Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SECURITY Digest - 26 Feb 2011 to 28 Feb 2011 (#2011-37)

From: "Dunker, Mary" <dunker () VT EDU>
Date: Tue, 1 Mar 2011 09:28:23 -0500
Virginia Tech is using digital signatures, lightly, with personal digital certificates issued on Aladdin/SafeNet 
eTokens. Our policies relate more to the issuance process and level of assurance of the credential than the legality of 
the signature, but I would be glad to share more information off-list if you're interested.

Best,
Mary

----------------------------------------
Mary Dunker
Director, Secure Enterprise Technology Initiatives
Virginia Tech Information Technology
1700 Pratt Drive
Blacksburg, VA 24060
540-231-9327
dunker () vt edu
-----------------------------------------



-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of SECURITY automatic
digest system
Sent: Tuesday, March 01, 2011 12:00 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: SECURITY Digest - 26 Feb 2011 to 28 Feb 2011 (#2011-37)

There are 9 messages totalling 1243 lines in this issue.

Topics of the day:

  1. border filtering questions (5)
  2. PGP Universal Server 3.1.0 (3)
  3. Digital signatures on legal documents...??

----------------------------------------------------------------------

Date:    Mon, 28 Feb 2011 13:41:13 -0500
From:    Jeff Murphy <jcmurphy () BUFFALO EDU>
Subject: border filtering questions

--Apple-Mail-303-636209833
Content-Type: multipart/alternative;
      boundary=Apple-Mail-302-636209783


--Apple-Mail-302-636209783
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
      charset=us-ascii

Good Monday Sec Folks,=20

If you have a moment, can you hit reply, check the appropriate box and
=
fill in the blank if there is one under that box?



[  ]  We don't block traffic to/from known bad addresses/netblocks at =
our border.=20




[  ]  We manually block traffic to/from known bad addresses/netblocks
at =
our border=20
      (someone logs into a device and types in the address/netblock. =
frequency can be rarely-to-routine, I'm interested in whether you do it
=
at all)




[  ]  We automatically* block traffic to/from known bad =
addresses/netblocks at our border using a border router (ACL) and =
free/homegrown software (software talks directly to the router)
      (*using some feed of addresses/netblocks, for example obtained =
via a SIEM or external intelligence sources)

[  ]  We automatically* block traffic to/from known bad =
addresses/netblocks at our border using a border router (ACL) and =
commercial software (software talks directly to the router)
      (*using some feed of addresses/netblocks, for example obtained =
via a SIEM or external intelligence sources)

      What's the name of the commercial software package/vendor: _____




[  ]  We automatically* block traffic to/from known bad =
addresses/netblocks at our border using a commercial inline appliance =
(IPS, packet shaper, firewall) and free/homegrown software (software =
talks directly to the appliance)
      (*using some feed of addresses/netblocks, for example obtained =
via a SIEM or external intelligence sources, the feed is directly =
consumed by the appliance and not manually entered or pushed in via =
free/homegrown software)

      What's the name of the appliance vendor: _____

[  ]  We automatically* block traffic to/from known bad =
addresses/netblocks at our border using a commercial inline appliance
=
(IPS, packet shaper, firewall) and commercial software (software talks
=
directly to the appliance)
      (*using some feed of addresses/netblocks, for example obtained =
via a SIEM or external intelligence sources, the feed is directly =
consumed by the appliance and not manually entered or pushed in via =
free/homegrown software)

      What's the name of the appliance vendor: ______
      What's the name of the commercial software package/vendor: _____



Jeff, your survey is weak! I want to tell you more! Here it is: =
_________




I'll anonymize/summarize back to the list.

thanks,

jeff murphy
information security program manager
university at buffalo=

--Apple-Mail-302-636209783
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
      charset=us-ascii

<html><head></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space; =
"><div>Good Monday Sec Folks,&nbsp;</div><div><br></div><div>If you
have =
a moment, can you hit reply, check the appropriate box and fill in the
=
blank if there is one under that =
box?</div><div><br></div><div><br></div><div><br></div><div>[ &nbsp;] =
&nbsp;We don't&nbsp;block traffic to/from known bad addresses/netblocks
=
at our =
border.&nbsp;</div><div><br></div><div><br></div><div><br></div><div><b
r><=
/div><div>[ &nbsp;] &nbsp;We <b>manually</b> <b>block</b> traffic =
to/from known bad addresses/netblocks at our =
border&nbsp;</div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre">    </span>(someone logs into a device and =
types in the address/netblock. frequency can be rarely-to-routine, I'm
=
interested in whether you do it at =
all)</div><div><br></div><div><br></div><div><br></div><div><br></div><
div=

[ &nbsp;] &nbsp;We <b>automatically</b>* <b>block</b> traffic to/from

=
known bad addresses/netblocks at our border <b>using a border router =
(ACL) and free/homegrown software </b>(software talks directly to the =
router)</div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre">    </span>(*using some feed of =
addresses/netblocks, for example obtained via a SIEM or external =
intelligence sources)</div><div><br></div><div><div>[ &nbsp;] =
&nbsp;We&nbsp;<b>automatically</b>*&nbsp;<b>block</b>&nbsp;traffic =
to/from known bad addresses/netblocks at our border&nbsp;<b>using a =
border&nbsp;router&nbsp;(ACL) and&nbsp;commercial software
</b>(software =
talks directly to the router)</div><div><span class=3D"Apple-tab-span"
=
style=3D"white-space: pre; "> </span>(*using some feed of =
addresses/netblocks, for example obtained via a SIEM or external =
intelligence sources)</div></div><div><br></div><div><span =
class=3D"Apple-tab-span" style=3D"white-space:pre">   </span>What's =
the name of the commercial software package/vendor: =
_____</div><div><br></div><div><br></div><div><br></div><div><br></div>
<di=
v><div>[ &nbsp;] =
&nbsp;We&nbsp;<b>automatically</b>*&nbsp;<b>block</b>&nbsp;traffic =
to/from known bad addresses/netblocks at our border&nbsp;<b>using =
a&nbsp;commercial inline appliance&nbsp;</b><b>(IPS, packet shaper, =
firewall)&nbsp;</b><b>and&nbsp;free/homegrown =
software&nbsp;</b>(software talks directly to the =
appliance)</div><div><span class=3D"Apple-tab-span" style=3D"white-
space: =
pre; ">       </span>(*using some feed of addresses/netblocks, for
example =
obtained via a SIEM or external intelligence sources, the feed is =
directly consumed by the appliance and&nbsp;not manually entered or =
pushed in via free/homegrown =
software)</div></div><div><br></div><div><span class=3D"Apple-tab-span"
=
style=3D"white-space:pre">    </span>What's the name of the appliance =
vendor: _____</div><div><br></div><div><div>[ &nbsp;] =
&nbsp;We&nbsp;<b>automatically</b>*&nbsp;<b>block</b>&nbsp;traffic =
to/from known bad addresses/netblocks at our border&nbsp;<b>using =
a&nbsp;commercial inline appliance</b>&nbsp;<b>&nbsp;(IPS, packet =
shaper, firewall)&nbsp;</b><b>and&nbsp;commercial =
software&nbsp;</b>(software talks directly to the =
appliance)</div><div><span class=3D"Apple-tab-span" style=3D"white-
space: =
pre; ">       </span>(*using some feed of addresses/netblocks, for
example =
obtained via a SIEM or external intelligence sources, the feed is =
directly consumed by the appliance and&nbsp;not manually entered or =
pushed in via free/homegrown =
software)</div></div><div><br></div><div><span class=3D"Apple-tab-span"
=
style=3D"white-space:pre">    </span>What's the name of the appliance =
vendor: ______</div><div><div><span class=3D"Apple-tab-span" =
style=3D"white-space: pre; "> </span>What's the name of the commercial
=
software package/vendor: =
_____</div></div><div><br></div><div><br></div><div><br></div><div>Jeff
, =
your survey is weak! I want to tell you more! Here it is: =
_________</div><div><br></div><div><br></div><div><br></div><div><br></
div=

<div>I'll anonymize/summarize back to the =

list.</div><div><br></div><div>thanks,</div><div><br></div><div>jeff =
murphy</div><div>information security program =
manager</div><div>university at buffalo</div></body></html>=

