Re: Information Security Classes on the campus network

[Jack Suess <jack () UMBC EDU>]

In general, I don't mind giving students the ability to do this without
special access since those that want to compromise our network are doing it
without permission. Some things they can't do without special access and we
deal with those on a case-by-case basis in working with the instructor.

We do ask the faculty to let us know since it will likely trigger some
alarms and to discuss ethics with students prior to doing these exercises so
the students understand their responsibility to protect anything they may
find and work with us. We also highlight that as part of this if we find a
student doing anything malicious after being a part of the course we will go
after them with no leniency and they are likely to be suspended or expelled
from the university.







Jack Suess             UMBC VP of IT & CIO
jack () umbc edu     1000 Hilltop Circle
410.455.2582          Baltimore Md, 21250
Homepage:             http://bit.ly/fSB5ID




On Mon, Sep 19, 2011 at 10:49 AM, Weaver, Rob <weaver () kutztown edu> wrote:

> I am curious how others are handling Information Security courses that want
> to run password auditors, packet sniffers, port scanners, and vulnerability
> scanners against the production network as part of their assignments.****
>
> ** **
>
> Thanks for your input…****
>
> ** **
>
> -Rob****
>
> ** **