Educause Security Discussion mailing list archives

Re: Blocked URL Categories

From: Garrett Hildebrand <gdh () UCI EDU>
Date: Fri, 27 Oct 2017 10:36:28 -0700

We only block access to computers that we know to have malware, or computers used for command and control over malware 
on other computers.

Here is our policy:

http://www.policies.uci.edu/policies/pols/714-18.html

Garrett
-==-==-
G.D. Hildebrand              Senior IT Security Analyst
UC Irvine, OIT, 6137 Ayala Sci Lib., Irvine, 92697-1175
tel.: 949-824-8913                   email: gdh () uci edu
Created new page 15 December 2016
My URL is http://about.me/garretthildebrand
*Splunk - the Benihana of log-data slicing and dicing.*

Don't be a victim of phishing. Legitimate businesses don't ask you
to send sensitive information through insecure channels. Learn more:
http://er.educause.edu/blogs/2016/3/april-dont-get-hooked
Handle passwords wisely: http://www.bbc.com/news/technology-37510501


Today (Fri, 27 Oct 2017) at 12:56 -0400 Ronald King wrote:

Good afternoon,

We are a public institution in Maryland. We are being questioned by our
state auditors as to why we permit access to the URL categories
abused-drugs, extremism, hacking, and gambling when our AUP states IT
resources are not to be used for illegal activities or "for commercial,
religious, political (including activities supporting the nomination of any
person for political office or attempting to influence the vote in any
election or referendum), solicitation, or profit-making purposes."

Along with academic freedom, the perspective I have been arguing is one to
permit access to the sites. The argument is, just because a student
accesses a gambling website does not mean they are gambling.

So, my questions to the group are:

   - Do you block these URL categories by default?
   - If so, how do you address the request to research in areas that might
   require access to these URLs?
   - How did you convince the auditors it was necessary to allow access to
   these categories?

As always, responses can be addressed directly to me or via the listserv.

Thank you for your input!
*Ronald A. King, CISSP*
Chief Information Security Officer
Morgan State University Office: (443) 885-3372
1700 E. Cold Spring Ln. Email: ronald.king () morgan edu
Baltimore, MD 21251 URL: http://www.morgan.edu

*Growing the future ... Leading the world*
<http://www.morgan.edu/Documents/ABOUT/StrategicPlan/StrategicPlan2011-21_Final.pdf>

Current thread:

Blocked URL Categories Ronald King (Oct 27)
- Re: Blocked URL Categories John Ruggirello (Oct 27)
- Re: [External] [SECURITY] Blocked URL Categories Reyor, William F. (Oct 27)
- Re: Blocked URL Categories Ruth Ginzberg (Oct 27)
  - Re: Blocked URL Categories Jones, Mark B (Oct 27)
- Re: Blocked URL Categories Adam Maynard (Oct 27)
  - Re: Blocked URL Categories Bradley, Stephen (Oct 27)
  - Re: Blocked URL Categories Ladwig, John M (Oct 27)
- Re: Blocked URL Categories Garrett Hildebrand (Oct 27)
- Re: Blocked URL Categories Mccormick, Kevin (Oct 27)
- Re: Blocked URL Categories Ruth Ginzberg (Oct 27)
  - Re: Blocked URL Categories Ronald King (Oct 27)
    - Re: Blocked URL Categories Frank Barton (Oct 27)
    - Re: Blocked URL Categories Babak Oskouian (Oct 27)
    - Re: Blocked URL Categories Frank Barton (Oct 27)
    - Re: Blocked URL Categories Garrett Hildebrand (Oct 27)