Educause Security Discussion mailing list archives
Re: SECURITY Digest - 26 Feb 2011 to 28 Feb 2011 (#2011-37)
From: "Dunker, Mary" <dunker () VT EDU>
Date: Tue, 1 Mar 2011 09:28:23 -0500
Virginia Tech is using digital signatures, lightly, with personal digital certificates issued on Aladdin/SafeNet eTokens. Our policies relate more to the issuance process and level of assurance of the credential than the legality of the signature, but I would be glad to share more information off-list if you're interested. Best, Mary ---------------------------------------- Mary Dunker Director, Secure Enterprise Technology Initiatives Virginia Tech Information Technology 1700 Pratt Drive Blacksburg, VA 24060 540-231-9327 dunker () vt edu -----------------------------------------
-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of SECURITY automatic digest system Sent: Tuesday, March 01, 2011 12:00 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: SECURITY Digest - 26 Feb 2011 to 28 Feb 2011 (#2011-37) There are 9 messages totalling 1243 lines in this issue. Topics of the day: 1. border filtering questions (5) 2. PGP Universal Server 3.1.0 (3) 3. Digital signatures on legal documents...?? ---------------------------------------------------------------------- Date: Mon, 28 Feb 2011 13:41:13 -0500 From: Jeff Murphy <jcmurphy () BUFFALO EDU> Subject: border filtering questions --Apple-Mail-303-636209833 Content-Type: multipart/alternative; boundary=Apple-Mail-302-636209783 --Apple-Mail-302-636209783 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Good Monday Sec Folks,=20 If you have a moment, can you hit reply, check the appropriate box and = fill in the blank if there is one under that box? [ ] We don't block traffic to/from known bad addresses/netblocks at = our border.=20 [ ] We manually block traffic to/from known bad addresses/netblocks at = our border=20 (someone logs into a device and types in the address/netblock. = frequency can be rarely-to-routine, I'm interested in whether you do it = at all) [ ] We automatically* block traffic to/from known bad = addresses/netblocks at our border using a border router (ACL) and = free/homegrown software (software talks directly to the router) (*using some feed of addresses/netblocks, for example obtained = via a SIEM or external intelligence sources) [ ] We automatically* block traffic to/from known bad = addresses/netblocks at our border using a border router (ACL) and = commercial software (software talks directly to the router) (*using some feed of addresses/netblocks, for example obtained = via a SIEM or external intelligence sources) What's the name of the commercial software package/vendor: _____ [ ] We automatically* block traffic to/from known bad = addresses/netblocks at our border using a commercial inline appliance = (IPS, packet shaper, firewall) and free/homegrown software (software = talks directly to the appliance) (*using some feed of addresses/netblocks, for example obtained = via a SIEM or external intelligence sources, the feed is directly = consumed by the appliance and not manually entered or pushed in via = free/homegrown software) What's the name of the appliance vendor: _____ [ ] We automatically* block traffic to/from known bad = addresses/netblocks at our border using a commercial inline appliance = (IPS, packet shaper, firewall) and commercial software (software talks = directly to the appliance) (*using some feed of addresses/netblocks, for example obtained = via a SIEM or external intelligence sources, the feed is directly = consumed by the appliance and not manually entered or pushed in via = free/homegrown software) What's the name of the appliance vendor: ______ What's the name of the commercial software package/vendor: _____ Jeff, your survey is weak! I want to tell you more! Here it is: = _________ I'll anonymize/summarize back to the list. thanks, jeff murphy information security program manager university at buffalo= --Apple-Mail-302-636209783 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii <html><head></head><body style=3D"word-wrap: break-word; = -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; = "><div>Good Monday Sec Folks, </div><div><br></div><div>If you have = a moment, can you hit reply, check the appropriate box and fill in the = blank if there is one under that = box?</div><div><br></div><div><br></div><div><br></div><div>[ ] = We don't block traffic to/from known bad addresses/netblocks = at our = border. </div><div><br></div><div><br></div><div><br></div><div><b r><= /div><div>[ ] We <b>manually</b> <b>block</b> traffic = to/from known bad addresses/netblocks at our = border </div><div><span class=3D"Apple-tab-span" = style=3D"white-space:pre"> </span>(someone logs into a device and = types in the address/netblock. frequency can be rarely-to-routine, I'm = interested in whether you do it at = all)</div><div><br></div><div><br></div><div><br></div><div><br></div>< div=[ ] We <b>automatically</b>* <b>block</b> traffic to/from= known bad addresses/netblocks at our border <b>using a border router = (ACL) and free/homegrown software </b>(software talks directly to the = router)</div><div><span class=3D"Apple-tab-span" = style=3D"white-space:pre"> </span>(*using some feed of = addresses/netblocks, for example obtained via a SIEM or external = intelligence sources)</div><div><br></div><div><div>[ ] = We <b>automatically</b>* <b>block</b> traffic = to/from known bad addresses/netblocks at our border <b>using a = border router (ACL) and commercial software </b>(software = talks directly to the router)</div><div><span class=3D"Apple-tab-span" = style=3D"white-space: pre; "> </span>(*using some feed of = addresses/netblocks, for example obtained via a SIEM or external = intelligence sources)</div></div><div><br></div><div><span = class=3D"Apple-tab-span" style=3D"white-space:pre"> </span>What's = the name of the commercial software package/vendor: = _____</div><div><br></div><div><br></div><div><br></div><div><br></div> <di= v><div>[ ] = We <b>automatically</b>* <b>block</b> traffic = to/from known bad addresses/netblocks at our border <b>using = a commercial inline appliance </b><b>(IPS, packet shaper, = firewall) </b><b>and free/homegrown = software </b>(software talks directly to the = appliance)</div><div><span class=3D"Apple-tab-span" style=3D"white- space: = pre; "> </span>(*using some feed of addresses/netblocks, for example = obtained via a SIEM or external intelligence sources, the feed is = directly consumed by the appliance and not manually entered or = pushed in via free/homegrown = software)</div></div><div><br></div><div><span class=3D"Apple-tab-span" = style=3D"white-space:pre"> </span>What's the name of the appliance = vendor: _____</div><div><br></div><div><div>[ ] = We <b>automatically</b>* <b>block</b> traffic = to/from known bad addresses/netblocks at our border <b>using = a commercial inline appliance</b> <b> (IPS, packet = shaper, firewall) </b><b>and commercial = software </b>(software talks directly to the = appliance)</div><div><span class=3D"Apple-tab-span" style=3D"white- space: = pre; "> </span>(*using some feed of addresses/netblocks, for example = obtained via a SIEM or external intelligence sources, the feed is = directly consumed by the appliance and not manually entered or = pushed in via free/homegrown = software)</div></div><div><br></div><div><span class=3D"Apple-tab-span" = style=3D"white-space:pre"> </span>What's the name of the appliance = vendor: ______</div><div><div><span class=3D"Apple-tab-span" = style=3D"white-space: pre; "> </span>What's the name of the commercial = software package/vendor: = _____</div></div><div><br></div><div><br></div><div><br></div><div>Jeff , = your survey is weak! I want to tell you more! Here it is: = _________</div><div><br></div><div><br></div><div><br></div><div><br></ div=<div>I'll anonymize/summarize back to the =list.</div><div><br></div><div>thanks,</div><div><br></div><div>jeff = murphy</div><div>information security program = manager</div><div>university at buffalo</div></body></html>= --Apple-Mail-302-636209783-- --Apple-Mail-303-636209833 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIILBzC CBIow ggNyoAMCAQICECf06hH0eobEbp27bqkXBwcwDQYJKoZIhvcNAQEFBQAwbzELMAkGA1UEBhM CU0Ux FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5hbCBUVFA gTmV0 d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9vdDAeFw0wNTA2MDcwODA 5MTBa Fw0yMDA1MzAxMDQ4MzhaMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAc TDlNh bHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAs TGGh0 dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1UEAxMtVVROLVVTRVJGaXJzdC1DbGllbnQ gQXV0 aGVudGljYXRpb24gYW5kIEVtYWlsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQE AsjmF pPJ9q0E7YkY3rs3BYHW8OWX5ShpHornMSMxqmNVNNRm5pELlzkniii8efNIxB8dOtINknS4 p1aJk xIW9hVE1eaROaJB7HHqkkqgX8pgV8pPMyaQylbsMTzC9mKALi+VuG6JG+ni8om+rWV6lL8/ K2m2q L+usobNqqrcuZzWLeeEeaYji5kbNoKXqvgvOdjp6Dpvq/NonWz1zHyLmSGHGTPNpsaguG7b UMSAs vIKKjqQOpdeJQ/wWWq8dcdcRWdq6hw2v+vPhwvCkxWeM1tZUOt4KpLoDd7NlyP0e03Riqhj KaJMe oYV+9Udly/hNVyh00jT/MLbu9mIwFIws6wIDAQABo4HhMIHeMB8GA1UdIwQYMBaAFK29mHo 0tCb3 +sQmVO8DveAky1QaMB0GA1UdDgQWBBSJgmd9xJ0mcABLtFBIfN49rgRufTAOBgNVHQ8BAf8 EBAMC AQYwDwYDVR0TAQH/BAUwAwEB/zB7BgNVHR8EdDByMDigNqA0hjJodHRwOi8vY3JsLmNvbW9 kb2Nh LmNvbS9BZGRUcnVzdEV4dGVybmFsQ0FSb290LmNybDA2oDSgMoYwaHR0cDovL2NybC5jb21 vZG8u bmV0L0FkZFRydXN0RXh0ZXJuYWxDQVJvb3QuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQAZ2Ik Rbyis pgCi54fBm5AD236hEv0e8+LwAamUVEJrmgnEoG3XkJIEA2Z5Q3H8+G+v23ZF4jcaPd3kWQR 4rBz0 g0bzes9bhHIt5UbBuhgRKfPLSXmHPLptBZ2kbWhPrXIUNqi5sf2/z3/wpGqUNVCPz4FtVbH dWTBK 322gnGQfSXzvNrv042n0+DmPWq1LhTq3Du3Tzw1EovsEv+QvcI4l+1pUBrPQxLxtjftzMiz pm4Qk LdZ/kXpoAlAfDj9N6cz1u2fo3BwuO/xOzf4CjuOoEwqlJkRl6RDyTVKnrtw+ymsyXEFs/vV doOr/ 0fqbhlhtPZZH5f4ulQTCAMyOofK7MIIGdTCCBV2gAwIBAgIQGkfeCkS3kX7A9xioIXA5FjA NBgkq hkiG9w0BAQUFADCBrjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx 0IExh a2UgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHR wOi8v d3d3LnVzZXJ0cnVzdC5jb20xNjA0BgNVBAMTLVVUTi1VU0VSRmlyc3QtQ2xpZW50IEF1dGh lbnRp Y2F0aW9uIGFuZCBFbWFpbDAeFw0xMDA2MjUwMDAwMDBaFw0xMzA2MjQyMzU5NTlaMIIBODE LMAkG A1UEBhMCVVMxEzARBgNVBBETCjE0MjYwLTE2MDAxCzAJBgNVBAgTAk5ZMRAwDgYDVQQHEwd CdWZm YWxvMRcwFQYDVQQJEw41MDEgQ0FQRU4gSEFMTDEeMBwGA1UEChMVVU5JVkVSU0lUWSBBVCB CVUZG QUxPMSAwHgYDVQQLExdPZmZpY2Ugb2YgdGhlIFByZXNpZGVudDE7MDkGA1UECxMySXNzdWV kIHRo cm91Z2ggVU5JVkVSU0lUWSBBVCBCVUZGQUxPIEUtUEtJIE1hbmFnZXIxHzAdBgNVBAsTFkN vcnBv cmF0ZSBTZWN1cmUgRW1haWwxFzAVBgNVBAMTDkplZmZyZXkgTXVycGh5MSMwIQYJKoZIhvc NAQkB FhRqY211cnBoeUBidWZmYWxvLmVkdTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggE BAMzZ bgLPBj/jLO17FDbIER5yILN4SJGJoEY5JpCf+IhmchmIXAHnJjrYp6qArptwqbbHqg4rxBI uQwU2 nO3WAT9K6xDpiwDY1ABgmPeC5fl5xXGNx+FlwDsRVeScdECVQAP6p6ZFM1+2bTuLjMxIvpF 69L2C quLkZDtLsP+xRs92d3vID1mDfnY29WWB/P2grc7R/jXN2tyKTRnK4/v/gUxwvV/rZIbCTcP cHlpZ i4hh0GJDyGUDHNTxyDZ3VgRVid5Hii7P1ik5qYQ6phQNdPTqj/E1APA9vym0Uk1v61WphYh nn2rQ xFns2n46lUHOUnKQDrFvK9kPlvKFf+5tDpMCAwEAAaOCAgAwggH8MB8GA1UdIwQYMBaAFIm CZ33E nSZwAEu0UEh83j2uBG59MB0GA1UdDgQWBBT6WdGW5dlFVmppKaN5r5sywXnZfDAOBgNVHQ8 BAf8E BAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDBAYIKwYBBQUHAwIwRgY DVR0g BD8wPTA7BgwrBgEEAbIxAQIBAwUwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29 tb2Rv Lm5ldC9DUFMwgaUGA1UdHwSBnTCBmjBMoEqgSIZGaHR0cDovL2NybC5jb21vZG9jYS5jb20 vVVRO LVVTRVJGaXJzdC1DbGllbnRBdXRoZW50aWNhdGlvbmFuZEVtYWlsLmNybDBKoEigRoZEaHR 0cDov L2NybC5jb21vZG8ubmV0L1VUTi1VU0VSRmlyc3QtQ2xpZW50QXV0aGVudGljYXRpb25hbmR FbWFp bC5jcmwwbAYIKwYBBQUHAQEEYDBeMDYGCCsGAQUFBzAChipodHRwOi8vY3J0LmNvbW9kb2N hLmNv bS9VVE5BQUFDbGllbnRDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2N hLmNv bTAfBgNVHREEGDAWgRRqY211cnBoeUBidWZmYWxvLmVkdTANBgkqhkiG9w0BAQUFAAOCAQE AoHOD 52Q0ePZZSo/+gZP32+JZ6Fu4kAdslIhXVP7OvNNFK9GwLJXeLG/sw+YrDE4ZuCKi/MtRF73 NXNzn jcqymZV1OYXgl955LFHbJFb9hvknbrkjuXcy16AAZoxbMdNFC9i27uug511I5Mar5RxZA/0 CuAuf eIn6xdTx92PYvoT9tukDA+MidmoiQhcTUbH8ILthQqJyE6e+VfoXDn9hIRXf4JuGUhBd/S7 QhGEX Emn2LaLdPWKCGtz00N21V/zYVBhaMHWGwaR1E7m8Tn04mYjGgkwczu/WYsRkt+BDdTAi1O3 JPnRx cA7Vt2wI/9/i4H87X472J9mVV0LMVEzZtDGCA/wwggP4AgEBMIHDMIGuMQswCQYDVQQGEwJ VUzEL MAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVN FUlRS VVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1U EAxMt VVROLVVTRVJGaXJzdC1DbGllbnQgQXV0aGVudGljYXRpb24gYW5kIEVtYWlsAhAaR94KRLe RfsD3 GKghcDkWMAkGBSsOAwIaBQCgggINMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZ IhvcN AQkFMQ8XDTExMDIyODE4NDExM1owIwYJKoZIhvcNAQkEMRYEFCsCMisHGRi7l9hNPXRWT06 rQ6bj MIHUBgkrBgEEAYI3EAQxgcYwgcMwga4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVVDEXMBU GA1UE BxMOU2FsdCBMYWtlIENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEhMB8 GA1UE CxMYaHR0cDovL3d3dy51c2VydHJ1c3QuY29tMTYwNAYDVQQDEy1VVE4tVVNFUkZpcnN0LUN saWVu dCBBdXRoZW50aWNhdGlvbiBhbmQgRW1haWwCEBpH3gpEt5F+wPcYqCFwORYwgdYGCyqGSIb 3DQEJ EAILMYHGoIHDMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQ gTGFr ZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA 6Ly93 d3cudXNlcnRydXN0LmNvbTE2MDQGA1UEAxMtVVROLVVTRVJGaXJzdC1DbGllbnQgQXV0aGV udGlj YXRpb24gYW5kIEVtYWlsAhAaR94KRLeRfsD3GKghcDkWMA0GCSqGSIb3DQEBAQUABIIBAAx Xe76x Oob0U8g44z6hMWawhcBoCq00i2uGZL9GHev4o6PEAYogn+couMntITsW+nVV1pR0sSUcBef fnFNB GVUBQc5yPr+rtj1ZuLPgWolilWeklQt1VH5SywX3xgeQDSIBrfGEhzceLg2ixzmb8sxadd4 r3dCp aOdcYD6OriiAANWa8skYwel6NTAY3A7DYzby9ukvebtRjwfnbLGm+5BzCnglswZoYy7kcjJ CqD3M fru9FdhaM5DYO5xDzbzGkmapJ0iFTFqAgDyVvp7fzZPYfRmbmV2ikJx7/bEM/u8B+Fftc/N n5yts H0oU2HrTWOer6W7jrRNeFq0dD/dE0eYAAAAAAAA= --Apple-Mail-303-636209833-- ------------------------------ Date: Mon, 28 Feb 2011 13:54:38 -0500 From: Jeff Murphy <jcmurphy () BUFFALO EDU> Subject: Re: border filtering questions --Apple-Mail-318-637014813 Content-Type: multipart/alternative; boundary=Apple-Mail-317-637014768 --Apple-Mail-317-637014768 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Whoops. Ignore "the feed is directly consumed by the appliance and not = manually entered or pushed in via free/homegrown software" as it = conflicts with the statement I'm asking you to agree with! I'm = interested in appliances that are capable of accepting some sort of = automation, commercial or non-commercial.