--Apple-Mail-302-636209783--

--Apple-Mail-303-636209833
Content-Disposition: attachment;
      filename=smime.p7s
Content-Type: application/pkcs7-signature;
      name=smime.p7s
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIILBzC
CBIow
ggNyoAMCAQICECf06hH0eobEbp27bqkXBwcwDQYJKoZIhvcNAQEFBQAwbzELMAkGA1UEBhM
CU0Ux
FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5hbCBUVFA
gTmV0
d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9vdDAeFw0wNTA2MDcwODA
5MTBa
Fw0yMDA1MzAxMDQ4MzhaMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAc
TDlNh
bHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAs
TGGh0
dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1UEAxMtVVROLVVTRVJGaXJzdC1DbGllbnQ
gQXV0
aGVudGljYXRpb24gYW5kIEVtYWlsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQE
AsjmF
pPJ9q0E7YkY3rs3BYHW8OWX5ShpHornMSMxqmNVNNRm5pELlzkniii8efNIxB8dOtINknS4
p1aJk
xIW9hVE1eaROaJB7HHqkkqgX8pgV8pPMyaQylbsMTzC9mKALi+VuG6JG+ni8om+rWV6lL8/
K2m2q
L+usobNqqrcuZzWLeeEeaYji5kbNoKXqvgvOdjp6Dpvq/NonWz1zHyLmSGHGTPNpsaguG7b
UMSAs
vIKKjqQOpdeJQ/wWWq8dcdcRWdq6hw2v+vPhwvCkxWeM1tZUOt4KpLoDd7NlyP0e03Riqhj
KaJMe
oYV+9Udly/hNVyh00jT/MLbu9mIwFIws6wIDAQABo4HhMIHeMB8GA1UdIwQYMBaAFK29mHo
0tCb3
+sQmVO8DveAky1QaMB0GA1UdDgQWBBSJgmd9xJ0mcABLtFBIfN49rgRufTAOBgNVHQ8BAf8
EBAMC
AQYwDwYDVR0TAQH/BAUwAwEB/zB7BgNVHR8EdDByMDigNqA0hjJodHRwOi8vY3JsLmNvbW9
kb2Nh
LmNvbS9BZGRUcnVzdEV4dGVybmFsQ0FSb290LmNybDA2oDSgMoYwaHR0cDovL2NybC5jb21
vZG8u
bmV0L0FkZFRydXN0RXh0ZXJuYWxDQVJvb3QuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQAZ2Ik
Rbyis
pgCi54fBm5AD236hEv0e8+LwAamUVEJrmgnEoG3XkJIEA2Z5Q3H8+G+v23ZF4jcaPd3kWQR
4rBz0
g0bzes9bhHIt5UbBuhgRKfPLSXmHPLptBZ2kbWhPrXIUNqi5sf2/z3/wpGqUNVCPz4FtVbH
dWTBK
322gnGQfSXzvNrv042n0+DmPWq1LhTq3Du3Tzw1EovsEv+QvcI4l+1pUBrPQxLxtjftzMiz
pm4Qk
LdZ/kXpoAlAfDj9N6cz1u2fo3BwuO/xOzf4CjuOoEwqlJkRl6RDyTVKnrtw+ymsyXEFs/vV
doOr/
0fqbhlhtPZZH5f4ulQTCAMyOofK7MIIGdTCCBV2gAwIBAgIQGkfeCkS3kX7A9xioIXA5FjA
NBgkq
hkiG9w0BAQUFADCBrjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx
0IExh
a2UgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHR
wOi8v
d3d3LnVzZXJ0cnVzdC5jb20xNjA0BgNVBAMTLVVUTi1VU0VSRmlyc3QtQ2xpZW50IEF1dGh
lbnRp
Y2F0aW9uIGFuZCBFbWFpbDAeFw0xMDA2MjUwMDAwMDBaFw0xMzA2MjQyMzU5NTlaMIIBODE
LMAkG
A1UEBhMCVVMxEzARBgNVBBETCjE0MjYwLTE2MDAxCzAJBgNVBAgTAk5ZMRAwDgYDVQQHEwd
CdWZm
YWxvMRcwFQYDVQQJEw41MDEgQ0FQRU4gSEFMTDEeMBwGA1UEChMVVU5JVkVSU0lUWSBBVCB
CVUZG
QUxPMSAwHgYDVQQLExdPZmZpY2Ugb2YgdGhlIFByZXNpZGVudDE7MDkGA1UECxMySXNzdWV
kIHRo
cm91Z2ggVU5JVkVSU0lUWSBBVCBCVUZGQUxPIEUtUEtJIE1hbmFnZXIxHzAdBgNVBAsTFkN
vcnBv
cmF0ZSBTZWN1cmUgRW1haWwxFzAVBgNVBAMTDkplZmZyZXkgTXVycGh5MSMwIQYJKoZIhvc
NAQkB
FhRqY211cnBoeUBidWZmYWxvLmVkdTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggE
BAMzZ
bgLPBj/jLO17FDbIER5yILN4SJGJoEY5JpCf+IhmchmIXAHnJjrYp6qArptwqbbHqg4rxBI
uQwU2
nO3WAT9K6xDpiwDY1ABgmPeC5fl5xXGNx+FlwDsRVeScdECVQAP6p6ZFM1+2bTuLjMxIvpF
69L2C
quLkZDtLsP+xRs92d3vID1mDfnY29WWB/P2grc7R/jXN2tyKTRnK4/v/gUxwvV/rZIbCTcP
cHlpZ
i4hh0GJDyGUDHNTxyDZ3VgRVid5Hii7P1ik5qYQ6phQNdPTqj/E1APA9vym0Uk1v61WphYh
nn2rQ
xFns2n46lUHOUnKQDrFvK9kPlvKFf+5tDpMCAwEAAaOCAgAwggH8MB8GA1UdIwQYMBaAFIm
CZ33E
nSZwAEu0UEh83j2uBG59MB0GA1UdDgQWBBT6WdGW5dlFVmppKaN5r5sywXnZfDAOBgNVHQ8
BAf8E
BAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDBAYIKwYBBQUHAwIwRgY
DVR0g
BD8wPTA7BgwrBgEEAbIxAQIBAwUwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29
tb2Rv
Lm5ldC9DUFMwgaUGA1UdHwSBnTCBmjBMoEqgSIZGaHR0cDovL2NybC5jb21vZG9jYS5jb20
vVVRO
LVVTRVJGaXJzdC1DbGllbnRBdXRoZW50aWNhdGlvbmFuZEVtYWlsLmNybDBKoEigRoZEaHR
0cDov
L2NybC5jb21vZG8ubmV0L1VUTi1VU0VSRmlyc3QtQ2xpZW50QXV0aGVudGljYXRpb25hbmR
FbWFp
bC5jcmwwbAYIKwYBBQUHAQEEYDBeMDYGCCsGAQUFBzAChipodHRwOi8vY3J0LmNvbW9kb2N
hLmNv
bS9VVE5BQUFDbGllbnRDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2N
hLmNv
bTAfBgNVHREEGDAWgRRqY211cnBoeUBidWZmYWxvLmVkdTANBgkqhkiG9w0BAQUFAAOCAQE
AoHOD
52Q0ePZZSo/+gZP32+JZ6Fu4kAdslIhXVP7OvNNFK9GwLJXeLG/sw+YrDE4ZuCKi/MtRF73
NXNzn
jcqymZV1OYXgl955LFHbJFb9hvknbrkjuXcy16AAZoxbMdNFC9i27uug511I5Mar5RxZA/0
CuAuf
eIn6xdTx92PYvoT9tukDA+MidmoiQhcTUbH8ILthQqJyE6e+VfoXDn9hIRXf4JuGUhBd/S7
QhGEX
Emn2LaLdPWKCGtz00N21V/zYVBhaMHWGwaR1E7m8Tn04mYjGgkwczu/WYsRkt+BDdTAi1O3
JPnRx
cA7Vt2wI/9/i4H87X472J9mVV0LMVEzZtDGCA/wwggP4AgEBMIHDMIGuMQswCQYDVQQGEwJ
VUzEL
MAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVN
FUlRS
VVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1U
EAxMt
VVROLVVTRVJGaXJzdC1DbGllbnQgQXV0aGVudGljYXRpb24gYW5kIEVtYWlsAhAaR94KRLe
RfsD3
GKghcDkWMAkGBSsOAwIaBQCgggINMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZ
IhvcN
AQkFMQ8XDTExMDIyODE4NDExM1owIwYJKoZIhvcNAQkEMRYEFCsCMisHGRi7l9hNPXRWT06
rQ6bj
MIHUBgkrBgEEAYI3EAQxgcYwgcMwga4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVVDEXMBU
GA1UE
BxMOU2FsdCBMYWtlIENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEhMB8
GA1UE
CxMYaHR0cDovL3d3dy51c2VydHJ1c3QuY29tMTYwNAYDVQQDEy1VVE4tVVNFUkZpcnN0LUN
saWVu
dCBBdXRoZW50aWNhdGlvbiBhbmQgRW1haWwCEBpH3gpEt5F+wPcYqCFwORYwgdYGCyqGSIb
3DQEJ
EAILMYHGoIHDMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQ
gTGFr
ZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA
6Ly93
d3cudXNlcnRydXN0LmNvbTE2MDQGA1UEAxMtVVROLVVTRVJGaXJzdC1DbGllbnQgQXV0aGV
udGlj
YXRpb24gYW5kIEVtYWlsAhAaR94KRLeRfsD3GKghcDkWMA0GCSqGSIb3DQEBAQUABIIBAAx
Xe76x
Oob0U8g44z6hMWawhcBoCq00i2uGZL9GHev4o6PEAYogn+couMntITsW+nVV1pR0sSUcBef
fnFNB
GVUBQc5yPr+rtj1ZuLPgWolilWeklQt1VH5SywX3xgeQDSIBrfGEhzceLg2ixzmb8sxadd4
r3dCp
aOdcYD6OriiAANWa8skYwel6NTAY3A7DYzby9ukvebtRjwfnbLGm+5BzCnglswZoYy7kcjJ
CqD3M
fru9FdhaM5DYO5xDzbzGkmapJ0iFTFqAgDyVvp7fzZPYfRmbmV2ikJx7/bEM/u8B+Fftc/N
n5yts
H0oU2HrTWOer6W7jrRNeFq0dD/dE0eYAAAAAAAA=

