Educause Security Discussion mailing list archives

Re: Thoughts on Jericho Forum

From: Bruce Curtis <bruce.curtis () NDSU EDU>
Date: Wed, 13 Jun 2007 17:55:16 -0500

On Jun 13, 2007, at 5:15 PM, David Morton wrote:

Lately we've been engaged in some conversation about the Jericho
Forum and their thoughts on security.



Key issues such as the ineffectiveness of traditional perimeter
defenses and encryption have rang true for a long time.

Have the principals of the Jericho Forum been discussed at your
organizations and if so, what has come out of those thoughts and
discussions?

David



  Yes, we agree about a lot of things with the Jericho Forum.  We
have no perimeter firewall and our video sessions work great, and our
multicast and IPv6 connectivity works great also.

  We have a couple of departments that are using Native Transport
IPsec and it has been working well so far.  Which isn't a big
surprise since Microsoft has been using it for 200,000 plus computers
for quite a while.

  http://www.microsoft.com/casestudies/casestudy.aspx?casestudyid=49636


  http://www.microsoft.com/casestudies/casestudy.aspx?casestudyid=49593


  http://www.microsoft.com/technet/itshowcase/content/
ipsecdomisolwp.mspx


  We haven't done it here yet but a University 60 miles away has
installed a host IPS on all of their computers.  To me that is a much
more efficient use of security dollars than spending money on a
device at the perimeter.  At least one of the Host IPS packages that
I have kept an eye on has protected from every Microsoft
vulnerability due to buffer overflow since I started looking at the
issue.  And that is protection before the vulnerability was found,
reported, announced and finally patched.

  In our environment we have thousands of laptops that leave campus
every day, go who knows where, and then come back.  Even if we had a
firewall  only one click on any single host on the network can lead
to that host being compromised and then it could scan the entire
internal network.



 ---
Bruce Curtis                         bruce.curtis () ndsu edu
Certified NetAnalyst II                701-231-8527
North Dakota State University

Current thread:

Thoughts on Jericho Forum David Morton (Jun 13)
- <Possible follow-ups>
- Re: Thoughts on Jericho Forum Bruce Curtis (Jun 13)
- Re: Thoughts on Jericho Forum Lovaas,Steven (Jun 14)
- Re: Thoughts on Jericho Forum Mclaughlin, Kevin (mclaugkl) (Jun 14)
- Re: Thoughts on Jericho Forum Deke Kassabian (Jun 14)
- Re: Thoughts on Jericho Forum Lovaas,Steven (Jun 14)
- Re: Thoughts on Jericho Forum Karen Duncanson (Jun 14)
- Re: Thoughts on Jericho Forum Bruce Curtis (Jun 14)
- Re: Thoughts on Jericho Forum Bruce Curtis (Jun 14)
- Re: Thoughts on Jericho Forum Bruce Curtis (Jun 14)
- Re: Thoughts on Jericho Forum Cal Frye (Jun 14)
- Re: Thoughts on Jericho Forum Jordan Wiens (Jun 17)

(Thread continues...)