=20 jeff=20 =20 [ ] We automatically* block traffic to/from known bad =addresses/netblocks at our border using a commercial inline appliance = (IPS, packet shaper, firewall) and free/homegrown software (software = talks directly to the appliance)(*using some feed of addresses/netblocks, for example obtained =via a SIEM or external intelligence sources, the feed is directly = consumed by the appliance and not manually entered or pushed in via = free/homegrown software)=20 What's the name of the appliance vendor: _____ =20 [ ] We automatically* block traffic to/from known bad =addresses/netblocks at our border using a commercial inline appliance = (IPS, packet shaper, firewall) and commercial software (software talks = directly to the appliance)(*using some feed of addresses/netblocks, for example obtained =via a SIEM or external intelligence sources, the feed is directly = consumed by the appliance and not manually entered or pushed in via = free/homegrown software)=20 What's the name of the appliance vendor: ______ What's the name of the commercial software package/vendor: _____--Apple-Mail-317-637014768 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii <html><head></head><body style=3D"word-wrap: break-word; = -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; = "><div>Whoops. Ignore "the feed is directly consumed by the appliance = and not manually entered or pushed in via free/homegrown software" = as it conflicts with the statement I'm asking you to agree with! I'm = interested in appliances that are capable of accepting some sort of = automation, commercial or = non- commercial. </div><div><br></div><div>jeff</div><div><br></div><d= iv><br></div><div><br></div><div><br><blockquote type=3D"cite"><div = style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; = -webkit-line-break: after-white-space; = "><div><br></div><div><br></div><div><div>[ ] = We <b>automatically</b>* <b>block</b> traffic = to/from known bad addresses/netblocks at our border <b>using = a commercial inline appliance </b><b>(IPS, packet shaper, = firewall) </b><b>and free/homegrown = software </b>(software talks directly to the = appliance)</div><div><span class=3D"Apple-tab-span" style=3D"white- space: = pre; "> </span>(*using some feed of addresses/netblocks, for example = obtained via a SIEM or external intelligence sources, <s>the feed is = directly consumed by the appliance and not manually entered or = pushed in via free/homegrown = software</s>)</div></div><div><br></div><div><span = class=3D"Apple-tab-span" style=3D"white-space:pre"> </span>What's = the name of the appliance vendor: _____</div><div><br></div><div><div>[ = ] = We <b>automatically</b>* <b>block</b> traffic = to/from known bad addresses/netblocks at our border <b>using = a commercial inline appliance</b> <b> (IPS, packet = shaper, firewall) </b><b>and commercial = software </b>(software talks directly to the = appliance)</div><div><span class=3D"Apple-tab-span" style=3D"white- space: = pre; "> </span>(*using some feed of addresses/netblocks, for example = obtained via a SIEM or external intelligence sources, <s>the feed is = directly consumed by the appliance and not manually entered or = pushed in via free/homegrown = software</s>)</div></div><div><br></div><div><span = class=3D"Apple-tab-span" style=3D"white-space:pre"> </span>What's = the name of the appliance vendor: ______</div><div><div><span = class=3D"Apple-tab-span" style=3D"white-space: pre; "> </span>What's = the name of the commercial software package/vendor: = _____</div></div></div></blockquote><br></div><div><br></div><br></body</=html>= --Apple-Mail-317-637014768-- --Apple-Mail-318-637014813 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIILBzC CBIow ggNyoAMCAQICECf06hH0eobEbp27bqkXBwcwDQYJKoZIhvcNAQEFBQAwbzELMAkGA1UEBhM CU0Ux FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5hbCBUVFA gTmV0 d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9vdDAeFw0wNTA2MDcwODA 5MTBa Fw0yMDA1MzAxMDQ4MzhaMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAc TDlNh bHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAs TGGh0 dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1UEAxMtVVROLVVTRVJGaXJzdC1DbGllbnQ gQXV0 aGVudGljYXRpb24gYW5kIEVtYWlsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQE AsjmF pPJ9q0E7YkY3rs3BYHW8OWX5ShpHornMSMxqmNVNNRm5pELlzkniii8efNIxB8dOtINknS4 p1aJk xIW9hVE1eaROaJB7HHqkkqgX8pgV8pPMyaQylbsMTzC9mKALi+VuG6JG+ni8om+rWV6lL8/ K2m2q L+usobNqqrcuZzWLeeEeaYji5kbNoKXqvgvOdjp6Dpvq/NonWz1zHyLmSGHGTPNpsaguG7b UMSAs vIKKjqQOpdeJQ/wWWq8dcdcRWdq6hw2v+vPhwvCkxWeM1tZUOt4KpLoDd7NlyP0e03Riqhj KaJMe oYV+9Udly/hNVyh00jT/MLbu9mIwFIws6wIDAQABo4HhMIHeMB8GA1UdIwQYMBaAFK29mHo 0tCb3 +sQmVO8DveAky1QaMB0GA1UdDgQWBBSJgmd9xJ0mcABLtFBIfN49rgRufTAOBgNVHQ8BAf8 EBAMC AQYwDwYDVR0TAQH/BAUwAwEB/zB7BgNVHR8EdDByMDigNqA0hjJodHRwOi8vY3JsLmNvbW9 kb2Nh LmNvbS9BZGRUcnVzdEV4dGVybmFsQ0FSb290LmNybDA2oDSgMoYwaHR0cDovL2NybC5jb21 vZG8u bmV0L0FkZFRydXN0RXh0ZXJuYWxDQVJvb3QuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQAZ2Ik Rbyis pgCi54fBm5AD236hEv0e8+LwAamUVEJrmgnEoG3XkJIEA2Z5Q3H8+G+v23ZF4jcaPd3kWQR 4rBz0 g0bzes9bhHIt5UbBuhgRKfPLSXmHPLptBZ2kbWhPrXIUNqi5sf2/z3/wpGqUNVCPz4FtVbH dWTBK 322gnGQfSXzvNrv042n0+DmPWq1LhTq3Du3Tzw1EovsEv+QvcI4l+1pUBrPQxLxtjftzMiz pm4Qk LdZ/kXpoAlAfDj9N6cz1u2fo3BwuO/xOzf4CjuOoEwqlJkRl6RDyTVKnrtw+ymsyXEFs/vV doOr/ 0fqbhlhtPZZH5f4ulQTCAMyOofK7MIIGdTCCBV2gAwIBAgIQGkfeCkS3kX7A9xioIXA5FjA NBgkq hkiG9w0BAQUFADCBrjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx 0IExh a2UgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHR wOi8v d3d3LnVzZXJ0cnVzdC5jb20xNjA0BgNVBAMTLVVUTi1VU0VSRmlyc3QtQ2xpZW50IEF1dGh lbnRp Y2F0aW9uIGFuZCBFbWFpbDAeFw0xMDA2MjUwMDAwMDBaFw0xMzA2MjQyMzU5NTlaMIIBODE LMAkG A1UEBhMCVVMxEzARBgNVBBETCjE0MjYwLTE2MDAxCzAJBgNVBAgTAk5ZMRAwDgYDVQQHEwd CdWZm YWxvMRcwFQYDVQQJEw41MDEgQ0FQRU4gSEFMTDEeMBwGA1UEChMVVU5JVkVSU0lUWSBBVCB CVUZG QUxPMSAwHgYDVQQLExdPZmZpY2Ugb2YgdGhlIFByZXNpZGVudDE7MDkGA1UECxMySXNzdWV kIHRo cm91Z2ggVU5JVkVSU0lUWSBBVCBCVUZGQUxPIEUtUEtJIE1hbmFnZXIxHzAdBgNVBAsTFkN vcnBv cmF0ZSBTZWN1cmUgRW1haWwxFzAVBgNVBAMTDkplZmZyZXkgTXVycGh5MSMwIQYJKoZIhvc NAQkB FhRqY211cnBoeUBidWZmYWxvLmVkdTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggE BAMzZ bgLPBj/jLO17FDbIER5yILN4SJGJoEY5JpCf+IhmchmIXAHnJjrYp6qArptwqbbHqg4rxBI uQwU2 nO3WAT9K6xDpiwDY1ABgmPeC5fl5xXGNx+FlwDsRVeScdECVQAP6p6ZFM1+2bTuLjMxIvpF 