Educause Security Discussion mailing list archives

Re: Lowering the risk of email hoaxes

From: "St. Laurent, Tim" <tstlaure () RICHMOND EDU>
Date: Fri, 7 Mar 2003 20:09:55 -0500

Kathie,

Although our environment is much much smaller than yours, I hope some of
this information may help you.

1- any student in a residence hall can connect any machine to our wired
network; we do not require a MAC registration
        No answers yet, although we do require our students to register
their computer via their MAC address we are using a home grown  system.
Hopefully 802.x will solve this problem!
2- anyone coming on to campus can connect to our wireless access points
without authentication; we syslog the WAPs
        You may want to look into some type of authentication devices.  We
use an appliance by a company called Bluesocket.  It allows for NT
Domain and Radius authentication.  It also encrypts the transfer of data via
VPN technology.
3- we control the mail servers on campus (or have trusted departments that
control departmental servers)
        No real comment here.  It's good to know you have control over that!
4- we track IP address assignments issued by our DHCP server (but the
assignments are not logged for more than a few days)
        You should try to track all your authentication logins via
centralized Syslog servers.  This should also give you IP information   that
you may need.

As for adding digital signatures for your e-mail users, we are not currently
doing this, but have plans to implement this in the near future.  We will
issue a PKCS#12 digital certificate to our users and store the public keys
in a directory service such as OpenLDAP and/or Exchange.  This will insure
non-repudiation for e-mail messages sent.  The whole PKI subject is an
interesting one and I wish it would catch on more!  We are also looking at
storing digital certificates/signatures on a smart card solution.  This
solution would allow for digital signatures too.  Hope to have this done
sometime in the next year or so.

One last comment.  You make it harder for people to get huge e-mail listings
of your users by limiting returns on web directories, as well as limiting
where and to whom you give that information out to.

Hope that helps you some.

Tim

----------University of Richmond----------
Tim St. Laurent, CISSP, RHCE, MCSE
Security Administrator
*tstlaure () richmond edu
(804-289-8655







-----Original Message-----
From: Kathie Brinkman [mailto:brinkmkb () MUOHIO EDU]
Sent: Friday, March 07, 2003 5:36 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Lowering the risk of email hoaxes


I am with Miami University and we have formed a swat team, in reaction to an
incident that occurred on our campus this past week - a student, purporting
to be the president of the university, sent email to 31,000 email accounts
stating that classes were cancelled for the following day.  By the end of
next week, we will be submitting a report to Miami management on how to
lower the risk of email hoaxes. We all know that this is not a simple issue,
for a number of reasons.

Our current environment is as follows:
1- any student in a residence hall can connect any machine to our wired
network; we do not require a MAC registration
2- anyone coming on to campus can connect to our wireless access points
without authentication; we syslog the WAPs
3- we control the mail servers on campus (or have trusted departments that
control departmental servers)
4- we track ip address assignments issued by our DHCP server (but the
assignments are not logged for more than a few days)

There is a lot of opportunity for improvement in the environment, but I
would like to know what other institutions have found most useful.  And, I
would be interested in knowing if anyone uses PGP for critical messages.

Thanks for your assistance. (Please excuse the duplicate email messages, for
those of you who are on both the HDI-EDU and the Educause Security lists).


_______________________________
Kathleen B. Brinkman
Senior Manager, MCIS Support Desk
312-A Hoyt Hall, Miami University
mailto: brinkmkb () muohio edu
voice: 513.529.5947
fax: 513.529.1496

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/memdir/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/memdir/cg/.

Current thread:

Lowering the risk of email hoaxes Kathie Brinkman (Mar 07)
- <Possible follow-ups>
- Re: Lowering the risk of email hoaxes St. Laurent, Tim (Mar 07)
- Re: Lowering the risk of email hoaxes Gary Dobbins (Mar 08)
- Re: Lowering the risk of email hoaxes Kathie Brinkman (Mar 10)