Educause Security Discussion mailing list archives
Re: SECURITY Digest - 12 Dec 2013 to 16 Dec 2013 (#2013-219)
From: Kim Cary <kim.cary () PEPPERDINE EDU>
Date: Tue, 17 Dec 2013 13:44:03 -0800
PSoft is web based. HTTPS access is allowed from anywhere. Kim ~=|=~ Kim Cary Chief Information Security Officer Pepperdine University Please process all unexpected email requests according to the skills at phishing.pepperdine.edu - if suspicious, delete; if it seems real or you can't decide, contact the purported sender via published phone number, web or email address. On Mon, Dec 16, 2013 at 9:00 PM, SECURITY automatic digest system < LISTSERV () listserv educause edu> wrote:
---------- Forwarded message ---------- From: SECURITY automatic digest system <LISTSERV () LISTSERV EDUCAUSE EDU> To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU> Cc: Date: Mon, 16 Dec 2013 21:00:03 -0800 Subject: SECURITY Digest - 12 Dec 2013 to 16 Dec 2013 (#2013-219) There are 5 messages totalling 520 lines in this issue. Topics of the day: 1. Biometric Survey for Higher Education 2. Remote access to SIS/ERP? (4) ---------- Forwarded message ---------- From: Valerie Vogel <vvogel () EDUCAUSE EDU> To: Cc: Date: Mon, 16 Dec 2013 09:59:19 -0800 Subject: Re: Biometric Survey for Higher Education Please consider completing the biometrics survey below. Kevin needs 40 more responses (90 total). Your input is appreciated and may help us publish a new ECAR paper for the higher ed infosec community. Best, Valerie Valerie Vogel Program Manager EDUCAUSE Uncommon Thinking for the Common Good direct: 202.331.5374 | main: 202.872.4200 | educause.edu On 11/23/13 8:24 AM, "Mclaughlin, Kevin (mclaugkl)" <mclaugkl () UCMAIL UC EDU> wrote:Hi Everyone: A lot of you probably know me from my time and contributions back when I was the CISO at the University of Cincinnati, a role I have since moved on from. I am still active in higher education and in Cyber Security as I am on my 23rd year as an adjunct for various colleges. I am finally finishing up my dissertation work in Cyber Security and was hoping that each of you would be willing to help me accomplish this life goal by completing the survey at the link below. The survey is 16 questions in likert (agree/disagree) format and a couple of demographic questions. In the pre-test it literally took most people less than 8 minutes to complete the instrument. So, I am asking for 8 minutes of your time. I also am very much aware of the worlds most popular radio station WIIFM (what's in it for me) :-) - the kind folks at ECAR have agreed, as long as it is deserving, to publish my research so that it can benefit and be shared across our community (thank you Joanna and Valerie!). Yes, I have passed IRB approval, pre-test review, field trial, etc. and now I am ready to collect results from the actual instrument. Here is the link to the instrument and I look forward to see what our community is thinking in this space. .. https://www.surveymonkey.com/s/Biometrics_HigherEducation_klm Warm Regards, - Kevin---------- Forwarded message ---------- From: Theresa Rowe <rowe () OAKLAND EDU> To: Cc: Date: Mon, 16 Dec 2013 12:33:01 -0800 Subject: Re: Remote access to SIS/ERP? We o, through VPN. Theresa On Monday, December 9, 2013, David Curry wrote:Hi, Looking to answer the "well, what do other schools do?" question here... Do you allow remote access to Banner (or whatever system you use) for employees working from home, on the road, etc.? If so, how are you doing it -- VPN, VDI, Citrix or similar, LogMeIn/GoToMyPC, over the open Internet, etc.? And do you require any additional authentication (such as two-factor authentication)? Do you have a reporting instance (Argos, Hyperion, etc.) attached to Banner (or whatever system you use)? If so, so you allow remote access to that, and if so, how (same questions as above)? Thanks, --Dave -- *DAVID A. CURRY, CISSP* • DIRECTOR OF INFORMATION SECURITY *THE NEW SCHOOL* • 