69L2C quLkZDtLsP+xRs92d3vID1mDfnY29WWB/P2grc7R/jXN2tyKTRnK4/v/gUxwvV/rZIbCTcP cHlpZ i4hh0GJDyGUDHNTxyDZ3VgRVid5Hii7P1ik5qYQ6phQNdPTqj/E1APA9vym0Uk1v61WphYh nn2rQ xFns2n46lUHOUnKQDrFvK9kPlvKFf+5tDpMCAwEAAaOCAgAwggH8MB8GA1UdIwQYMBaAFIm CZ33E nSZwAEu0UEh83j2uBG59MB0GA1UdDgQWBBT6WdGW5dlFVmppKaN5r5sywXnZfDAOBgNVHQ8 BAf8E BAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDBAYIKwYBBQUHAwIwRgY DVR0g BD8wPTA7BgwrBgEEAbIxAQIBAwUwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29 tb2Rv Lm5ldC9DUFMwgaUGA1UdHwSBnTCBmjBMoEqgSIZGaHR0cDovL2NybC5jb21vZG9jYS5jb20 vVVRO LVVTRVJGaXJzdC1DbGllbnRBdXRoZW50aWNhdGlvbmFuZEVtYWlsLmNybDBKoEigRoZEaHR 0cDov L2NybC5jb21vZG8ubmV0L1VUTi1VU0VSRmlyc3QtQ2xpZW50QXV0aGVudGljYXRpb25hbmR FbWFp bC5jcmwwbAYIKwYBBQUHAQEEYDBeMDYGCCsGAQUFBzAChipodHRwOi8vY3J0LmNvbW9kb2N hLmNv bS9VVE5BQUFDbGllbnRDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2N hLmNv bTAfBgNVHREEGDAWgRRqY211cnBoeUBidWZmYWxvLmVkdTANBgkqhkiG9w0BAQUFAAOCAQE AoHOD 52Q0ePZZSo/+gZP32+JZ6Fu4kAdslIhXVP7OvNNFK9GwLJXeLG/sw+YrDE4ZuCKi/MtRF73 NXNzn jcqymZV1OYXgl955LFHbJFb9hvknbrkjuXcy16AAZoxbMdNFC9i27uug511I5Mar5RxZA/0 CuAuf eIn6xdTx92PYvoT9tukDA+MidmoiQhcTUbH8ILthQqJyE6e+VfoXDn9hIRXf4JuGUhBd/S7 QhGEX Emn2LaLdPWKCGtz00N21V/zYVBhaMHWGwaR1E7m8Tn04mYjGgkwczu/WYsRkt+BDdTAi1O3 JPnRx cA7Vt2wI/9/i4H87X472J9mVV0LMVEzZtDGCA/wwggP4AgEBMIHDMIGuMQswCQYDVQQGEwJ VUzEL MAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVN FUlRS VVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1U EAxMt VVROLVVTRVJGaXJzdC1DbGllbnQgQXV0aGVudGljYXRpb24gYW5kIEVtYWlsAhAaR94KRLe RfsD3 GKghcDkWMAkGBSsOAwIaBQCgggINMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZ IhvcN AQkFMQ8XDTExMDIyODE4NTQzOFowIwYJKoZIhvcNAQkEMRYEFMYKQIv3xC+E4410zkBaouc 4Hs9A MIHUBgkrBgEEAYI3EAQxgcYwgcMwga4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVVDEXMBU GA1UE BxMOU2FsdCBMYWtlIENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEhMB8 GA1UE CxMYaHR0cDovL3d3dy51c2VydHJ1c3QuY29tMTYwNAYDVQQDEy1VVE4tVVNFUkZpcnN0LUN saWVu dCBBdXRoZW50aWNhdGlvbiBhbmQgRW1haWwCEBpH3gpEt5F+wPcYqCFwORYwgdYGCyqGSIb 3DQEJ EAILMYHGoIHDMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQ gTGFr ZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA 6Ly93 d3cudXNlcnRydXN0LmNvbTE2MDQGA1UEAxMtVVROLVVTRVJGaXJzdC1DbGllbnQgQXV0aGV udGlj YXRpb24gYW5kIEVtYWlsAhAaR94KRLeRfsD3GKghcDkWMA0GCSqGSIb3DQEBAQUABIIBAGX NzHLs oEcJd7VXqFGSTRtUvE/4JS8zU5yALSSEgBRn94f5kOc+961QLoiywi7NjCXeMYU2a+hruvu oZmUl 8odyYQy7Da8rUrdqG7rpyQgvOpf17z1rloa3+uxSOg+DGl8D4u9+i4ZHS7fXFLNX80I7K24 jBlpr yINq00zy+aTZdctSvQjew3Ul/vEtbxFKaz5+DCe8xmYwX2B5agi15N61eg0BzUvgT4AcF+y JAocU 34hsLAyjgRQM+0j8UrfwMPczlVR/iQlGNq7np6Hf1T/Yd+6z1gYy2Lm4XeyeafQ2HEtvsU2 DbvSs PYZfO6nshoFhv1K+XDSliuOYhAlu4UEAAAAAAAA= --Apple-Mail-318-637014813-- ------------------------------ Date: Mon, 28 Feb 2011 15:53:14 -0500 From: Charlie Reitsma <reitsmac () DENISON EDU> Subject: Re: border filtering questions Quoting Jeff Murphy <jcmurphy () BUFFALO EDU>:Good Monday Sec Folks, If you have a moment, can you hit reply, check the appropriate box=20and fill in the blank if there is one under that box? [ ] We don't block traffic to/from known bad addresses/netblocks=20at our border. [ x ] We manually block traffic to/from known bad =20 addresses/netblocks at our border =09(someone logs into a device and types in the address/netblock. =20 frequency can be rarely-to-routine, I'm interested in whether you do=20it at all)I'd like to know how to do it automatically but not enough to pay for it.[ ] We automatically* block traffic to/from known bad =20 addresses/netblocks at our border using a border router (ACL) and =20 free/homegrown software (software talks directly to the router) =09(*using some feed of addresses/netblocks, for example obtained via=20a SIEM or external intelligence sources) [ ] We automatically* block traffic to/from known bad =20 addresses/netblocks at our border using a border router (ACL) and =20 commercial software (software talks directly to the router) =09(*using some feed of addresses/netblocks, for example obtained via=20a SIEM or external intelligence sources) =09What's the name of the commercial software package/vendor: _____ [ ] We automatically* block traffic to/from known bad =20 addresses/netblocks at our border using a commercial inline =20 appliance (IPS, packet shaper, firewall) and free/homegrown software=20(software talks directly to the appliance) =09(*using some feed of addresses/netblocks, for example obtained via=20a SIEM or external intelligence sources, the feed is directly =20 consumed by the appliance and not manually entered or pushed in via=20free/homegrown software) =09What's the name of the appliance vendor: _____ [ ] We automatically* block traffic to/from known bad =20 addresses/netblocks at our border using a commercial inline =20 appliance (IPS, packet shaper, firewall) and commercial software =20 (software talks directly to the appliance) =09(*using some feed of addresses/netblocks, for example obtained via=20a SIEM or external intelligence sources, the feed is directly =20 consumed by the appliance and not manually entered or pushed in via=20free/homegrown software) =09What's the name of the appliance vendor: ______ =09What's the name of the commercial software package/vendor: _____ Jeff, your survey is weak! I want to tell you more! Here it is:_________I'll anonymize/summarize back to the list. thanks, jeff murphy information security program manager university at buffalo------------------------------ Date: Mon, 28 Feb 2011 16:07:51 -0500 From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU> Subject: Re: border filtering questions --==_Exmh_1298927271_6182P Content-Type: text/plain; charset=us-ascii On Mon, 28 Feb 2011 13:41:13 EST, Jeff Murphy said:[ ] We don't block traffic to/from known bad addresses/netblocks atour border. Define "known bad addresses/netblocks". With the recent exhaustion of the IANA IPv4 space, this basically equates to "RFC1918, class E, and similar bogons", unless you want to follow the Team Cymru feed of space not sub-allocated by an RIR yet. If you have some *other* definition of "known bad" (including hijacked space, dead space, and so on), it probably should be specified... Oh, and you probably should ask separately for IPv4 and IPv6. ;) --==_Exmh_1298927271_6182P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Exmh version 2.5 07/13/2001 iD8DBQFNbA6ncC3lWbTT17ARAjuLAJ9ehicG2Fb7ymAq3C/bJ6amAdB1sQCg/tsm bIggcTzbZDU3YD4S8jAn8dg= =7Zmy -----END PGP SIGNATURE----- --==_Exmh_1298927271_6182P-- ------------------------------ Date: Mon, 28 Feb 2011 21:16:02 +0000 From: "Youngquist, Jason R." <jryoungquist () CCIS EDU> Subject: PGP Universal Server 3.1.0 --_000_D88926C137E0DD4692105D69A41445C00FAB62ccex10t2_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable We are currently running