Re: [EXT] Re: [SECURITY] Access to Porn sites?

[randy <marchany () VT EDU>]

Looking at the replies on this thread, it's not clear what the problem is.
Are we making the assumption that all porn/gambling/"adult" site are the
source of all/most successful malware attacks against our institutions (the
technical defense) or is the reason for blocking these site based on
arbitrary non-technical reasons? If we look at the technical side, we're
talking about basic threat intel which can be addressed by aforementioned
solutions like Palo Alto, Barracuda, DNS-RPZ, Cisco Umbrella, etc. Services
like these don't care what the site does/provides, only that the sites
historically have been the source of successful malware attacks. How does a
domain get put into these filters and more importantly how does a domain
get removed from these filters? This is one of the key questions I like to
ask providers of filtering services. I mention this because we were the
victim of an email spam DOS attack a couple of years. A couple of our hosts
sent out a bunch of spam. External emailers flagged our domain as being a
spam source and put us in their "blacklist". We didn't know we were put in
these blacklists and it was a challenge to get removed from them. We only
found out months later when alumni started complaining that they could
email us because their email systems block us. This is why I believe great
care should be taken if arbitrary blocks are put in place.

We all know that the majority of malware source come from regular
machines/servers/domains. Do you have data to support/justify your
technical approach? I focus on the metrics side of things in order to
address the "academic" freedom issue. I suppose if an org can show the 75%
of their successful attacks came from adult/gambling sites that can justify
putting blocks in place. My point is that if you're considering any type of
blocks at the border, make sure this response addresses the root cause and
you have metrics to show why a response is necessary. Of course, there are
sites that should be blocked or access to them restricted in some way but
the reason for the block should be clear.

Address the root cause.

-Randy Marchany
VA Tech IT Security Office and Lab.



On Thu, Aug 15, 2019 at 9:18 AM Gary McCullors <gary.mccullors () athens edu>
wrote:

> We’ve been blocking porn sites for years using Barracuda’s web filter.  I
> think they call it Web Security Gateway, now.
>
>
>
> The only pushback we had was from the library.  They tried to say that a
> student researching breast cancer would be blocked from accessing valid
> breast cancer sites because of the word breast.  A quick demonstration to
> the administration showed that the library’s argument was not valid.
>
>
>
> We took the same approach as Norfolk State for academic access to porn
> sites.  The have to make a formal request and it must be approved by the
> Provost’s office.
>
>
>
> We get a few false-positives a month, but not enough to make it
> unmanageable – benefits of being a small school.
>
>
>
> Interestingly, when we started blocking porn sites we did not find any
> faculty or day-time staff in the logs for attempting to access porn sites.
> The only consistent facility showing up in the logs was the library.  Once
> the public visitors found out they couldn’t get to porn sites from our
> network, they quit coming to our library and the entries dropped to almost
> zero.
>
>
>
> Gary
>
>
>
> --
>
>
>
> Gary W. McCullors
>
> Director, Information Technology Services
>
> Information Security Officer
>
> Athens State University
>
>
>
> *From:* The EDUCAUSE Security Community Group Listserv [mailto:
> SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *King, Ronald A.
> *Sent:* Thursday, August 15, 2019 7:47 AM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* [EXT] Re: [SECURITY] Access to Porn sites?
>
>
>
> We block it here. Have done so since I first started in 2006. This is
> because we have significant state oversight. Should a professor need access
> for academic reasons, they can request it. We use Palo’s URL filtering
> which blocks 99%. We also block gambling.
>
>
>
> Ron
>
>
>
> *Ronald King*
>
> *Chief Information Security Officer*
>
>
>
> *Office of Information Technology*
>
> (757) 823-2916 (Office)
>
> raking () nsu edu
>
> www.nsu.edu
>
> @NSUCISO (Twitter)
>
> [image: NSU_logo_horiz_tag_4c - Smaller]
>
>
>
> *From:* The EDUCAUSE Security Community Group Listserv <
> SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Babak Oskouian
> *Sent:* Wednesday, August 14, 2019 7:08 PM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* [SECURITY] Access to Porn sites?
>
>
>
> Hi All,
>
>
>
> We at Mills College have been kicking around the idea of blocking access
> to porn sites on our network. Needless to say, we have gotten some push
> back. Our plan (if it is green-lighted) is to use the built-in "adult"
> filters that our Palo Alto firewall provides.
>
> I am curious as to how many of you block porn sites, and if you do and
> especially if you use a Palo Alto device, have you had to do a lot of
> fine-tuning of your filters to eliminate false-positives?
>
>
>
> Thanks.
>
>
>
> Babak
>
>
>
>
> * Babak Oskouian, Ph.D. | Campus Network Engineer | Information Security
> Officer*
>
> *Mills College | 5000 MacArthur Blvd | Oakland, CA 94613-1301*
>
> *Office: Stern Hall 007; Phone: 510-430-2224 <510-430-2224>*
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community