand, maybe we don't all agree that it is preferable to not send Word documents. I do agree with Gene Spafford that stamping out certain types of email attachments would drastically
reduce
many problems we do have today. At 08:15 AM 2/26/2003 -0500, you wrote:Spaf, your opinion in this area is well known, certainly. Common may
not mean standard, but common does mean common. Most of the documents I sent (and send) happen to be in Word format in our repository, and rarely does someone I send them to have trouble dealing with the format. So, I suspect that anyone who is interestedinthe documents I sent and needs them in a different format will ask me. If I had sent them in response to a request from you, I certainly
would have sent them in rtf :-) M. -- Mark S. Bruhn, CISSP Chief IT Security and Policy Officer Office of the Vice President for Information Technology and CIO Indiana University 812-855-0326 Incidents involving IU IT resources: it-incident () iu edu Complaints/kudos about OVPIT/UITS services: itombuds () iu edu -----Original Message----- From: Gene Spafford [mailto:spaf () CERIAS PURDUE EDU] Sent: Tuesday, February 25, 2003 7:03 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Spaf did not receive your email (was Re: [SECURITY] Job Descriptions) Sorry, folks. I guess I need to adjust the filter on my autoreply. ....and security people need to learn not to send Word documents!Kevin Shalla Manager, Student Information Systems Illinois Institute of Technology <mailto:Kevin.Shalla () iit edu> ********** Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/memdir/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/memdir/cg/.
VP for Information Technology Phone (512) 232-9610 The University of Texas at Austin Fax (512) 232-9607 FAC 248 (Mail code: G9800) d.updegrove () its utexas edu P.O. Box 7407 http://wnt.utexas.edu/~danu/ Austin, TX 78713-7407 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.
Current thread:
- Spaf did not receive your email (was Re: Job Descriptions) Gene Spafford (Feb 25)
- <Possible follow-ups>
- Re: Spaf did not receive your email (was Re: Job Descriptions) Gene Spafford (Feb 25)
- Re: Spaf did not receive your email (was Re: Job Descriptions) Bruhn, Mark S. (Feb 26)
- Re: Spaf did not receive your email (was Re: Job Descriptions) Kevin Shalla (Feb 26)
- Re: Spaf did not receive your email (was Re: Job Descriptions) Gene Spafford (Feb 26)
- Re: Spaf did not receive your email (was Re: Job Descriptions) Bruhn, Mark S. (Feb 26)
- Re: Spaf did not receive your email (was Re: Job Descriptions) Dan Updegrove (Feb 26)
- Re: Spaf did not receive your email (was Re: Job Descriptions) Gene Spafford (Feb 26)
- Re: Spaf did not receive your email (was Re: Job Descriptions) Jim Wilcox (Feb 26)
- Re: Spaf did not receive your email (was Re: Job Descriptions) Kevin Shalla (Feb 27)
- Re: Spaf did not receive your email (was Re: Job Descriptions) Bruhn, Mark S. (Feb 27)
- Re: Spaf did not receive your email (was Re: Job Descriptions) Randy Marchany (Feb 27)