PGP Desktop version 10.0 and PGP Universal Server = 2.12 (primary/secondary cluster) in VMWare. We are looking to upgrade to 3= .1.0 and I was wondering if anyone has ran into any problems/issues. Also, when going from one version of PGP Universal Server to another, do yo= u test it out in a test environment first? If so, I'd be interested in how= you do this in a virtual environment such as VMWare. We tried it awhile a= go, and ran into some issues because we didn't have a test AD server. Please feel free to email me off list. Thanks. Jason Youngquist Information Technology Security Engineer Technology Services Columbia College 1001 Rogers Street, Columbia, MO 65216 (573) 875-7334 jryoungquist () ccis edu<mailto:jryoungquist () ccis edu> http://www.ccis.edu<http://www.ccis.edu/> --_000_D88926C137E0DD4692105D69A41445C00FAB62ccex10t2_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas- micr= osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft- com:office:word" = xmlns:x=3D"urn:schemas-microsoft-com:office:excel" xmlns:p=3D"urn:schemas-m= icrosoft-com:office:powerpoint" xmlns:a=3D"urn:schemas-microsoft- com:office= :access" xmlns:dt=3D"uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s=3D"= uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs=3D"urn:schemas- microsof= t-com:rowset" xmlns:z=3D"#RowsetSchema" xmlns:b=3D"urn:schemas- microsoft-co= m:office:publisher" xmlns:ss=3D"urn:schemas-microsoft- com:office:spreadshee= t" xmlns:c=3D"urn:schemas-microsoft-com:office:component:spreadsheet" xmlns= :odc=3D"urn:schemas-microsoft-com:office:odc" xmlns:oa=3D"urn:schemas- micro= soft-com:office:activation" xmlns:html=3D"http://www.w3.org/TR/REC- html40" = xmlns:q=3D"http://schemas.xmlsoap.org/soap/envelope/" xmlns:rtc=3D"http://m= icrosoft.com/officenet/conferencing" xmlns:D=3D"DAV:" xmlns:Repl=3D"http://= schemas.microsoft.com/repl/" xmlns:mt=3D"http://schemas.microsoft.com/share= point/soap/meetings/" xmlns:x2=3D"http://schemas.microsoft.com/office/excel= /2003/xml" xmlns:ppda=3D"http://www.passport.com/NameSpace.xsd" xmlns:ois= =3D"http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir=3D"http://= schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds=3D"http://www.w3= .org/2000/09/xmldsig#" xmlns:dsp=3D"http://schemas.microsoft.com/sharepoint= /dsp" xmlns:udc=3D"http://schemas.microsoft.com/data/udc" xmlns:xsd=3D"http= ://www.w3.org/2001/XMLSchema" xmlns:sub=3D"http://schemas.microsoft.com/sha= repoint/soap/2002/1/alerts/" xmlns:ec=3D"http://www.w3.org/2001/04/xmlenc#"= xmlns:sp=3D"http://schemas.microsoft.com/sharepoint/" xmlns:sps=3D"http://= schemas.microsoft.com/sharepoint/soap/" xmlns:xsi=3D"http://www.w3.org/2001= /XMLSchema-instance" xmlns:udcs=3D"http://schemas.microsoft.com/data/udc/so= ap" xmlns:udcxf=3D"http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udc= p2p=3D"http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf=3D"http:/= /schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss=3D"http://sche= mas.microsoft.com/office/2006/digsig-setup" xmlns:dssi=3D"http://schemas.mi= crosoft.com/office/2006/digsig" xmlns:mdssi=3D"http://schemas.openxmlformat= s.org/package/2006/digital-signature" xmlns:mver=3D"http://schemas.openxmlf= ormats.org/markup-compatibility/2006" xmlns:m=3D"http://schemas.microsoft.c= om/office/2004/12/omml" xmlns:mrels=3D"http://schemas.openxmlformats.org/pa= ckage/2006/relationships" xmlns:spwp=3D"http://microsoft.com/sharepoint/web= partpages" xmlns:ex12t=3D"http://schemas.microsoft.com/exchange/services/20= 06/types" xmlns:ex12m=3D"http://schemas.microsoft.com/exchange/services/200= 6/messages" xmlns:pptsl=3D"http://schemas.microsoft.com/sharepoint/soap/Sli= deLibrary/" xmlns:spsl=3D"http://microsoft.com/webservices/SharePointPortal= Server/PublishedLinksService" xmlns:Z=3D"urn:schemas-microsoft-com:" xmlns:= st=3D"" xmlns=3D"http://www.w3.org/TR/REC-html40"> <head> <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus- ascii"=<meta name=3D"Generator" content=3D"Microsoft Word 12 (filtered medium)"> <style><!-- /* Font Definitions */ @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; margin-bottom:.0001pt; font-size:11.0pt; font-family:"Calibri","sans-serif";} a:link, span.MsoHyperlink {mso-style-priority:99; color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {mso-style-priority:99; color:purple; text-decoration:underline;} span.EmailStyle17 {mso-style-type:personal-compose; font-family:"Calibri","sans-serif"; color:windowtext;} .MsoChpDefault {mso-style-type:export-only;} @page WordSection1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in;} div.WordSection1 {page:WordSection1;} --></style><!--[if gte mso 9]><xml> <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" /> </xml><![endif]--><!--[if gte mso 9]><xml> <o:shapelayout v:ext=3D"edit"> <o:idmap v:ext=3D"edit" data=3D"1" /> </o:shapelayout></xml><![endif]--> </head> <body lang=3D"EN-US" link=3D"blue" vlink=3D"purple"> <div class=3D"WordSection1"> <p class=3D"MsoNormal">We are currently running PGP Desktop version 10.0 an= d PGP Universal Server 2.12 (primary/secondary cluster) in VMWare. We= are looking to upgrade to 3.1.0 and I was wondering if anyone has ran into= any problems/issues.<o:p></o:p></p> <p class=3D"MsoNormal"><o:p> </o:p></p> <p class=3D"MsoNormal">Also, when going from one version of PGP Universal S= erver to another, do you test it out in a test environment first? If = so, I’d be interested in how you do this in a virtual environment suc= h as VMWare. We tried it awhile ago, and ran into some issues because we didn’t have a test AD server. <o:p=</o:p></p><p class=3D"MsoNormal"><o:p> </o:p></p> <p class=3D"MsoNormal">Please feel free to email me off list.<o:p></o:p></p=<p class=3D"MsoNormal"><o:p> </o:p></p> <p class=3D"MsoNormal"><o:p> </o:p></p> <p class=3D"MsoNormal">Thanks.