--Apple-Mail-303-636209833--

------------------------------

Date:    Mon, 28 Feb 2011 13:54:38 -0500
From:    Jeff Murphy <jcmurphy () BUFFALO EDU>
Subject: Re: border filtering questions

--Apple-Mail-318-637014813
Content-Type: multipart/alternative;
      boundary=Apple-Mail-317-637014768


--Apple-Mail-317-637014768
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
      charset=us-ascii

Whoops. Ignore "the feed is directly consumed by the appliance and not
=
manually entered or pushed in via free/homegrown software" as it =
conflicts with the statement I'm asking you to agree with! I'm =
interested in appliances that are capable of accepting some sort of =
automation, commercial or non-commercial.=20

jeff





=20
=20
[  ]  We automatically* block traffic to/from known bad =

addresses/netblocks at our border using a commercial inline appliance =
(IPS, packet shaper, firewall) and free/homegrown software (software =
talks directly to the appliance)

    (*using some feed of addresses/netblocks, for example obtained =

via a SIEM or external intelligence sources, the feed is directly =
consumed by the appliance and not manually entered or pushed in via =
free/homegrown software)

=20
    What's the name of the appliance vendor: _____
=20
[  ]  We automatically* block traffic to/from known bad =

addresses/netblocks at our border using a commercial inline appliance
=
(IPS, packet shaper, firewall) and commercial software (software talks
=
directly to the appliance)

    (*using some feed of addresses/netblocks, for example obtained =

via a SIEM or external intelligence sources, the feed is directly =
consumed by the appliance and not manually entered or pushed in via =
free/homegrown software)

=20
    What's the name of the appliance vendor: ______
    What's the name of the commercial software package/vendor: _____





--Apple-Mail-317-637014768
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
      charset=us-ascii

<html><head></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space; =
"><div>Whoops. Ignore "the feed is directly consumed by the appliance =
and&nbsp;not manually entered or pushed in via free/homegrown software"
=
as it conflicts with the statement I'm asking you to agree with! I'm =
interested in appliances that are capable of accepting some sort of =
automation, commercial or =
non-
commercial.&nbsp;</div><div><br></div><div>jeff</div><div><br></div><d=
iv><br></div><div><br></div><div><br><blockquote type=3D"cite"><div =
style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space; =
"><div><br></div><div><br></div><div><div>[ &nbsp;] =
&nbsp;We&nbsp;<b>automatically</b>*&nbsp;<b>block</b>&nbsp;traffic =
to/from known bad addresses/netblocks at our border&nbsp;<b>using =
a&nbsp;commercial inline appliance&nbsp;</b><b>(IPS, packet shaper, =
firewall)&nbsp;</b><b>and&nbsp;free/homegrown =
software&nbsp;</b>(software talks directly to the =
appliance)</div><div><span class=3D"Apple-tab-span" style=3D"white-
space: =
pre; ">       </span>(*using some feed of addresses/netblocks, for
example =
obtained via a SIEM or external intelligence sources, <s>the feed is =
directly consumed by the appliance and&nbsp;not manually entered or =
pushed in via free/homegrown =
software</s>)</div></div><div><br></div><div><span =
class=3D"Apple-tab-span" style=3D"white-space:pre">   </span>What's =
the name of the appliance vendor: _____</div><div><br></div><div><div>[
=
&nbsp;] =
&nbsp;We&nbsp;<b>automatically</b>*&nbsp;<b>block</b>&nbsp;traffic =
to/from known bad addresses/netblocks at our border&nbsp;<b>using =
a&nbsp;commercial inline appliance</b>&nbsp;<b>&nbsp;(IPS, packet =
shaper, firewall)&nbsp;</b><b>and&nbsp;commercial =
software&nbsp;</b>(software talks directly to the =
appliance)</div><div><span class=3D"Apple-tab-span" style=3D"white-
space: =
pre; ">       </span>(*using some feed of addresses/netblocks, for
example =
obtained via a SIEM or external intelligence sources, <s>the feed is =
directly consumed by the appliance and&nbsp;not manually entered or =
pushed in via free/homegrown =
software</s>)</div></div><div><br></div><div><span =
class=3D"Apple-tab-span" style=3D"white-space:pre">   </span>What's =
the name of the appliance vendor: ______</div><div><div><span =
class=3D"Apple-tab-span" style=3D"white-space: pre; ">
      </span>What's =
the name of the commercial software package/vendor: =
_____</div></div></div></blockquote><br></div><div><br></div><br></body

