How do you handle students who attempt to exploit internal resources?

[Ben Spencer <ben.spencer () MOODY EDU>]

Recently we had an adventurous student who decided that he would try
some common web based exploits against our intranet website (which is
available on the internet). He came to us and informed us what he found.
Through the conversation, it was revealed that this action was
intentional.

He was let off knowing that we had other options but were not going to
pursue them. That was with the understanding that he would not continue
his activities.

Well, activities, though different now, continue. These second
activities apparently caused an outage of a public website.

How are these type of situations handled at your university?

These things tend to depend on the specifics of the situation and I
intentionally left a lot of them out.

Benji
---
Benji Spencer
System Administrator
Ph: 312-329-2288