<o:p></o:p></p> <p class=3D"MsoNormal"><span style=3D"color:black">Jason Youngquist<o:p></o= :p></span></p> <p class=3D"MsoNormal"><span style=3D"color:black">Information Technology S= ecurity Engineer<o:p></o:p></span></p> <p class=3D"MsoNormal"><span style=3D"color:black">Technology Services<o:p>= </o:p></span></p> <p class=3D"MsoNormal"><span style=3D"color:black">Columbia College<o:p></o= :p></span></p> <p class=3D"MsoNormal"><span style=3D"color:black">1001 Rogers Street, Colu= mbia, MO 65216<o:p></o:p></span></p> <p class=3D"MsoNormal"><span style=3D"color:black">(573) 875- 7334<o:p></o:p=</span></p><p class=3D"MsoNormal"><span style=3D"color:black"><a href=3D"mailto:jryoun= gquist () ccis edu"><span style=3D"color:blue">jryoungquist () ccis edu</span></a=<o:p></o:p></span></p><p class=3D"MsoNormal"><span style=3D"color:black"><a href=3D"http://www.cc= is.edu/" target=3D"_blank"><span style=3D"color:blue">http://www.ccis.edu</= span></a><o:p></o:p></span></p> <p class=3D"MsoNormal"><o:p> </o:p></p> </div> </body> </html> --_000_D88926C137E0DD4692105D69A41445C00FAB62ccex10t2_-- ------------------------------ Date: Mon, 28 Feb 2011 16:03:38 -0600 From: Josh McCune <mccunej () KSU EDU> Subject: Re: PGP Universal Server 3.1.0 We have a relatively small install base (about 50 active users) using only the WDE features running on a single VM in an ESX environment. We upgraded from 2.12 to 3.0. Because you can't do an in place upgrade between major versions, we opted to simply backup the existing server data and organization key (via the built-in backup tools) and shut down the server. We then created a brand new instance of the VM from scratch and restored the backups. We modified firewall rules to only allow communication with a range of test clients, so that if we needed to roll back for any reason, we would simply shut down the new server an bring the old one back up. Then to any production clients it would appear as if nothing had changed other than the server was unavailable for a bit. This precaution proved unnecessary as the test clients had no issue communicating with the new server. Hope that helps, Josh McCune Network Security Analyst Kansas State University email: mccunej () ksu edu voice: (785) 532-2598 On Mon, Feb 28, 2011 at 3:16 PM, Youngquist, Jason R. <jryoungquist () ccis edu> wrote:We are currently running PGP Desktop version 10.0 and PGP UniversalServe= r2.12 (primary/secondary cluster) in VMWare.=A0 We are looking toupgrade = to3.1.0 and I was wondering if anyone has ran into any problems/issues. Also, when going from one version of PGP Universal Server to another,do = youtest it out in a test environment first?=A0 If so, I=92d beinterested in= howyou do this in a virtual environment such as VMWare.=A0 We tried itawhil= eago, and ran into some issues because we didn=92t have a test ADserver.Please feel free to email me off list. Thanks. Jason Youngquist Information Technology Security Engineer Technology Services Columbia College 1001 Rogers Street, Columbia, MO=A0 65216 (573) 875-7334 jryoungquist () ccis edu http://www.ccis.edu------------------------------ Date: Mon, 28 Feb 2011 17:35:26 -0500 From: Jeff Murphy <jcmurphy () BUFFALO EDU> Subject: Re: border filtering questions --Apple-Mail-459-650263092 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii On Feb 28, 2011, at 4:07 PM, Valdis Kletnieks wrote:On Mon, 28 Feb 2011 13:41:13 EST, Jeff Murphy said: =20[ ] We don't block traffic to/from known bad addresses/netblocksat = our border.=20 Define "known bad addresses/netblocks". With the recent exhaustionof = the IANA IPv4space, this basically equates to "RFC1918, class E, and similar =bogons", unless youwant to follow the Team Cymru feed of space not sub-allocated by an =RIR yet. Ifyou have some *other* definition of "known bad" (including hijacked =space, dead space,and so on), it probably should be specified...REN-ISAC offers a feed, Cymru has lists, Cisco sells a feed, you may = have your own internal list (eg derived from phishing urls you see), = etc. I was intentionally vague. By bad I meant "an address you dont want = to trade packets with across your border" but I should've excluded the = examples you give in order to avoid the "well we do block, but only rfc = 1918, et al" folks. What I'm interested in is whether or not there's a trend towards = automated intelligence based blocking. My sense is that there's interest = in it, but that it hasn't really made it to the mainstream. I hear a lot = a bout it, but when I ask around amongst the people I know, I generally = get "no, you?"=20 Oh, and you probably should ask separately for IPv4 and IPv6. ;) =20I'll ask about v6 when v6 is becomes more than just a flamefest that = fills my nanog (er i mean newnog) folder. ;) jeff --Apple-Mail-459-650263092 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIILBzC CBIow ggNyoAMCAQICECf06hH0eobEbp27bqkXBwcwDQYJKoZIhvcNAQEFBQAwbzELMAkGA1UEBhM CU0Ux FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5hbCBUVFA gTmV0 d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9vdDAeFw0wNTA2MDcwODA 5MTBa Fw0yMDA1MzAxMDQ4MzhaMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAc TDlNh bHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAs TGGh0 dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1UEAxMtVVROLVVTRVJGaXJzdC1DbGllbnQ gQXV0 aGVudGljYXRpb24gYW5kIEVtYWlsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQE AsjmF pPJ9q0E7YkY3rs3BYHW8OWX5ShpHornMSMxqmNVNNRm5pELlzkniii8efNIxB8dOtINknS4 p1aJk xIW9hVE1eaROaJB7HHqkkqgX8pgV8pPMyaQylbsMTzC9mKALi+VuG6JG+ni8om+rWV6lL8/ K2m2q L+usobNqqrcuZzWLeeEeaYji5kbNoKXqvgvOdjp6Dpvq/NonWz1zHyLmSGHGTPNpsaguG7b UMSAs vIKKjqQOpdeJQ/wWWq8dcdcRWdq6hw2v+vPhwvCkxWeM1tZUOt4KpLoDd7NlyP0e03Riqhj KaJMe oYV+9Udly/hNVyh00jT/MLbu9mIwFIws6wIDAQABo4HhMIHeMB8GA1UdIwQYMBaAFK29mHo 0tCb3 +sQmVO8DveAky1QaMB0GA1UdDgQWBBSJgmd9xJ0mcABLtFBIfN49rgRufTAOBgNVHQ8BAf8 EBAMC AQYwDwYDVR0TAQH/BAUwAwEB/zB7BgNVHR8EdDByMDigNqA0hjJodHRwOi8vY3JsLmNvbW9 kb2Nh LmNvbS9BZGRUcnVzdEV4dGVybmFsQ0FSb290LmNybDA2oDSgMoYwaHR0cDovL2NybC5jb21 vZG8u bmV0L0FkZFRydXN0RXh0ZXJuYWxDQVJvb3QuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQAZ2Ik Rbyis pgCi54fBm5AD236hEv0e8+LwAamUVEJrmgnEoG3XkJIEA2Z5Q3H8+G+v23ZF4jcaPd3kWQR 4rBz0 g0bzes9bhHIt5UbBuhgRKfPLSXmHPLptBZ2kbWhPrXIUNqi5sf2/z3/wpGqUNVCPz4FtVbH dWTBK 322gnGQfSXzvNrv042n0+DmPWq1LhTq3Du3Tzw1EovsEv+QvcI4l+1pUBrPQxLxtjftzMiz pm4Qk LdZ/kXpoAlAfDj9N6cz1u2fo3BwuO/xOzf4CjuOoEwqlJkRl6RDyTVKnrtw+ymsyXEFs/vV doOr/ 0fqbhlhtPZZH5f4ulQTCAMyOofK7MIIGdTCCBV2gAwIBAgIQGkfeCkS3kX7A9xioIXA5FjA NBgkq hkiG9w0BAQUFADCBrjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx 0IExh a2UgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHR wOi8v d3d3LnVzZXJ0cnVzdC5jb20xNjA0BgNVBAMTLVVUTi1VU0VSRmlyc3QtQ2xpZW50IEF1dGh lbnRp Y2F0aW9uIGFuZCBFbWFpbDAeFw0xMDA2MjUwMDAwMDBaFw0xMzA2MjQyMzU5NTlaMIIBODE LMAkG A1UEBhMCVVMxEzARBgNVBBETCjE0MjYwLTE2MDAxCzAJBgNVBAgTAk5ZMRAwDgYDVQQHEwd CdWZm YWxvMRcwFQYDVQQJEw41MDEgQ0FQRU4gSEFMTDEeMBwGA1UEChMVVU5JVkVSU0lUWSBBVCB CVUZG QUxPMSAwHgYDVQQLExdPZmZpY2Ugb2YgdGhlIFByZXNpZGVudDE7MDkGA1UECxMySXNzdWV kIHRo cm91Z2ggVU5JVkVSU0lUWSBBVCBCVUZGQUxPIEUtUEtJIE1hbmFnZXIxHzAdBgNVBAsTFkN vcnBv cmF0ZSBTZWN1cmUgRW1haWwxFzAVBgNVBAMTDkplZmZyZXkgTXVycGh5MSMwIQYJKoZIhvc NAQkB FhRqY211cnBoeUBidWZmYWxvLmVkdTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggE BAMzZ bgLPBj/jLO17FDbIER5yILN4SJGJoEY5JpCf+IhmchmIXAHnJjrYp6qArptwqbbHqg4rxBI uQwU2 nO3WAT9K6xDpiwDY1ABgmPeC5fl5xXGNx+FlwDsRVeScdECVQAP6p6ZFM1+2bTuLjMxIvpF 69L2C quLkZDtLsP+xRs92d3vID1mDfnY29WWB/P2grc7R/jXN2tyKTRnK4/v/gUxwvV/rZIbCTcP cHlpZ i4hh0GJDyGUDHNTxyDZ3VgRVid5Hii7P1ik5qYQ6phQNdPTqj/E1APA9vym0Uk1v61WphYh nn2rQ xFns2n46lUHOUnKQDrFvK9kPlvKFf+5tDpMCAwEAAaOCAgAwggH8MB8GA1UdIwQYMBaAFIm CZ33E nSZwAEu0UEh83j2uBG59MB0GA1UdDgQWBBT6WdGW5dlFVmppKaN5r5sywXnZfDAOBgNVHQ8 BAf8E BAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDBAYIKwYBBQUHAwIwRgY DVR0g BD8wPTA7BgwrBgEEAbIxAQIBAwUwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29 tb2Rv Lm5ldC9DUFMwgaUGA1UdHwSBnTCBmjBMoEqgSIZGaHR0cDovL2NybC5jb21vZG9jYS5jb20 vVVRO LVVTRVJGaXJzdC1DbGllbnRBdXRoZW50aWNhdGlvbmFuZEVtYWlsLmNybDBKoEigRoZEaHR 0cDov L2NybC5jb21vZG8ubmV0L1VUTi1VU0VSRmlyc3QtQ2xpZW50QXV0aGVudGljYXRpb25hbmR FbWFp bC5jcmwwbAYIKwYBBQUHAQEEYDBeMDYGCCsGAQUFBzAChipodHRwOi8vY3J0LmNvbW9kb2N hLmNv bS9VVE5BQUFDbGllbnRDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2N hLmNv bTAfBgNVHREEGDAWgRRqY211cnBoeUBidWZmYWxvLmVkdTANBgkqhkiG9w0BAQUFAAOCAQE AoHOD 52Q0ePZZSo/+gZP32+JZ6Fu4kAdslIhXVP7OvNNFK9GwLJXeLG/sw+YrDE4ZuCKi/MtRF73 NXNzn jcqymZV1OYXgl955LFHbJFb9hvknbrkjuXcy16AAZoxbMdNFC9i27uug511I5Mar5RxZA/0 CuAuf eIn6xdTx92PYvoT9tukDA+MidmoiQhcTUbH8ILthQqJyE6e+VfoXDn9hIRXf4JuGUhBd/S7 QhGEX Emn2LaLdPWKCGtz00N21V/zYVBhaMHWGwaR1E7m8Tn04mYjGgkwczu/WYsRkt+BDdTAi1O3 JPnRx cA7Vt2wI/9/i4H87X472J9mVV0LMVEzZtDGCA/wwggP4AgEBMIHDMIGuMQswCQYDVQQGEwJ VUzEL MAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVN FUlRS VVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1U EAxMt VVROLVVTRVJGaXJzdC1DbGllbnQgQXV0aGVudGljYXRpb24gYW5kIEVtYWlsAhAaR94KRLe RfsD3 GKghcDkWMAkGBSsOAwIaBQCgggINMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZ IhvcN AQkFMQ8XDTExMDIyODIyMzUyNlowIwYJKoZIhvcNAQkEMRYEFFzJps1Fng0Zzk50vGUdQkf VUzkg MIHUBgkrBgEEAYI3EAQxgcYwgcMwga4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVVDEXMBU GA1UE BxMOU2FsdCBMYWtlIENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEhMB8 GA1UE CxMYaHR0cDovL3d3dy51c2VydHJ1c3QuY29tMTYwNAYDVQQDEy1VVE4tVVNFUkZpcnN0LUN saWVu dCBBdXRoZW50aWNhdGlvbiBhbmQgRW1haWwCEBpH3gpEt5F+wPcYqCFwORYwgdYGCyqGSIb 3DQEJ EAILMYHGoIHDMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQ gTGFr ZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA 6Ly93 d3cudXNlcnRydXN0LmNvbTE2MDQGA1UEAxMtVVROLVVTRVJGaXJzdC1DbGllbnQgQXV0aGV udGlj YXRpb24gYW5kIEVtYWlsAhAaR94KRLeRfsD3GKghcDkWMA0GCSqGSIb3DQEBAQUABIIBAKn iVfDo NPELw8rE24J5ccae5H+WXKU2EKrfACCYCRmbzsqkgJfkHS2hEWtZ9PvVbc9uFGMeAG/rbyb bNHmg aeJ9d7HWoycw4AWBDdEZnRsWf79DcXyYD1WAJm0hJ0SBa1jnq7k/GLrPZViBqcj9krODUSC DkfIB L3GLf4b8w94Z5jWWv/3vioHdNYZRtVSyhtoqzQGBBFP91QJEBWWD/B2yFu1CjgDj9dvlX+8 BIWkr BHQJU4bPamr0rxliyNMa7ty6j02ZE84XbsBDEE5KF9XSJ7zjA5WIZSkDB5YR0IkBG04jalh XYXBS tBjOqY+US1NghVLDmvf3uOl0CbGmyQIAAAAAAAA= --Apple-Mail-459-650263092-- ------------------------------ Date: Mon, 28 Feb 2011 16:43:28 -0600 From: Chris Green <cmgreen () UAB EDU> Subject: Re: PGP Universal Server 3.1.0 --_000_6284F7174726844C99BAC004C5EEC8BA0396B4C2UABEXMBS3aduabe_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable We have a separate test lab where we have a separate Universal Server we bo= ot up for testing. Since it only auths against AD and we have a limited nu= mber of macs to test with, it's exposed to internal IPs. We have a pretty extensive set of tests we run each upgrade cycle for our s= upported versions of PGP in our lab environment. Basic builds with Versio= n X of PGP. Can it report? Can it enroll? Can you do key recovery? Can = you upgrade it to the latest installer? Can you upgrade our oldest version= ? The only big thing we ever have to watch out for with PGP upgrade mechanics= is when a system gets restored from backup, it "recovers" the IP address t= oo which is bad for a server where they try to not let you login as root. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY@LIS= TSERV.EDUCAUSE.EDU] On Behalf Of Youngquist, Jason R. Sent: Monday, February 28, 2011 3:16 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] PGP Universal Server 3.1.0 We are currently running PGP Desktop version 10.0 and PGP Universal Server = 2.12 (primary/secondary cluster) in VMWare. We are looking to upgrade to 3= .1.0 and I was wondering if anyone has ran into any problems/issues. Also, when going from one version of PGP Universal Server to another, do yo= u test it out in a test environment first? If so, I'd be interested in how= you do this in a virtual environment such as VMWare. We tried it awhile a= go, and ran into some issues because we didn't have a test AD server. Please feel free to email me off list. Thanks. Jason Youngquist Information Technology Security Engineer Technology Services Columbia College 1001 Rogers Street, Columbia, MO 65216 (573) 875-7334 jryoungquist () ccis edu<mailto:jryoungquist () ccis edu> http://www.ccis.edu<http://www.ccis.edu/> --_000_6284F7174726844C99BAC004C5EEC8BA0396B4C2UABEXMBS3aduabe_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas- micr= osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft- com:office:word" = xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:= //www.w3.org/TR/REC-html40"><head><meta http-equiv=3DContent-Type content= =3D"text/html; charset=3Dus-ascii"><meta name=3DGenerator content=3D"Micros= oft Word 14 (filtered medium)"><style><!-- /* Font Definitions */ @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} @font-face {font-family:Tahoma; panose-1:2 11 6 4 3 5 4 4 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; margin-bottom:.0001pt; font-size:11.0pt; font-family:"Calibri","sans-serif";} a:link, span.MsoHyperlink {mso-style-priority:99; color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {mso-style-priority:99; color:purple; text-decoration:underline;} span.EmailStyle17 {mso-style-type:personal; font-family:"Calibri","sans-serif"; color:windowtext;} span.EmailStyle18 {mso-style-type:personal-reply; font-family:"Calibri","sans-serif"; color:windowtext; font-weight:normal; font-style:normal; text-decoration:none none;} .MsoChpDefault {mso-style-type:export-only; font-size:10.0pt;} @page WordSection1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in;} div.WordSection1 {page:WordSection1;} --></style><!--[if gte mso 9]><xml> <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" /> </xml><![endif]--><!--[if gte mso 9]><xml> <o:shapelayout v:ext=3D"edit"> <o:idmap v:ext=3D"edit" data=3D"1" /> </o:shapelayout></xml><![endif]--></head><body lang=3DEN-US link=3Dblue vli= nk=3Dpurple><div class=3DWordSection1><p class=3DMsoNormal>We have a separa= te test lab where we have a separate Universal Server we boot up for testin= g. Since it only auths against AD and we have a limited number of mac= s to test with, it’s exposed to internal IPs.<o:p></o:p></p><p class= =3DMsoNormal><o:p> </o:p></p><p class=3DMsoNormal>We have a pretty ext= ensive set of tests we run each upgrade cycle for our supported versions of= PGP in our lab environment. Basic builds with Version X of PGP= . Can it report? Can it enroll? Can you do key recovery?&= nbsp; Can you upgrade it to the latest installer? Can you upgrade our= oldest version?