</=

html>=

--Apple-Mail-317-637014768--

--Apple-Mail-318-637014813
Content-Disposition: attachment;
      filename=smime.p7s
Content-Type: application/pkcs7-signature;
      name=smime.p7s
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIILBzC
CBIow
ggNyoAMCAQICECf06hH0eobEbp27bqkXBwcwDQYJKoZIhvcNAQEFBQAwbzELMAkGA1UEBhM
CU0Ux
FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5hbCBUVFA
gTmV0
d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9vdDAeFw0wNTA2MDcwODA
5MTBa
Fw0yMDA1MzAxMDQ4MzhaMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAc
TDlNh
bHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAs
TGGh0
dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1UEAxMtVVROLVVTRVJGaXJzdC1DbGllbnQ
gQXV0
aGVudGljYXRpb24gYW5kIEVtYWlsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQE
AsjmF
pPJ9q0E7YkY3rs3BYHW8OWX5ShpHornMSMxqmNVNNRm5pELlzkniii8efNIxB8dOtINknS4
p1aJk
xIW9hVE1eaROaJB7HHqkkqgX8pgV8pPMyaQylbsMTzC9mKALi+VuG6JG+ni8om+rWV6lL8/
K2m2q
L+usobNqqrcuZzWLeeEeaYji5kbNoKXqvgvOdjp6Dpvq/NonWz1zHyLmSGHGTPNpsaguG7b
UMSAs
vIKKjqQOpdeJQ/wWWq8dcdcRWdq6hw2v+vPhwvCkxWeM1tZUOt4KpLoDd7NlyP0e03Riqhj
KaJMe
oYV+9Udly/hNVyh00jT/MLbu9mIwFIws6wIDAQABo4HhMIHeMB8GA1UdIwQYMBaAFK29mHo
0tCb3
+sQmVO8DveAky1QaMB0GA1UdDgQWBBSJgmd9xJ0mcABLtFBIfN49rgRufTAOBgNVHQ8BAf8
EBAMC
AQYwDwYDVR0TAQH/BAUwAwEB/zB7BgNVHR8EdDByMDigNqA0hjJodHRwOi8vY3JsLmNvbW9
kb2Nh
LmNvbS9BZGRUcnVzdEV4dGVybmFsQ0FSb290LmNybDA2oDSgMoYwaHR0cDovL2NybC5jb21
vZG8u
bmV0L0FkZFRydXN0RXh0ZXJuYWxDQVJvb3QuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQAZ2Ik
Rbyis
pgCi54fBm5AD236hEv0e8+LwAamUVEJrmgnEoG3XkJIEA2Z5Q3H8+G+v23ZF4jcaPd3kWQR
4rBz0
g0bzes9bhHIt5UbBuhgRKfPLSXmHPLptBZ2kbWhPrXIUNqi5sf2/z3/wpGqUNVCPz4FtVbH
dWTBK
322gnGQfSXzvNrv042n0+DmPWq1LhTq3Du3Tzw1EovsEv+QvcI4l+1pUBrPQxLxtjftzMiz
pm4Qk
LdZ/kXpoAlAfDj9N6cz1u2fo3BwuO/xOzf4CjuOoEwqlJkRl6RDyTVKnrtw+ymsyXEFs/vV
doOr/
0fqbhlhtPZZH5f4ulQTCAMyOofK7MIIGdTCCBV2gAwIBAgIQGkfeCkS3kX7A9xioIXA5FjA
NBgkq
hkiG9w0BAQUFADCBrjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx
0IExh
a2UgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHR
wOi8v
d3d3LnVzZXJ0cnVzdC5jb20xNjA0BgNVBAMTLVVUTi1VU0VSRmlyc3QtQ2xpZW50IEF1dGh
lbnRp
Y2F0aW9uIGFuZCBFbWFpbDAeFw0xMDA2MjUwMDAwMDBaFw0xMzA2MjQyMzU5NTlaMIIBODE
LMAkG
A1UEBhMCVVMxEzARBgNVBBETCjE0MjYwLTE2MDAxCzAJBgNVBAgTAk5ZMRAwDgYDVQQHEwd
CdWZm
YWxvMRcwFQYDVQQJEw41MDEgQ0FQRU4gSEFMTDEeMBwGA1UEChMVVU5JVkVSU0lUWSBBVCB
CVUZG
QUxPMSAwHgYDVQQLExdPZmZpY2Ugb2YgdGhlIFByZXNpZGVudDE7MDkGA1UECxMySXNzdWV
kIHRo
cm91Z2ggVU5JVkVSU0lUWSBBVCBCVUZGQUxPIEUtUEtJIE1hbmFnZXIxHzAdBgNVBAsTFkN
vcnBv
cmF0ZSBTZWN1cmUgRW1haWwxFzAVBgNVBAMTDkplZmZyZXkgTXVycGh5MSMwIQYJKoZIhvc
NAQkB
FhRqY211cnBoeUBidWZmYWxvLmVkdTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggE
BAMzZ
bgLPBj/jLO17FDbIER5yILN4SJGJoEY5JpCf+IhmchmIXAHnJjrYp6qArptwqbbHqg4rxBI
uQwU2
nO3WAT9K6xDpiwDY1ABgmPeC5fl5xXGNx+FlwDsRVeScdECVQAP6p6ZFM1+2bTuLjMxIvpF
69L2C
quLkZDtLsP+xRs92d3vID1mDfnY29WWB/P2grc7R/jXN2tyKTRnK4/v/gUxwvV/rZIbCTcP
cHlpZ
i4hh0GJDyGUDHNTxyDZ3VgRVid5Hii7P1ik5qYQ6phQNdPTqj/E1APA9vym0Uk1v61WphYh
nn2rQ
xFns2n46lUHOUnKQDrFvK9kPlvKFf+5tDpMCAwEAAaOCAgAwggH8MB8GA1UdIwQYMBaAFIm
CZ33E
nSZwAEu0UEh83j2uBG59MB0GA1UdDgQWBBT6WdGW5dlFVmppKaN5r5sywXnZfDAOBgNVHQ8
BAf8E
BAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDBAYIKwYBBQUHAwIwRgY
DVR0g
BD8wPTA7BgwrBgEEAbIxAQIBAwUwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29
tb2Rv
Lm5ldC9DUFMwgaUGA1UdHwSBnTCBmjBMoEqgSIZGaHR0cDovL2NybC5jb21vZG9jYS5jb20
vVVRO
LVVTRVJGaXJzdC1DbGllbnRBdXRoZW50aWNhdGlvbmFuZEVtYWlsLmNybDBKoEigRoZEaHR
0cDov
L2NybC5jb21vZG8ubmV0L1VUTi1VU0VSRmlyc3QtQ2xpZW50QXV0aGVudGljYXRpb25hbmR
FbWFp
bC5jcmwwbAYIKwYBBQUHAQEEYDBeMDYGCCsGAQUFBzAChipodHRwOi8vY3J0LmNvbW9kb2N
hLmNv
bS9VVE5BQUFDbGllbnRDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2N
hLmNv
bTAfBgNVHREEGDAWgRRqY211cnBoeUBidWZmYWxvLmVkdTANBgkqhkiG9w0BAQUFAAOCAQE
AoHOD
52Q0ePZZSo/+gZP32+JZ6Fu4kAdslIhXVP7OvNNFK9GwLJXeLG/sw+YrDE4ZuCKi/MtRF73
NXNzn
jcqymZV1OYXgl955LFHbJFb9hvknbrkjuXcy16AAZoxbMdNFC9i27uug511I5Mar5RxZA/0
CuAuf
eIn6xdTx92PYvoT9tukDA+MidmoiQhcTUbH8ILthQqJyE6e+VfoXDn9hIRXf4JuGUhBd/S7
QhGEX
Emn2LaLdPWKCGtz00N21V/zYVBhaMHWGwaR1E7m8Tn04mYjGgkwczu/WYsRkt+BDdTAi1O3
JPnRx
cA7Vt2wI/9/i4H87X472J9mVV0LMVEzZtDGCA/wwggP4AgEBMIHDMIGuMQswCQYDVQQGEwJ
VUzEL
MAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVN
FUlRS
VVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1U
EAxMt
VVROLVVTRVJGaXJzdC1DbGllbnQgQXV0aGVudGljYXRpb24gYW5kIEVtYWlsAhAaR94KRLe
RfsD3
GKghcDkWMAkGBSsOAwIaBQCgggINMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZ
IhvcN
AQkFMQ8XDTExMDIyODE4NTQzOFowIwYJKoZIhvcNAQkEMRYEFMYKQIv3xC+E4410zkBaouc
4Hs9A
MIHUBgkrBgEEAYI3EAQxgcYwgcMwga4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVVDEXMBU
GA1UE
BxMOU2FsdCBMYWtlIENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEhMB8
GA1UE
CxMYaHR0cDovL3d3dy51c2VydHJ1c3QuY29tMTYwNAYDVQQDEy1VVE4tVVNFUkZpcnN0LUN
saWVu
dCBBdXRoZW50aWNhdGlvbiBhbmQgRW1haWwCEBpH3gpEt5F+wPcYqCFwORYwgdYGCyqGSIb
3DQEJ
EAILMYHGoIHDMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQ
gTGFr
ZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA
6Ly93
d3cudXNlcnRydXN0LmNvbTE2MDQGA1UEAxMtVVROLVVTRVJGaXJzdC1DbGllbnQgQXV0aGV
udGlj
YXRpb24gYW5kIEVtYWlsAhAaR94KRLeRfsD3GKghcDkWMA0GCSqGSIb3DQEBAQUABIIBAGX
NzHLs
oEcJd7VXqFGSTRtUvE/4JS8zU5yALSSEgBRn94f5kOc+961QLoiywi7NjCXeMYU2a+hruvu
oZmUl
8odyYQy7Da8rUrdqG7rpyQgvOpf17z1rloa3+uxSOg+DGl8D4u9+i4ZHS7fXFLNX80I7K24
jBlpr
yINq00zy+aTZdctSvQjew3Ul/vEtbxFKaz5+DCe8xmYwX2B5agi15N61eg0BzUvgT4AcF+y
JAocU
34hsLAyjgRQM+0j8UrfwMPczlVR/iQlGNq7np6Hf1T/Yd+6z1gYy2Lm4XeyeafQ2HEtvsU2
DbvSs
PYZfO6nshoFhv1K+XDSliuOYhAlu4UEAAAAAAAA=

--Apple-Mail-318-637014813--

------------------------------

Date:    Mon, 28 Feb 2011 15:53:14 -0500
From:    Charlie Reitsma <reitsmac () DENISON EDU>
Subject: Re: border filtering questions

Quoting Jeff Murphy <jcmurphy () BUFFALO EDU>:


Good Monday Sec Folks,

If you have a moment, can you hit reply, check the appropriate box

=20

and fill in the blank if there is one under that box?



[  ]  We don't block traffic to/from known bad addresses/netblocks

=20

at our border.




[ x ]  We manually block traffic to/from known bad =20
addresses/netblocks at our border
=09(someone logs into a device and types in the address/netblock. =20
frequency can be rarely-to-routine, I'm interested in whether you do

=20

it at all)


I'd like to know how to do it automatically but not enough to pay for
it.


[  ]  We automatically* block traffic to/from known bad =20
addresses/netblocks at our border using a border router (ACL) and =20
free/homegrown software (software talks directly to the router)
=09(*using some feed of addresses/netblocks, for example obtained via

=20

a SIEM or external intelligence sources)

[  ]  We automatically* block traffic to/from known bad =20
addresses/netblocks at our border using a border router (ACL) and =20
commercial software (software talks directly to the router)
=09(*using some feed of addresses/netblocks, for example obtained via

=20

a SIEM or external intelligence sources)

=09What's the name of the commercial software package/vendor: _____




[  ]  We automatically* block traffic to/from known bad =20
addresses/netblocks at our border using a commercial inline =20
appliance (IPS, packet shaper, firewall) and free/homegrown software

=20

(software talks directly to the appliance)
=09(*using some feed of addresses/netblocks, for example obtained via

=20

a SIEM or external intelligence sources, the feed is directly =20
consumed by the appliance and not manually entered or pushed in via

=20

free/homegrown software)

=09What's the name of the appliance vendor: _____

[  ]  We automatically* block traffic to/from known bad =20
addresses/netblocks at our border using a commercial inline =20
appliance  (IPS, packet shaper, firewall) and commercial software =20
(software talks directly to the appliance)
=09(*using some feed of addresses/netblocks, for example obtained via

=20

a SIEM or external intelligence sources, the feed is directly =20
consumed by the appliance and not manually entered or pushed in via

=20

free/homegrown software)

=09What's the name of the appliance vendor: ______
=09What's the name of the commercial software package/vendor: _____



Jeff, your survey is weak! I want to tell you more! Here it is:

_________





I'll anonymize/summarize back to the list.

thanks,

jeff murphy
information security program manager
university at buffalo


------------------------------

Date:    Mon, 28 Feb 2011 16:07:51 -0500
From:    Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Subject: Re: border filtering questions

--==_Exmh_1298927271_6182P
Content-Type: text/plain; charset=us-ascii

On Mon, 28 Feb 2011 13:41:13 EST, Jeff Murphy said:


[  ]  We don't block traffic to/from known bad addresses/netblocks at

our border.

