Educause Security Discussion mailing list archives
Re: College Support of VPN on open Wi-Fi
From: Frank Barton <bartonf () HUSSON EDU>
Date: Sat, 7 Oct 2017 06:45:12 -0400
Kevin, so did you immediately classify the account as compromised? Lock it out and make the student show up in person to get a new password? I'm curious what you do in those cases Frank On Fri, Oct 6, 2017 at 4:26 PM, Kevin Crider <kcrider () skidmore edu> wrote:
YES. Funny, we just discussed this yesterday and have this blocked already...mainly I think YouTube was the end point. We discovered this by seeing in logs users were logged here on campus, and 8 times oversees also...all at once... The big security issue I think was just the fact that users were sharing passwords! -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto: SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of McClenon, Brady Sent: Friday, October 6, 2017 3:39 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] College Support of VPN on open Wi-Fi Anyone concerned about legal implications if their institution is providing overseas students a VPN tunnel that could be used by the student to circumvent country or regional restrictions on content from providers like Netflix or Hulu? Brady McClenon IT Security Administrator ITS - IT Security SUNY Oneonta Information Security is Everyone's Responsibility! Learn more at https://na01.safelinks.protection.outlook.com/?url= http%3A%2F%2Fstaysafeonline.org%2Fncsam%2F&data=01%7C01% 7Ckcrider%40SKIDMORE.EDU%7C4659b86f11f64a2fe26f08d50cf1edf2% 7Cfdd86edf062048a2a66abe4daf7bf919%7C1&sdata=dhDtJ%2BEwEscJGQDk% 2F4EyhVskIf5VJ56HPeuJwZ2hTnk%3D&reserved=0 -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto: SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Johnson, Matthew Sent: Friday, October 6, 2017 3:05 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] College Support of VPN on open Wi-Fi A good portion of our VPN access is from students / staff/ and faculty traveling overseas. We encourage its use when people travel or return to their home as it provides an additional level of protection when they connect back to our internal resources. To protect these accounts we recently enabled Duo two factor authentication for all VPN connections. This will ensure that the proper account is connecting through the VPN and only one person is using that account. If you are worried about VPN from overseas, enable two factor authentication and tie it to one user account. Matt Matthew Johnson, CISSP Information Security Analyst, Office of Information Security Northeastern University 216 Massachusetts Ave, 302-216 Boston, MA 02115 O: 617-373-6080 | F: 617-373-6423 -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Valdis Kletnieks Sent: Thursday, October 05, 2017 5:57 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] College Support of VPN on open Wi-Fi On Wed, 04 Oct 2017 23:44:35 -0000, "Corn, Michael" said:One thing to consider if you're rethinking your VPN strategy. Include a check box somewhere that, if checked, permits access to the VPN from overseas. By default it should not be checked. This will provide some protection to accounts from abuse since VPNs are frequent targets for use from overseas (esp. for those targeting your library resources).Also make plans for how to deal with people that travel to California, or across the state, and errant Geo-IP suddenly decides they're outside the US. Make sure that your help desk is able to deal with these glitches *AND* that the procedure is at least somewhat social engineering proof.... (Yes, I know that last part is a challenge involving tradeoffs ... :)
-- Frank Barton Security+, ACMT IT Systems Administrator Husson University
Current thread:
- College Support of VPN on open Wi-Fi James Farr (Oct 04)
- Re: College Support of VPN on open Wi-Fi Corn, Michael (Oct 04)
- Re: College Support of VPN on open Wi-Fi Valdis Kletnieks (Oct 05)
- Re: College Support of VPN on open Wi-Fi Johnson, Matthew (Oct 06)
- Re: College Support of VPN on open Wi-Fi McClenon, Brady (Oct 06)
- Re: College Support of VPN on open Wi-Fi Kevin Crider (Oct 06)
- Re: College Support of VPN on open Wi-Fi Frank Barton (Oct 07)
- Re: College Support of VPN on open Wi-Fi Kevin Crider (Oct 07)
- Re: College Support of VPN on open Wi-Fi Valdis Kletnieks (Oct 05)
- Re: College Support of VPN on open Wi-Fi Corn, Michael (Oct 04)