Re: College Support of VPN on open Wi-Fi

[Frank Barton <bartonf () HUSSON EDU>]

Kevin, so did you immediately classify the account as compromised? Lock it
out and make the student show up in person to get a new password?

I'm curious what you do in those cases

Frank

On Fri, Oct 6, 2017 at 4:26 PM, Kevin Crider <kcrider () skidmore edu> wrote:

> YES. Funny, we just discussed this yesterday and have this blocked
> already...mainly I think YouTube was the end point.
>
> We discovered this by seeing in logs users were logged here on campus, and
> 8 times oversees also...all at once...
>
> The big security issue I think was just the fact that users were sharing
> passwords!
>
>
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv [mailto:
> SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of McClenon, Brady
> Sent: Friday, October 6, 2017 3:39 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] College Support of VPN on open Wi-Fi
>
> Anyone concerned about legal implications if their institution is
> providing overseas students a VPN tunnel that could be used by the student
> to circumvent country or regional restrictions on content from providers
> like Netflix or Hulu?
>
>
> Brady McClenon
> IT Security Administrator
> ITS - IT Security
> SUNY Oneonta
>
> Information Security is Everyone's Responsibility!  Learn more at
> https://na01.safelinks.protection.outlook.com/?url=
> http%3A%2F%2Fstaysafeonline.org%2Fncsam%2F&data=01%7C01%
> 7Ckcrider%40SKIDMORE.EDU%7C4659b86f11f64a2fe26f08d50cf1edf2%
> 7Cfdd86edf062048a2a66abe4daf7bf919%7C1&sdata=dhDtJ%2BEwEscJGQDk%
> 2F4EyhVskIf5VJ56HPeuJwZ2hTnk%3D&reserved=0
>
>
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv [mailto:
> SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Johnson, Matthew
> Sent: Friday, October 6, 2017 3:05 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] College Support of VPN on open Wi-Fi
>
> A good portion of our VPN access is from students / staff/ and faculty
> traveling overseas.  We encourage its use when people travel or return to
> their home as it provides an additional level of protection when they
> connect back to our internal resources.
>
> To protect these accounts we recently enabled Duo two factor
> authentication for all VPN connections.  This will ensure that the proper
> account is
> connecting through the VPN and only one person is using that account.   If
> you are worried about VPN from overseas, enable two factor authentication
> and tie it to one user account.
>
> Matt
>
> Matthew Johnson, CISSP
> Information Security Analyst, Office of Information Security Northeastern
> University
> 216 Massachusetts Ave, 302-216 Boston, MA 02115
> O:  617-373-6080 | F: 617-373-6423
>
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Valdis Kletnieks
> Sent: Thursday, October 05, 2017 5:57 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] College Support of VPN on open Wi-Fi
>
> On Wed, 04 Oct 2017 23:44:35 -0000, "Corn, Michael" said:
> > One thing to consider if you're rethinking your VPN strategy. Include
> > a check box somewhere that, if checked, permits access to the VPN from
> > overseas. By default it should not be checked. This will provide some
> > protection to accounts from abuse since VPNs are frequent targets for
> > use from overseas (esp. for those targeting your library resources).
>
> Also make plans for how to deal with people that travel to California, or
> across the state, and errant Geo-IP suddenly decides they're outside the
> US.
> Make sure that your help desk is able to deal with these glitches *AND*
> that
> the procedure is at least somewhat social engineering proof....
>
> (Yes, I know that last part is a challenge involving tradeoffs ... :)



-- 
Frank Barton
Security+, ACMT
IT Systems Administrator
Husson University