Re: How do you handle students who attempt to exploit internal resources?

[Michael Cole <mcole () CLARKU EDU>]

Sounds like something that should be address in an acceptable use policy
and what ever that policy is should be enforced.  It's a tough call when
a student is involved but I'm sure Dean of Students office has some kind
of judicial review processes to handle misbehaving students, why no see
how this fits into existing policies and go from there. 

-----Original Message-----
From: Ben Spencer [mailto:ben.spencer () MOODY EDU] 
Sent: Saturday, November 11, 2006 11:04 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] How do you handle students who attempt to exploit
internal resources?

Recently we had an adventurous student who decided that he would try
some common web based exploits against our intranet website (which is
available on the internet). He came to us and informed us what he found.
Through the conversation, it was revealed that this action was
intentional.

He was let off knowing that we had other options but were not going to
pursue them. That was with the understanding that he would not continue
his activities.

Well, activities, though different now, continue. These second
activities apparently caused an outage of a public website.

How are these type of situations handled at your university? 

These things tend to depend on the specifics of the situation and I
intentionally left a lot of them out.

Benji
---
Benji Spencer
System Administrator
Ph: 312-329-2288