Lowering the risk of email hoaxes

[Kathie Brinkman <brinkmkb () MUOHIO EDU>]

I am with Miami University and we have formed a swat team, in reaction to
an incident that occurred on our campus this past week - a student,
purporting to be the president of the university, sent email to 31,000
email accounts stating that classes were cancelled for the following
day.  By the end of next week, we will be submitting a report to Miami
management on how to lower the risk of email hoaxes. We all know that this
is not a simple issue, for a number of reasons.

Our current environment is as follows:
1- any student in a residence hall can connect any machine to our wired
network; we do not require a MAC registration
2- anyone coming on to campus can connect to our wireless access points
without authentication; we syslog the WAPs
3- we control the mail servers on campus (or have trusted departments that
control departmental servers)
4- we track ip address assignments issued by our DHCP server (but the
assignments are not logged for more than a few days)

There is a lot of opportunity for improvement in the environment, but I
would like to know what other institutions have found most useful.  And, I
would be interested in knowing if anyone uses PGP for critical messages.

Thanks for your assistance. (Please excuse the duplicate email messages,
for those of you who are on both the HDI-EDU and the Educause Security lists).


_______________________________
Kathleen B. Brinkman
Senior Manager, MCIS Support Desk
312-A Hoyt Hall, Miami University
mailto: brinkmkb () muohio edu
voice: 513.529.5947
fax: 513.529.1496

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/memdir/cg/.