Re: a question about having College ID number as part of directory information

["pmorley () mcdaniel edu" <pmorley () MCDANIEL EDU>]

                Good Morning,

                We had similar concerns, and when Microsoft AD was implemented here Microsoft told us that don't store 
anything that is sensitive in AD......

                We mitigated this by extending our schema with custom attributes that are marked as "private" and are 
secured by a special security group only certain things can query on these attributes.

                This is the only way that is supported and that appears to be relatively secure.

                To do this, you must apply for a site specific OID and use that OID to extend your schema.

                Thanks.

Phillip Morley
Data Center Administrator | Information Technology
McDaniel College
2 College Hill
Westminster, MD 21157
* Office: (410) 857-2540
* E-mail: pmorley () mcdaniel edu<mailto:pmorley () mcdaniel edu>

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Roy 
Galang
Sent: Thursday, November 07, 2013 8:58 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] a question about having College ID number as part of directory information

HI All,

This may have been addressed before but I am being asked if providing a college ID number on our LDAP and other 
directory services is a security risk.

I'm feeling that it isn't but I'm press to put a statement behind it that will put people at ease.

Thanks,

Roy Galang
________________________________
Roy Galang
Director Technology Infrastructure
Library and Information Systems
Wheaton College
26 E. Main Street
Norton, MA 02766

Galang_Roy () WheatonCollege edu<mailto:Galang_Roy () WheatonCollege edu>