55 W. 13TH STREET • NEW YORK, NY 10011 +1 212 229-5300 x4728 • david.curry () newschool edu-- Theresa Rowe on the road ---------- Forwarded message ---------- From: "Miller,James R" <millerj () UAKRON EDU> To: Cc: Date: Mon, 16 Dec 2013 13:06:39 -0800 Subject: Re: Remote access to SIS/ERP? We use BPN Sent from my iPhone On Dec 16, 2013, at 3:34 PM, "Theresa Rowe" <rowe () OAKLAND EDU> wrote: We o, through VPN. Theresa On Monday, December 9, 2013, David Curry wrote:Hi, Looking to answer the "well, what do other schools do?" question here... Do you allow remote access to Banner (or whatever system you use) for employees working from home, on the road, etc.? If so, how are you doing it -- VPN, VDI, Citrix or similar, LogMeIn/GoToMyPC, over the open Internet, etc.? And do you require any additional authentication (such as two-factor authentication)? Do you have a reporting instance (Argos, Hyperion, etc.) attached to Banner (or whatever system you use)? If so, so you allow remote access to that, and if so, how (same questions as above)? Thanks, --Dave -- *DAVID A. CURRY, CISSP* • DIRECTOR OF INFORMATION SECURITY *THE NEW SCHOOL* • 55 W. 13TH STREET • NEW YORK, NY 10011 +1 212 229-5300 x4728 • david.curry () newschool edu-- Theresa Rowe on the road ---------- Forwarded message ---------- From: "Miller,James R" <millerj () UAKRON EDU> To: Cc: Date: Mon, 16 Dec 2013 13:08:38 -0800 Subject: Re: Remote access to SIS/ERP? Sorry, meant to type VPN. Darn these small keyboards. Sent from my iPhone On Dec 16, 2013, at 4:07 PM, "Miller,James R" <millerj () uakron edu> wrote: We use BPN Sent from my iPhone On Dec 16, 2013, at 3:34 PM, "Theresa Rowe" <rowe () OAKLAND EDU> wrote: We o, through VPN. Theresa On Monday, December 9, 2013, David Curry wrote:Hi, Looking to answer the "well, what do other schools do?" question here... Do you allow remote access to Banner (or whatever system you use) for employees working from home, on the road, etc.? If so, how are you doing it -- VPN, VDI, Citrix or similar, LogMeIn/GoToMyPC, over the open Internet, etc.? And do you require any additional authentication (such as two-factor authentication)? Do you have a reporting instance (Argos, Hyperion, etc.) attached to Banner (or whatever system you use)? If so, so you allow remote access to that, and if so, how (same questions as above)? Thanks, --Dave -- *DAVID A. CURRY, CISSP* • DIRECTOR OF INFORMATION SECURITY *THE NEW SCHOOL* • 55 W. 13TH STREET • NEW YORK, NY 10011 +1 212 229-5300 x4728 • david.curry () newschool edu-- Theresa Rowe on the road ---------- Forwarded message ---------- From: "Hanson, Mike" <mhanson () CSS EDU> To: Cc: Date: Mon, 16 Dec 2013 13:43:42 -0800 Subject: Re: Remote access to SIS/ERP? Dave, We do allow access to Banner and the reporting component via VPN with dual factor authentication. Mike Mike Hanson, CISSP Network Security Manager The College of St. Scholastica Duluth, MN On Mon, Dec 16, 2013 at 2:33 PM, Theresa Rowe <rowe () oakland edu> wrote:We o, through VPN. Theresa On Monday, December 9, 2013, David Curry wrote:Hi, Looking to answer the "well, what do other schools do?" question here... Do you allow remote access to Banner (or whatever system you use) for employees working from home, on the road, etc.? If so, how are you doing it -- VPN, VDI, Citrix or similar, LogMeIn/GoToMyPC, over the open Internet, etc.? And do you require any additional authentication (such as two-factor authentication)? Do you have a reporting instance (Argos, Hyperion, etc.) attached to Banner (or whatever system you use)? If so, so you allow remote access to that, and if so, how (same questions as above)? Thanks, --Dave -- *DAVID A. CURRY, CISSP* • DIRECTOR OF INFORMATION SECURITY *THE NEW SCHOOL* • 55 W. 13TH STREET • NEW YORK, NY 10011 +1 212 229-5300 x4728 • david.curry () newschool edu-- Theresa Rowe on the road
Current thread:
- Re: SECURITY Digest - 12 Dec 2013 to 16 Dec 2013 (#2013-219) Kim Cary (Dec 17)