<o:p></o:p></p><p class=3DMsoNormal><o:p> </o:p></p><p= class=3DMsoNormal>The only big thing we ever have to watch out for with PG= P upgrade mechanics is when a system gets restored from backup, it “r= ecovers” the IP address too which is bad for a server where they try = to not let you login as root.<o:p></o:p></p><p class=3DMsoNormal><o:p> = ;</o:p></p><div><div style=3D'border:none;border-top:solid #B5C4DF 1.0pt;pa= dding:3.0pt 0in 0in 0in'><p class=3DMsoNormal><b><span style=3D'font- size:1= 0.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style=3D'fon= t-size:10.0pt;font-family:"Tahoma","sans-serif"'> The EDUCAUSE Security Con= stituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] <b>On Behal= f Of </b>Youngquist, Jason R.<br><b>Sent:</b> Monday, February 28, 2011 3:1= 6 PM<br><b>To:</b> SECURITY () LISTSERV EDUCAUSE EDU<br><b>Subject:</b> [SECUR= ITY] PGP Universal Server 3.1.0<o:p></o:p></span></p></div></div><p class= =3DMsoNormal><o:p> </o:p></p><p class=3DMsoNormal>We are currently run= ning PGP Desktop version 10.0 and PGP Universal Server 2.12 (primary/second= ary cluster) in VMWare. We are looking to upgrade to 3.1.0 and I was = wondering if anyone has ran into any problems/issues.<o:p></o:p></p><p clas= s=3DMsoNormal><o:p> </o:p></p><p class=3DMsoNormal>Also, when going fr= om one version of PGP Universal Server to another, do you test it out in a = test environment first? If so, I’d be interested in how you do = this in a virtual environment such as VMWare. We tried it awhile ago,= and ran into some issues because we didn’t have a test AD server.&nb= sp; <o:p></o:p></p><p class=3DMsoNormal><o:p> </o:p></p><p class=3DMso= Normal>Please feel free to email me off list.<o:p></o:p></p><p class=3DMsoN= ormal><o:p> </o:p></p><p class=3DMsoNormal><o:p> </o:p></p><p cla= ss=3DMsoNormal>Thanks.<o:p></o:p></p><p class=3DMsoNormal><span style=3D'co= lor:black'>Jason Youngquist<o:p></o:p></span></p><p class=3DMsoNormal><span= style=3D'color:black'>Information Technology Security Engineer<o:p></o:p><= /span></p><p class=3DMsoNormal><span style=3D'color:black'>Technology Servi= ces<o:p></o:p></span></p><p class=3DMsoNormal><span style=3D'color:black'>C= olumbia College<o:p></o:p></span></p><p class=3DMsoNormal><span style=3D'co= lor:black'>1001 Rogers Street, Columbia, MO 65216<o:p></o:p></span></= p><p class=3DMsoNormal><span style=3D'color:black'>(573) 875- 7334<o:p></o:p=</span></p><p class=3DMsoNormal><span style=3D'color:black'><ahref=3D"mai= lto:jryoungquist () ccis edu">jryoungquist () ccis edu</a><o:p></o:p></span>< /p><= p class=3DMsoNormal><span style=3D'color:black'><a href=3D"http://www.ccis.= edu/" target=3D"_blank">http://www.ccis.edu</a><o:p></o:p></span></p><p cla= ss=3DMsoNormal><o:p> </o:p></p></div></body></html>= --_000_6284F7174726844C99BAC004C5EEC8BA0396B4C2UABEXMBS3aduabe_-- ------------------------------ Date: Mon, 28 Feb 2011 18:42:18 -0700 From: "SCHALIP, MICHAEL" <mschalip () CNM EDU> Subject: Digital signatures on legal documents...?? --_000_988201AAB9319E4A9CD65754395FB6C7FC4AFCFB9FEXMAILadminad_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi Security folks..... Back again for another "what are YOU doing...?" question..... The fed sector has been using "digital signatures" for a few years - the la= st one that I knew of was "Entrust" - used for both encryption and "digital= signatures", (non-repudiation messaging, basically). My question: 1. Is there anyone out there that is using "digital signatures", and.... 2. If so - what product(s) are you using?.....and.... 3. What kind of policy do you have in place to support, or provide for, t= he use of digital signatures....?? Thanks, Michael --=20 This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. --_000_988201AAB9319E4A9CD65754395FB6C7FC4AFCFB9FEXMAILadminad_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <html dir=3D"ltr"><head> <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Diso- 8859-= 1"> <style>@font-face { font-family: Calibri; } @font-face { font-family: Tahoma; } @page WordSection1 {margin: 1.0in 1.0in 1.0in 1.0in; } P.MsoNormal { MARGIN: 0in 0in 0pt; FONT-FAMILY: "Calibri","sans-serif"; FONT- SIZE: 11pt } LI.MsoNormal { MARGIN: 0in 0in 0pt; FONT-FAMILY: "Calibri","sans-serif"; FONT- SIZE: 11pt } DIV.MsoNormal { MARGIN: 0in 0in 0pt; FONT-FAMILY: "Calibri","sans-serif"; FONT- SIZE: 11pt } A:link { COLOR: blue; TEXT-DECORATION: underline } SPAN.MsoHyperlink { COLOR: blue; TEXT-DECORATION: underline } A:visited { COLOR: purple; TEXT-DECORATION: underline } SPAN.MsoHyperlinkFollowed { COLOR: purple; TEXT-DECORATION: underline } SPAN.EmailStyle17 { FONT-FAMILY: "Calibri","sans-serif"; COLOR: windowtext } SPAN.EmailStyle18 { FONT-STYLE: normal; FONT-FAMILY: "Calibri","sans-serif"; COLOR: windowtext= ; FONT-WEIGHT: normal; TEXT-DECORATION: none } .MsoChpDefault { FONT-SIZE: 10pt } DIV.WordSection1 { =09 } </style> <meta name=3D"GENERATOR" content=3D"MSHTML 8.00.6001.19019"> <style id=3D"owaTempEditStyle"></style><style title=3D"owaParaStyle"><!--P { MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px } --></style> </head> <body lang=3D"EN-US" link=3D"blue" vlink=3D"purple" ocsi=3D"x"> <div style=3D"FONT-FAMILY: Tahoma; DIRECTION: ltr; COLOR: #000000; FONT-SIZ= E: 13px"> <p>Hi Security folks.....</p> <p><font size=3D"2" face=3D"tahoma"></font> </p> <p><font size=3D"2" face=3D"tahoma">Back again for another "what are Y= OU doing...?" question.....</font></p> <p><font size=3D"2" face=3D"tahoma"></font> </p> <p><font size=3D"2" face=3D"tahoma">The fed sector has been using "dig= ital signatures" for a few years - the last one that I knew of was &qu= ot;Entrust" - used for both encryption and "digital signatures&qu= ot;, (non-repudiation messaging, basically). My question: </font></p> <ol style=3D"FONT-FAMILY: Tahoma; FONT-SIZE: 10pt"> <li><font size=3D"2" face=3D"tahoma">Is there anyone out there that is usin= g "digital signatures", and.... </font></li><li><font size=3D"2" face=3D"tahoma">If so - what product(s) ar= e you using?.....and....</font> </li><li><font size=3D"2" face=3D"tahoma">What kind of policy do you have i= n place to support, or provide for, the use of digital signatures....??</fo= nt></li></ol> <p><font size=3D"2" face=3D"tahoma"></font> </p> <p><font size=3D"2" face=3D"tahoma">Thanks,</font></p> <p><font size=3D"2" face=3D"tahoma"></font> </p> <p><font size=3D"2" face=3D"tahoma">Michael</font></p> </div> <br />--=20 <br />This message has been scanned for viruses and <br />dangerous content by <a href=3D"http://www.mailscanner.info/"><b>MailScanner</b></a>, and is <br />believed to be clean. </body> </html> --_000_988201AAB9319E4A9CD65754395FB6C7FC4AFCFB9FEXMAILadminad_-- ------------------------------ End of SECURITY Digest - 26 Feb 2011 to 28 Feb 2011 (#2011-37) **************************************************************
Current thread:
- Re: SECURITY Digest - 26 Feb 2011 to 28 Feb 2011 (#2011-37) Dunker, Mary (Mar 01)