Educause Security Discussion mailing list archives

Re: Joining ren-isac

From: jack suess <jack () UMBC EDU>
Date: Wed, 22 Aug 2007 21:10:40 -0400

My name is Jack Suess, I am a past-chair of the EDUCAUSE/Internet2
Security Task Force and I'm chairing the REN-ISAC Executive Advisory
Group (EAG). I wanted to echo Doug's comments.  The EAG very much
recognizes the issue that David Lundy described and the EAG is
committed to adjusting the process so that the REN-ISAC can serve as
a broader resource for the higher ed community. The EAG is working
through a set of related issues and we hope to have some closure by
the end of October.  The EAG members represent a  mix of schools and
there is consensus we have to adjust the process so more schools can
be involved and benefit from the REN-ISAC.

Sincerely

Jack Suess

On Aug 22, 2007, at 8:17 PM, Doug Pearson wrote:

Hi David, and all,

We're working on a revised membership model that will help. The rub
is that in order to
have a tight-knit trusted community in which members are
comfortable and willing to share
sensitive information, it's difficult to have ease-of-entry and
serve the R&E community
broadly. We want both. The new model is not finalized, but it will
likely be tiered - with
General and Xsec member classes. General membership will have a
lower entry barrier. The
two classes will have different information sharing
characteristics. That's a very rough
sketch of what we're working on. There's lots of details and added
stuff all around that,
but it's premature to go into more detail. We recognize the issue
and think this will
help.

Regards,

Doug Pearson
Technical Director, REN-ISAC
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630

-----Original Message-----
From: David Lundy [mailto:dlundy () PACIFIC EDU]
Sent: Wednesday, August 22, 2007 7:33 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Joining ren-isac

Stephen:
     I've seen other encouragements to join REN-ISAC in the past and
have attempted to join.  I met the qualifications but did not know
any
members who could vet for me.  So I am outside and I don't see a
way in.
Any suggestions?

David Lundy

------------------------------------------------
David Lundy
Assistant IT Security Officer
University of the Pacific
Stockton, CA 95211
Email: dlundy () pacific edu
Voice: 209-946-3951
Fax: 209-946-2898

-----Original Message-----
From: Stephen Gill [mailto:gillsr () CYMRU COM]
Sent: Wednesday, August 22, 2007 4:10 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Botnet Detection

Hi Jim,

Plenty!  I _highly_ recommend you get involved here:

http://www.ren-isac.net/

I know of few better places to be for dealing with these sorts of
issues
in
the .edu environment than involved in that group.  There are a lot of
people
who can help get you up and running there very quickly with tested,
proven
methods for doing exactly what you are looking for.

Some items for you to consider along the way, if you haven't already
include:

    - deploying netflow/sflow collection capabilities
    - deploying sniffer capture capability
    - deploying localized darknets and/or automated malware
collectors
    - tracking DNS query logs
    - etc.

I've yet to see a silver bullet commercial appliance for battling
botnets,
and you won't win the war without a good mixture of tools and
techniques.
Unfortunately botnets are only the tip of the iceberg compared to
other
malware threats - they're just generally the most obvious :/.

Again, please do consider applying for membership to REN-ISAC if you
meet
the membership criteria.  You can't beat the price of admission.

Cheers,
-- steve

From: Jones, Jim R [mailto:jonesj () ITS GONZAGA EDU]
Sent: Wednesday, August 22, 2007 2:36 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Botnet Detection

Does anyone have a utility or method of detecting botnet infections?

This is becoming a serious problem that we have no way of tracking
down
at
this point in time. Any suggestions are appreciated!

Jim Jones
IT Security Manager
Gonzaga University
509.323.5926

Current thread:

Joining ren-isac David Lundy (Aug 22)
- <Possible follow-ups>
- Re: Joining ren-isac Lunceford, Dan (Aug 22)
- Re: Joining ren-isac Doug Pearson (Aug 22)
- Re: Joining ren-isac jack suess (Aug 22)
- Re: Joining ren-isac base (Aug 22)
- Re: Joining ren-isac unisog (Aug 22)
- Re: Joining ren-isac Cal Frye (Aug 22)
- Re: Joining ren-isac Michael Sinatra (Aug 22)