Define "known bad addresses/netblocks".  With the recent exhaustion of
the IANA IPv4
space, this basically equates to "RFC1918, class E, and similar
bogons", unless you
want to follow the Team Cymru feed of space not sub-allocated by an RIR
yet.  If
you have some *other* definition of "known bad" (including hijacked
space, dead space,
and so on), it probably should be specified...

Oh, and you probably should ask separately for IPv4 and IPv6. ;)


--==_Exmh_1298927271_6182P
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001

iD8DBQFNbA6ncC3lWbTT17ARAjuLAJ9ehicG2Fb7ymAq3C/bJ6amAdB1sQCg/tsm
bIggcTzbZDU3YD4S8jAn8dg=
=7Zmy
-----END PGP SIGNATURE-----

--==_Exmh_1298927271_6182P--

------------------------------

Date:    Mon, 28 Feb 2011 21:16:02 +0000
From:    "Youngquist, Jason R." <jryoungquist () CCIS EDU>
Subject: PGP Universal Server 3.1.0

--_000_D88926C137E0DD4692105D69A41445C00FAB62ccex10t2_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

We are currently running PGP Desktop version 10.0 and PGP Universal
Server =
2.12 (primary/secondary cluster) in VMWare.  We are looking to upgrade
to 3=
.1.0 and I was wondering if anyone has ran into any problems/issues.

Also, when going from one version of PGP Universal Server to another,
do yo=
u test it out in a test environment first?  If so, I'd be interested in
how=
 you do this in a virtual environment such as VMWare.  We tried it
awhile a=
go, and ran into some issues because we didn't have a test AD server.

Please feel free to email me off list.


Thanks.
Jason Youngquist
Information Technology Security Engineer
Technology Services
Columbia College
1001 Rogers Street, Columbia, MO  65216
(573) 875-7334
jryoungquist () ccis edu<mailto:jryoungquist () ccis edu>
http://www.ccis.edu<http://www.ccis.edu/>


--_000_D88926C137E0DD4692105D69A41445C00FAB62ccex10t2_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-
micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-
com:office:word" =
xmlns:x=3D"urn:schemas-microsoft-com:office:excel"
xmlns:p=3D"urn:schemas-m=
icrosoft-com:office:powerpoint" xmlns:a=3D"urn:schemas-microsoft-
com:office=
:access" xmlns:dt=3D"uuid:C2F41010-65B3-11d1-A29F-00AA00C14882"
xmlns:s=3D"=
uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs=3D"urn:schemas-
microsof=
t-com:rowset" xmlns:z=3D"#RowsetSchema" xmlns:b=3D"urn:schemas-
microsoft-co=
m:office:publisher" xmlns:ss=3D"urn:schemas-microsoft-
com:office:spreadshee=
t" xmlns:c=3D"urn:schemas-microsoft-com:office:component:spreadsheet"
xmlns=
:odc=3D"urn:schemas-microsoft-com:office:odc" xmlns:oa=3D"urn:schemas-
micro=
soft-com:office:activation" xmlns:html=3D"http://www.w3.org/TR/REC-
html40" =
xmlns:q=3D"http://schemas.xmlsoap.org/soap/envelope/";
xmlns:rtc=3D"http://m=
icrosoft.com/officenet/conferencing" xmlns:D=3D"DAV:"
xmlns:Repl=3D"http://=
schemas.microsoft.com/repl/"
xmlns:mt=3D"http://schemas.microsoft.com/share=
point/soap/meetings/"
xmlns:x2=3D"http://schemas.microsoft.com/office/excel=
/2003/xml" xmlns:ppda=3D"http://www.passport.com/NameSpace.xsd";
xmlns:ois=
=3D"http://schemas.microsoft.com/sharepoint/soap/ois/";
xmlns:dir=3D"http://=
schemas.microsoft.com/sharepoint/soap/directory/"
xmlns:ds=3D"http://www.w3=
.org/2000/09/xmldsig#"
xmlns:dsp=3D"http://schemas.microsoft.com/sharepoint=
/dsp" xmlns:udc=3D"http://schemas.microsoft.com/data/udc";
xmlns:xsd=3D"http=
://www.w3.org/2001/XMLSchema"
xmlns:sub=3D"http://schemas.microsoft.com/sha=
repoint/soap/2002/1/alerts/"
xmlns:ec=3D"http://www.w3.org/2001/04/xmlenc#"=
 xmlns:sp=3D"http://schemas.microsoft.com/sharepoint/";
xmlns:sps=3D"http://=
schemas.microsoft.com/sharepoint/soap/"
xmlns:xsi=3D"http://www.w3.org/2001=
/XMLSchema-instance"
xmlns:udcs=3D"http://schemas.microsoft.com/data/udc/so=
ap" xmlns:udcxf=3D"http://schemas.microsoft.com/data/udc/xmlfile";
xmlns:udc=
p2p=3D"http://schemas.microsoft.com/data/udc/parttopart";
xmlns:wf=3D"http:/=
/schemas.microsoft.com/sharepoint/soap/workflow/"
xmlns:dsss=3D"http://sche=
mas.microsoft.com/office/2006/digsig-setup"
xmlns:dssi=3D"http://schemas.mi=
crosoft.com/office/2006/digsig"
xmlns:mdssi=3D"http://schemas.openxmlformat=
s.org/package/2006/digital-signature"
xmlns:mver=3D"http://schemas.openxmlf=
ormats.org/markup-compatibility/2006"
xmlns:m=3D"http://schemas.microsoft.c=
om/office/2004/12/omml"
xmlns:mrels=3D"http://schemas.openxmlformats.org/pa=
ckage/2006/relationships"
xmlns:spwp=3D"http://microsoft.com/sharepoint/web=
partpages"
xmlns:ex12t=3D"http://schemas.microsoft.com/exchange/services/20=
06/types"
xmlns:ex12m=3D"http://schemas.microsoft.com/exchange/services/200=
6/messages"
xmlns:pptsl=3D"http://schemas.microsoft.com/sharepoint/soap/Sli=
deLibrary/"
xmlns:spsl=3D"http://microsoft.com/webservices/SharePointPortal=
Server/PublishedLinksService" xmlns:Z=3D"urn:schemas-microsoft-com:"
xmlns:=
st=3D"&#1;" xmlns=3D"http://www.w3.org/TR/REC-html40";>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-
ascii"=



<meta name=3D"Generator" content=3D"Microsoft Word 12 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
      {font-family:"Cambria Math";
      panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
      {font-family:Calibri;
      panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
      {margin:0in;
      margin-bottom:.0001pt;
      font-size:11.0pt;
      font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
      {mso-style-priority:99;
      color:blue;
      text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
      {mso-style-priority:99;
      color:purple;
      text-decoration:underline;}
span.EmailStyle17
      {mso-style-type:personal-compose;
      font-family:"Calibri","sans-serif";
      color:windowtext;}
.MsoChpDefault
      {mso-style-type:export-only;}
@page WordSection1
      {size:8.5in 11.0in;
      margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
      {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div class=3D"WordSection1">
<p class=3D"MsoNormal">We are currently running PGP Desktop version
10.0 an=
d PGP Universal Server 2.12 (primary/secondary cluster) in
VMWare.&nbsp; We=
 are looking to upgrade to 3.1.0 and I was wondering if anyone has ran
into=
 any problems/issues.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Also, when going from one version of PGP
Universal S=
erver to another, do you test it out in a test environment first?&nbsp;
If =
so, I&#8217;d be interested in how you do this in a virtual environment
suc=
h as VMWare.&nbsp; We tried it awhile ago, and ran
 into some issues because we didn&#8217;t have a test AD server.&nbsp;
<o:p=

</o:p></p>

<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Please feel free to email me off
list.<o:p></o:p></p=



<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Thanks.<o:p></o:p></p>
<p class=3D"MsoNormal"><span style=3D"color:black">Jason
Youngquist<o:p></o=
:p></span></p>
<p class=3D"MsoNormal"><span style=3D"color:black">Information
Technology S=
ecurity Engineer<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"color:black">Technology
Services<o:p>=
</o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"color:black">Columbia
College<o:p></o=
:p></span></p>
<p class=3D"MsoNormal"><span style=3D"color:black">1001 Rogers Street,
Colu=
mbia, MO&nbsp; 65216<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"color:black">(573) 875-
7334<o:p></o:p=

</span></p>

<p class=3D"MsoNormal"><span style=3D"color:black"><a
href=3D"mailto:jryoun=
gquist () ccis edu"><span
style=3D"color:blue">jryoungquist () ccis edu</span></a=

<o:p></o:p></span></p>

<p class=3D"MsoNormal"><span style=3D"color:black"><a
href=3D"http://www.cc=
is.edu/" target=3D"_blank"><span
style=3D"color:blue">http://www.ccis.edu</=
span></a><o:p></o:p></span></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
</body>
</html>

--_000_D88926C137E0DD4692105D69A41445C00FAB62ccex10t2_--

------------------------------

Date:    Mon, 28 Feb 2011 16:03:38 -0600
From:    Josh McCune <mccunej () KSU EDU>
Subject: Re: PGP Universal Server 3.1.0

We have a relatively small install base (about 50 active users) using
only the WDE features running on a single VM in an ESX environment.
We upgraded from 2.12 to 3.0.  Because you can't do an in place
upgrade between major versions, we opted to simply backup the existing
server data and organization key (via the built-in backup tools) and
shut down the server.  We then created a brand new instance of the VM
from scratch and restored the backups.

