Educause Security Discussion mailing list archives

Re: NAT / dynamic IP addresses

From: "Davis, Thomas R." <tdavis () INDIANA EDU>
Date: Tue, 27 May 2003 08:28:16 -0500

I think it varies based on a few factors, such as:

* Are you packet filtering your campus network?
  
While packet filters (e.g., firewall, router ACLs) aren't the be-all
end-all that some believe, they are rather successful at blocking script
kiddies and a number of worms.  If you don't use any packet filtering,
chances are remote hackers are your most dangerous threat.
 
* Do you have a site license for desktop and email anti-virus software?

We all know that a site license for desktop a/v software doesn't
guarantee protection if a brand new virus is found in the wild or if the
user doesn't take the time to install/update it.  An email server based
a/v product goes a long way in helping the latter.  Of course, p2p is
another issue.  ;-)  In our environment, we find that most virus
problems are caused by "old" viruses that would have been detected had
the user a) installed a/v software, and/or b) updated their virus
patterns within the last couple of months.  As Scott says, viruses are
still a considerable threat.

* Are you at a commercial entity or higher ed?

It seems to me (your mileage may vary) that most non-higher ed
conferences and security practitioners claim that "insiders" are your
biggest threat.  By insiders, they are referring to disgruntled
employees and employees looking to make a profit.  While I'm sure that
this is the case in the corporate world (as most probably have robust
firewalls, security practices, and a/v installs), I don't think it maps
well to higher ed.  Unless, of course, you count clueless sysadmins as
"insiders".  :-)

Just my .02 cents,

-- 
Tom Davis, Information Technology Security Officer, CISSP
Office of the VP for Information Technology, Indiana University
For PGP Key: https://www.itso.iu.edu/staff/tdavis 
 

-----Original Message-----
From: Scott Bradner [mailto:sob () HARVARD EDU] 
Sent: Friday, May 23, 2003 9:32 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] NAT / dynamic IP addresses


remote hackers are not generally anywhere as dangerious as virsus or
disgrunteled employees

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/memdir/cg/.

Current thread:

NAT / dynamic IP addresses Kevin Shalla (May 22)
- <Possible follow-ups>
- Re: NAT / dynamic IP addresses Scott Bradner (May 23)
- Re: NAT / dynamic IP addresses Davis, Thomas R. (May 27)