Educause Security Discussion mailing list archives
Re: Oxford and Google Apps
From: Richard Biever <richard.biever () DUKE EDU>
Date: Tue, 19 Feb 2013 12:47:44 +0000
+1 to Drew's comments. While we have made an effort to block phishing/spam messages to our community, and we do have technical controls to help us identify compromised accounts as a result of the activity, we still see the occasional attack get through. Given that students and faculty/staff spend time off-campus checking their mail from home and while on the road, we have found that education has been the best help in mitigating the issue. Everytime we do an information session or attend a departmental meeting to discuss security we take the opportunity to explain how to look at a potentially fraudulent mail message or website, and reiterate that if it looks "phishy", don't click the link. :) Cheers, Richard On Feb 19, 2013, at 7:26 AM, Drew Perry <aperry () MURRAYSTATE EDU<mailto:aperry () MURRAYSTATE EDU>> wrote: Interesting. I understand they feel it necessary in light of recent attacks. However, they are only able to block access from within their own campus resources. Off-campus users can still access Google Docs, and potentially respond to phishing attempts. To me, it seems like a knee-jerk reaction whose legitimate effects may be less than fully positive. And may in fact be worse, since limiting access from on-campus could provide a false sense of security to IT staff. Instead of a half successful technical response, effort should be placed on Information Security Awareness. Teach your users to identify phishing attempts themselves and not respond. Now, I fully understand how daunting a task that is, but it's the only way to truly protect your user base. Technical protections have their place, definitely. But user education is the best defense against phishing attacks. Sent from my phone. Drew Perry Security Analyst Murray State University (270) 809-4414 aperry () murraystate edu<mailto:aperry () murraystate edu> On Feb 19, 2013 6:11 AM, "Tracy Mitrano" <tbm3 () cornell edu<mailto:tbm3 () cornell edu>> wrote: Thoughts on this matter among the experts? http://blogs.oucs.ox.ac.uk/oxcert/2013/02/18/google-blocks/ -------------------------------------------- Richard Biever, CISSP Chief Information Security Officer Duke University Office: 919-684-8121 Cell: 919-886-9627 Email: richard.biever () duke edu<mailto:richard.biever () duke edu> Please remember that Duke will never ask for your password or information about your account in an email.
Current thread:
- Oxford and Google Apps Tracy Mitrano (Feb 19)
- Re: Oxford and Google Apps Drew Perry (Feb 19)
- Re: Oxford and Google Apps Richard Biever (Feb 19)
- Re: Oxford and Google Apps Ken Connelly (Feb 19)
- Re: Oxford and Google Apps Bradner, Scott (Feb 19)
- Re: Oxford and Google Apps Roger A Safian (Feb 19)
- Re: Oxford and Google Apps Hall, Rand (Feb 19)
- Re: Oxford and Google Apps Lorenz, Eva (Feb 19)
- Re: Oxford and Google Apps Bob Bayn (Feb 19)
- Re: Oxford and Google Apps Bob Bayn (Feb 19)
- Re: Oxford and Google Apps Santabarbara, Angelo (Feb 19)
- Re: Oxford and Google Apps Bob Bayn (Feb 19)
- Re: Oxford and Google Apps Santabarbara, Angelo (Feb 19)
- Re: Oxford and Google Apps Bob Bayn (Feb 19)
- Re: Oxford and Google Apps Drew Perry (Feb 19)