We modified firewall rules to only allow communication with a range of
test clients, so that if we needed to roll back for any reason, we
would simply shut down the new server an bring the old one back up.
Then to any production clients it would appear as if nothing had
changed other than the server was unavailable for a bit.  This
precaution proved unnecessary as the test clients had no issue
communicating with the new server.

Hope that helps,
Josh McCune
Network Security Analyst
Kansas State University
email: mccunej () ksu edu
voice: (785) 532-2598



On Mon, Feb 28, 2011 at 3:16 PM, Youngquist, Jason R.
<jryoungquist () ccis edu> wrote:

We are currently running PGP Desktop version 10.0 and PGP Universal

Serve=
r

2.12 (primary/secondary cluster) in VMWare.=A0 We are looking to

upgrade =
to

3.1.0 and I was wondering if anyone has ran into any problems/issues.



Also, when going from one version of PGP Universal Server to another,

do =
you

test it out in a test environment first?=A0 If so, I=92d be

interested in=
 how

you do this in a virtual environment such as VMWare.=A0 We tried it

awhil=
e

ago, and ran into some issues because we didn=92t have a test AD

server.




Please feel free to email me off list.





Thanks.

Jason Youngquist

Information Technology Security Engineer

Technology Services

Columbia College

1001 Rogers Street, Columbia, MO=A0 65216

(573) 875-7334

jryoungquist () ccis edu

http://www.ccis.edu




------------------------------

Date:    Mon, 28 Feb 2011 17:35:26 -0500
From:    Jeff Murphy <jcmurphy () BUFFALO EDU>
Subject: Re: border filtering questions

--Apple-Mail-459-650263092
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
      charset=us-ascii


On Feb 28, 2011, at 4:07 PM, Valdis Kletnieks wrote:


On Mon, 28 Feb 2011 13:41:13 EST, Jeff Murphy said:
=20

[  ]  We don't block traffic to/from known bad addresses/netblocks

at =
our border.

=20
Define "known bad addresses/netblocks".  With the recent exhaustion

of =
the IANA IPv4

space, this basically equates to "RFC1918, class E, and similar =

bogons", unless you

want to follow the Team Cymru feed of space not sub-allocated by an =

RIR yet.  If

you have some *other* definition of "known bad" (including hijacked =

space, dead space,

and so on), it probably should be specified...


REN-ISAC offers a feed, Cymru has lists, Cisco sells a feed, you may =
have your own internal list (eg derived from phishing urls you see), =
etc. I was intentionally vague. By bad I meant "an address you dont
want =
to trade packets with across your border" but I should've excluded the
=
examples you give in order to avoid the "well we do block, but only rfc
=
1918, et al" folks.

What I'm interested in is whether or not there's a trend towards =
automated intelligence based blocking. My sense is that there's
interest =
in it, but that it hasn't really made it to the mainstream. I hear a
lot =
a bout it, but when I ask around amongst the people I know, I generally
=
get "no, you?"




=20
Oh, and you probably should ask separately for IPv4 and IPv6. ;)
=20



I'll ask about v6 when v6 is becomes more than just a flamefest that =
fills my nanog (er i mean newnog) folder. ;)

jeff


--Apple-Mail-459-650263092
Content-Disposition: attachment;
      filename=smime.p7s
Content-Type: application/pkcs7-signature;
      name=smime.p7s
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIILBzC
CBIow
ggNyoAMCAQICECf06hH0eobEbp27bqkXBwcwDQYJKoZIhvcNAQEFBQAwbzELMAkGA1UEBhM
CU0Ux
FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5hbCBUVFA
gTmV0
d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9vdDAeFw0wNTA2MDcwODA
5MTBa
Fw0yMDA1MzAxMDQ4MzhaMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAc
TDlNh
bHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAs
TGGh0
dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1UEAxMtVVROLVVTRVJGaXJzdC1DbGllbnQ
gQXV0
aGVudGljYXRpb24gYW5kIEVtYWlsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQE
AsjmF
pPJ9q0E7YkY3rs3BYHW8OWX5ShpHornMSMxqmNVNNRm5pELlzkniii8efNIxB8dOtINknS4
p1aJk
xIW9hVE1eaROaJB7HHqkkqgX8pgV8pPMyaQylbsMTzC9mKALi+VuG6JG+ni8om+rWV6lL8/
K2m2q
L+usobNqqrcuZzWLeeEeaYji5kbNoKXqvgvOdjp6Dpvq/NonWz1zHyLmSGHGTPNpsaguG7b
UMSAs
vIKKjqQOpdeJQ/wWWq8dcdcRWdq6hw2v+vPhwvCkxWeM1tZUOt4KpLoDd7NlyP0e03Riqhj
KaJMe
oYV+9Udly/hNVyh00jT/MLbu9mIwFIws6wIDAQABo4HhMIHeMB8GA1UdIwQYMBaAFK29mHo
0tCb3
+sQmVO8DveAky1QaMB0GA1UdDgQWBBSJgmd9xJ0mcABLtFBIfN49rgRufTAOBgNVHQ8BAf8
EBAMC
AQYwDwYDVR0TAQH/BAUwAwEB/zB7BgNVHR8EdDByMDigNqA0hjJodHRwOi8vY3JsLmNvbW9
kb2Nh
LmNvbS9BZGRUcnVzdEV4dGVybmFsQ0FSb290LmNybDA2oDSgMoYwaHR0cDovL2NybC5jb21
vZG8u
bmV0L0FkZFRydXN0RXh0ZXJuYWxDQVJvb3QuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQAZ2Ik
Rbyis
pgCi54fBm5AD236hEv0e8+LwAamUVEJrmgnEoG3XkJIEA2Z5Q3H8+G+v23ZF4jcaPd3kWQR
4rBz0
g0bzes9bhHIt5UbBuhgRKfPLSXmHPLptBZ2kbWhPrXIUNqi5sf2/z3/wpGqUNVCPz4FtVbH
dWTBK
322gnGQfSXzvNrv042n0+DmPWq1LhTq3Du3Tzw1EovsEv+QvcI4l+1pUBrPQxLxtjftzMiz
pm4Qk
LdZ/kXpoAlAfDj9N6cz1u2fo3BwuO/xOzf4CjuOoEwqlJkRl6RDyTVKnrtw+ymsyXEFs/vV
doOr/
0fqbhlhtPZZH5f4ulQTCAMyOofK7MIIGdTCCBV2gAwIBAgIQGkfeCkS3kX7A9xioIXA5FjA
NBgkq
hkiG9w0BAQUFADCBrjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx
0IExh
a2UgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHR
wOi8v
d3d3LnVzZXJ0cnVzdC5jb20xNjA0BgNVBAMTLVVUTi1VU0VSRmlyc3QtQ2xpZW50IEF1dGh
lbnRp
Y2F0aW9uIGFuZCBFbWFpbDAeFw0xMDA2MjUwMDAwMDBaFw0xMzA2MjQyMzU5NTlaMIIBODE
LMAkG
A1UEBhMCVVMxEzARBgNVBBETCjE0MjYwLTE2MDAxCzAJBgNVBAgTAk5ZMRAwDgYDVQQHEwd
CdWZm
YWxvMRcwFQYDVQQJEw41MDEgQ0FQRU4gSEFMTDEeMBwGA1UEChMVVU5JVkVSU0lUWSBBVCB
CVUZG
QUxPMSAwHgYDVQQLExdPZmZpY2Ugb2YgdGhlIFByZXNpZGVudDE7MDkGA1UECxMySXNzdWV
kIHRo
cm91Z2ggVU5JVkVSU0lUWSBBVCBCVUZGQUxPIEUtUEtJIE1hbmFnZXIxHzAdBgNVBAsTFkN
vcnBv
cmF0ZSBTZWN1cmUgRW1haWwxFzAVBgNVBAMTDkplZmZyZXkgTXVycGh5MSMwIQYJKoZIhvc
NAQkB
FhRqY211cnBoeUBidWZmYWxvLmVkdTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggE
BAMzZ
bgLPBj/jLO17FDbIER5yILN4SJGJoEY5JpCf+IhmchmIXAHnJjrYp6qArptwqbbHqg4rxBI
uQwU2
nO3WAT9K6xDpiwDY1ABgmPeC5fl5xXGNx+FlwDsRVeScdECVQAP6p6ZFM1+2bTuLjMxIvpF
69L2C
quLkZDtLsP+xRs92d3vID1mDfnY29WWB/P2grc7R/jXN2tyKTRnK4/v/gUxwvV/rZIbCTcP
cHlpZ
i4hh0GJDyGUDHNTxyDZ3VgRVid5Hii7P1ik5qYQ6phQNdPTqj/E1APA9vym0Uk1v61WphYh
nn2rQ
xFns2n46lUHOUnKQDrFvK9kPlvKFf+5tDpMCAwEAAaOCAgAwggH8MB8GA1UdIwQYMBaAFIm
CZ33E
nSZwAEu0UEh83j2uBG59MB0GA1UdDgQWBBT6WdGW5dlFVmppKaN5r5sywXnZfDAOBgNVHQ8
BAf8E
BAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDBAYIKwYBBQUHAwIwRgY
DVR0g
BD8wPTA7BgwrBgEEAbIxAQIBAwUwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29
tb2Rv
Lm5ldC9DUFMwgaUGA1UdHwSBnTCBmjBMoEqgSIZGaHR0cDovL2NybC5jb21vZG9jYS5jb20
vVVRO
LVVTRVJGaXJzdC1DbGllbnRBdXRoZW50aWNhdGlvbmFuZEVtYWlsLmNybDBKoEigRoZEaHR
0cDov
L2NybC5jb21vZG8ubmV0L1VUTi1VU0VSRmlyc3QtQ2xpZW50QXV0aGVudGljYXRpb25hbmR
FbWFp
bC5jcmwwbAYIKwYBBQUHAQEEYDBeMDYGCCsGAQUFBzAChipodHRwOi8vY3J0LmNvbW9kb2N
hLmNv
bS9VVE5BQUFDbGllbnRDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2N
hLmNv
bTAfBgNVHREEGDAWgRRqY211cnBoeUBidWZmYWxvLmVkdTANBgkqhkiG9w0BAQUFAAOCAQE
AoHOD
52Q0ePZZSo/+gZP32+JZ6Fu4kAdslIhXVP7OvNNFK9GwLJXeLG/sw+YrDE4ZuCKi/MtRF73
NXNzn
jcqymZV1OYXgl955LFHbJFb9hvknbrkjuXcy16AAZoxbMdNFC9i27uug511I5Mar5RxZA/0
CuAuf
eIn6xdTx92PYvoT9tukDA+MidmoiQhcTUbH8ILthQqJyE6e+VfoXDn9hIRXf4JuGUhBd/S7
QhGEX
Emn2LaLdPWKCGtz00N21V/zYVBhaMHWGwaR1E7m8Tn04mYjGgkwczu/WYsRkt+BDdTAi1O3
JPnRx
cA7Vt2wI/9/i4H87X472J9mVV0LMVEzZtDGCA/wwggP4AgEBMIHDMIGuMQswCQYDVQQGEwJ
VUzEL
MAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVN
FUlRS
VVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1U
EAxMt
VVROLVVTRVJGaXJzdC1DbGllbnQgQXV0aGVudGljYXRpb24gYW5kIEVtYWlsAhAaR94KRLe
RfsD3
GKghcDkWMAkGBSsOAwIaBQCgggINMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZ
IhvcN
AQkFMQ8XDTExMDIyODIyMzUyNlowIwYJKoZIhvcNAQkEMRYEFFzJps1Fng0Zzk50vGUdQkf
VUzkg
MIHUBgkrBgEEAYI3EAQxgcYwgcMwga4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVVDEXMBU
GA1UE
BxMOU2FsdCBMYWtlIENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEhMB8
GA1UE
CxMYaHR0cDovL3d3dy51c2VydHJ1c3QuY29tMTYwNAYDVQQDEy1VVE4tVVNFUkZpcnN0LUN
saWVu
dCBBdXRoZW50aWNhdGlvbiBhbmQgRW1haWwCEBpH3gpEt5F+wPcYqCFwORYwgdYGCyqGSIb
3DQEJ
EAILMYHGoIHDMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQ
gTGFr
ZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA
6Ly93
d3cudXNlcnRydXN0LmNvbTE2MDQGA1UEAxMtVVROLVVTRVJGaXJzdC1DbGllbnQgQXV0aGV
udGlj
YXRpb24gYW5kIEVtYWlsAhAaR94KRLeRfsD3GKghcDkWMA0GCSqGSIb3DQEBAQUABIIBAKn
iVfDo
NPELw8rE24J5ccae5H+WXKU2EKrfACCYCRmbzsqkgJfkHS2hEWtZ9PvVbc9uFGMeAG/rbyb
bNHmg
aeJ9d7HWoycw4AWBDdEZnRsWf79DcXyYD1WAJm0hJ0SBa1jnq7k/GLrPZViBqcj9krODUSC
DkfIB
L3GLf4b8w94Z5jWWv/3vioHdNYZRtVSyhtoqzQGBBFP91QJEBWWD/B2yFu1CjgDj9dvlX+8
BIWkr
BHQJU4bPamr0rxliyNMa7ty6j02ZE84XbsBDEE5KF9XSJ7zjA5WIZSkDB5YR0IkBG04jalh
XYXBS
tBjOqY+US1NghVLDmvf3uOl0CbGmyQIAAAAAAAA=

--Apple-Mail-459-650263092--

------------------------------

Date:    Mon, 28 Feb 2011 16:43:28 -0600
From:    Chris Green <cmgreen () UAB EDU>
Subject: Re: PGP Universal Server 3.1.0

--_000_6284F7174726844C99BAC004C5EEC8BA0396B4C2UABEXMBS3aduabe_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

We have a separate test lab where we have a separate Universal Server
we bo=
ot up for testing.  Since it only auths against AD and we have a
limited nu=
mber of macs to test with, it's exposed to internal IPs.

We have a pretty extensive set of tests we run each upgrade cycle for
our s=
upported versions of PGP in our lab environment.   Basic builds with
Versio=
n X of PGP.  Can it report?  Can it enroll?  Can you do key recovery?
Can =
you upgrade it to the latest installer?  Can you upgrade our oldest
version=
?

The only big thing we ever have to watch out for with PGP upgrade
mechanics=
 is when a system gets restored from backup, it "recovers" the IP
address t=
oo which is bad for a server where they try to not let you login as
root.

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY@LIS=
TSERV.EDUCAUSE.EDU] On Behalf Of Youngquist, Jason R.
Sent: Monday, February 28, 2011 3:16 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] PGP Universal Server 3.1.0

We are currently running PGP Desktop version 10.0 and PGP Universal
Server =
2.12 (primary/secondary cluster) in VMWare.  We are looking to upgrade
to 3=
.1.0 and I was wondering if anyone has ran into any problems/issues.

Also, when going from one version of PGP Universal Server to another,
do yo=
u test it out in a test environment first?  If so, I'd be interested in
how=
 you do this in a virtual environment such as VMWare.  We tried it
awhile a=
go, and ran into some issues because we didn't have a test AD server.

Please feel free to email me off list.


Thanks.
Jason Youngquist
Information Technology Security Engineer
Technology Services
Columbia College
1001 Rogers Street, Columbia, MO  65216
(573) 875-7334
jryoungquist () ccis edu<mailto:jryoungquist () ccis edu>
http://www.ccis.edu<http://www.ccis.edu/>


--_000_6284F7174726844C99BAC004C5EEC8BA0396B4C2UABEXMBS3aduabe_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-
micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-
com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml";
xmlns=3D"http:=
//www.w3.org/TR/REC-html40"><head><meta http-equiv=3DContent-Type
content=
=3D"text/html; charset=3Dus-ascii"><meta name=3DGenerator
content=3D"Micros=
oft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
      {font-family:Calibri;
      panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
      {font-family:Tahoma;
      panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
      {margin:0in;
      margin-bottom:.0001pt;
      font-size:11.0pt;
      font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
      {mso-style-priority:99;
      color:blue;
      text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
      {mso-style-priority:99;
      color:purple;
      text-decoration:underline;}
span.EmailStyle17
      {mso-style-type:personal;
      font-family:"Calibri","sans-serif";
      color:windowtext;}
span.EmailStyle18
      {mso-style-type:personal-reply;
      font-family:"Calibri","sans-serif";
      color:windowtext;
      font-weight:normal;
      font-style:normal;
      text-decoration:none none;}
.MsoChpDefault
      {mso-style-type:export-only;
      font-size:10.0pt;}
@page WordSection1
      {size:8.5in 11.0in;
      margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
      {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]--></head><body lang=3DEN-US link=3Dblue
vli=
nk=3Dpurple><div class=3DWordSection1><p class=3DMsoNormal>We have a
separa=
te test lab where we have a separate Universal Server we boot up for
testin=
g.&nbsp; Since it only auths against AD and we have a limited number of
mac=
s to test with, it&#8217;s exposed to internal IPs.<o:p></o:p></p><p
class=
=3DMsoNormal><o:p>&nbsp;</o:p></p><p class=3DMsoNormal>We have a pretty
ext=
ensive set of tests we run each upgrade cycle for our supported
versions of=
 PGP in our lab environment.&nbsp;&nbsp; Basic builds with Version X of
PGP=
.&nbsp; Can it report?&nbsp; Can it enroll?&nbsp; Can you do key
recovery?&=
nbsp; Can you upgrade it to the latest installer?&nbsp; Can you upgrade
our=
 oldest version?<o:p></o:p></p><p
class=3DMsoNormal><o:p>&nbsp;</o:p></p><p=
 class=3DMsoNormal>The only big thing we ever have to watch out for
with PG=
P upgrade mechanics is when a system gets restored from backup, it
&#8220;r=
ecovers&#8221; the IP address too which is bad for a server where they
try =
to not let you login as root.<o:p></o:p></p><p
class=3DMsoNormal><o:p>&nbsp=
;</o:p></p><div><div style=3D'border:none;border-top:solid #B5C4DF
1.0pt;pa=
dding:3.0pt 0in 0in 0in'><p class=3DMsoNormal><b><span style=3D'font-
size:1=
0.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style=3D'fon=
t-size:10.0pt;font-family:"Tahoma","sans-serif"'> The EDUCAUSE Security
Con=
stituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] <b>On
Behal=
f Of </b>Youngquist, Jason R.<br><b>Sent:</b> Monday, February 28, 2011
3:1=
6 PM<br><b>To:</b> SECURITY () LISTSERV EDUCAUSE EDU<br><b>Subject:</b>
[SECUR=
ITY] PGP Universal Server 3.1.0<o:p></o:p></span></p></div></div><p
class=
=3DMsoNormal><o:p>&nbsp;</o:p></p><p class=3DMsoNormal>We are currently
run=
ning PGP Desktop version 10.0 and PGP Universal Server 2.12
(primary/second=
ary cluster) in VMWare.&nbsp; We are looking to upgrade to 3.1.0 and I
was =
wondering if anyone has ran into any problems/issues.<o:p></o:p></p><p
clas=
s=3DMsoNormal><o:p>&nbsp;</o:p></p><p class=3DMsoNormal>Also, when
going fr=
om one version of PGP Universal Server to another, do you test it out
in a =
test environment first?&nbsp; If so, I&#8217;d be interested in how you
do =
this in a virtual environment such as VMWare.&nbsp; We tried it awhile
ago,=
 and ran into some issues because we didn&#8217;t have a test AD
server.&nb=
sp; <o:p></o:p></p><p class=3DMsoNormal><o:p>&nbsp;</o:p></p><p
class=3DMso=
Normal>Please feel free to email me off list.<o:p></o:p></p><p
class=3DMsoN=
ormal><o:p>&nbsp;</o:p></p><p class=3DMsoNormal><o:p>&nbsp;</o:p></p><p
cla=
ss=3DMsoNormal>Thanks.<o:p></o:p></p><p class=3DMsoNormal><span
style=3D'co=
lor:black'>Jason Youngquist<o:p></o:p></span></p><p
class=3DMsoNormal><span=
 style=3D'color:black'>Information Technology Security
Engineer<o:p></o:p><=
/span></p><p class=3DMsoNormal><span style=3D'color:black'>Technology
Servi=
ces<o:p></o:p></span></p><p class=3DMsoNormal><span
style=3D'color:black'>C=
olumbia College<o:p></o:p></span></p><p class=3DMsoNormal><span
style=3D'co=
lor:black'>1001 Rogers Street, Columbia, MO&nbsp;
65216<o:p></o:p></span></=
p><p class=3DMsoNormal><span style=3D'color:black'>(573) 875-
7334<o:p></o:p=

</span></p><p class=3DMsoNormal><span style=3D'color:black'><a

href=3D"mai=
lto:jryoungquist () ccis edu">jryoungquist () ccis edu</a><o:p></o:p></span><
/p><=
p class=3DMsoNormal><span style=3D'color:black'><a
href=3D"http://www.ccis.=
edu/" target=3D"_blank">http://www.ccis.edu</a><o:p></o:p></span></p><p
cla=
ss=3DMsoNormal><o:p>&nbsp;</o:p></p></div></body></html>=

--_000_6284F7174726844C99BAC004C5EEC8BA0396B4C2UABEXMBS3aduabe_--

------------------------------

Date:    Mon, 28 Feb 2011 18:42:18 -0700
From:    "SCHALIP, MICHAEL" <mschalip () CNM EDU>
Subject: Digital signatures on legal documents...??

--_000_988201AAB9319E4A9CD65754395FB6C7FC4AFCFB9FEXMAILadminad_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi Security folks.....



Back again for another "what are YOU doing...?" question.....



The fed sector has been using "digital signatures" for a few years -
the la=
st one that I knew of was "Entrust" - used for both encryption and
"digital=
 signatures", (non-repudiation messaging, basically).  My question:

 1.  Is there anyone out there that is using "digital signatures",
and....
 2.  If so - what product(s) are you using?.....and....
 3.  What kind of policy do you have in place to support, or provide
for, t=
he use of digital signatures....??



Thanks,



Michael

--=20
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


--_000_988201AAB9319E4A9CD65754395FB6C7FC4AFCFB9FEXMAILadminad_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<html dir=3D"ltr"><head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Diso-
8859-=
1">
<style>@font-face {
      font-family: Calibri;
}
@font-face {
      font-family: Tahoma;
}
@page WordSection1 {margin: 1.0in 1.0in 1.0in 1.0in; }
P.MsoNormal {
      MARGIN: 0in 0in 0pt; FONT-FAMILY: "Calibri","sans-serif"; FONT-
SIZE: 11pt
}
LI.MsoNormal {
      MARGIN: 0in 0in 0pt; FONT-FAMILY: "Calibri","sans-serif"; FONT-
SIZE: 11pt
}
DIV.MsoNormal {
      MARGIN: 0in 0in 0pt; FONT-FAMILY: "Calibri","sans-serif"; FONT-
SIZE: 11pt
}
A:link {
      COLOR: blue; TEXT-DECORATION: underline
}
SPAN.MsoHyperlink {
      COLOR: blue; TEXT-DECORATION: underline
}
A:visited {
      COLOR: purple; TEXT-DECORATION: underline
}
SPAN.MsoHyperlinkFollowed {
      COLOR: purple; TEXT-DECORATION: underline
}
SPAN.EmailStyle17 {
      FONT-FAMILY: "Calibri","sans-serif"; COLOR: windowtext
}
SPAN.EmailStyle18 {
      FONT-STYLE: normal; FONT-FAMILY: "Calibri","sans-serif"; COLOR:
windowtext=
; FONT-WEIGHT: normal; TEXT-DECORATION: none
}
.MsoChpDefault {
      FONT-SIZE: 10pt
}
DIV.WordSection1 {
=09
}
</style>
<meta name=3D"GENERATOR" content=3D"MSHTML 8.00.6001.19019">
<style id=3D"owaTempEditStyle"></style><style
title=3D"owaParaStyle"><!--P {
      MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px
}
--></style>
</head>
<body lang=3D"EN-US" link=3D"blue" vlink=3D"purple" ocsi=3D"x">
<div style=3D"FONT-FAMILY: Tahoma; DIRECTION: ltr; COLOR: #000000;
FONT-SIZ=
E: 13px">
<p>Hi Security folks.....</p>
<p><font size=3D"2" face=3D"tahoma"></font>&nbsp;</p>
<p><font size=3D"2" face=3D"tahoma">Back again for another &quot;what
are Y=
OU doing...?&quot; question.....</font></p>
<p><font size=3D"2" face=3D"tahoma"></font>&nbsp;</p>
<p><font size=3D"2" face=3D"tahoma">The fed sector has been using
&quot;dig=
ital signatures&quot; for a few years - the last one that I knew of was
&qu=
ot;Entrust&quot; - used for both encryption and &quot;digital
signatures&qu=
ot;, (non-repudiation messaging, basically).&nbsp; My question:&nbsp;
</font></p>
<ol style=3D"FONT-FAMILY: Tahoma; FONT-SIZE: 10pt">
<li><font size=3D"2" face=3D"tahoma">Is there anyone out there that is
usin=
g &quot;digital signatures&quot;, and....
</font></li><li><font size=3D"2" face=3D"tahoma">If so - what
product(s) ar=
e you using?.....and....</font>
</li><li><font size=3D"2" face=3D"tahoma">What kind of policy do you
have i=
n place to support, or provide for, the use of digital
signatures....??</fo=
nt></li></ol>
<p><font size=3D"2" face=3D"tahoma"></font>&nbsp;</p>
<p><font size=3D"2" face=3D"tahoma">Thanks,</font></p>
<p><font size=3D"2" face=3D"tahoma"></font>&nbsp;</p>
<p><font size=3D"2" face=3D"tahoma">Michael</font></p>
</div>
<br />--=20
<br />This message has been scanned for viruses and
<br />dangerous content by
<a href=3D"http://www.mailscanner.info/";><b>MailScanner</b></a>, and is
<br />believed to be clean.
</body>
</html>

--_000_988201AAB9319E4A9CD65754395FB6C7FC4AFCFB9FEXMAILadminad_--

------------------------------

End of SECURITY Digest - 26 Feb 2011 to 28 Feb 2011 (#2011-37)
**************************************************************
Previous By Date Next
Previous By Thread Next

Current thread: