Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: What is wrong with schools these days?

From: Valdis.Kletnieks () vt edu
Date: Wed, 03 May 2006 01:51:51 -0400
On Sun, 30 Apr 2006 20:16:27 EDT, "Gaddis, Jeremy L." said:

While this often holds true, there should always a central infosec 
department that has the ability to kill a switch port.  Kill the network 
connection to a critical server exposing private information and people 
take notice pretty quick.


It's the rare university indeed where all the copper in all the departments
is owned by one networking group that has the clue to manage it all.

The biggest info leakage problem usually *isn't* a "critical server", it's
some administrative staffer who's got an extract from some database sitting
in a folder on their hard drive so they can beat the snot out of it with
Excel and get a pretty graph for some PHB - and said staffer is blissfully
unaware that C$: is shared to the entire world....

And sometimes, even when you turn off the link on their RJ-45 and call them
to tell them there's a problem, it's hard to get their attention.  Remember
that they are *not* paid to be computer security wizards, and *you* are
interfering with *their* report being completed on time.....

It's *particularly* hard to get their attention when the PHB is the University
Vice President of <Foo>, and said PHB needs the pretty graph to present to
some accreditation committee that's visiting the campus in 3 days...

(And you over in corporate-land quit snickering - I'm sure that you have
VPs that have emergency reports that need to be finished because the audit
team from one of the Big-Used-To-Be-5 is arriving later this week....)


Agreed, though lack of a response doesn't mean nothing is happening. 
Often times, the first time infosec must do is contact legal for advice. 
  Legal's first advice is often to simply not respond.


Quite often (especially if it's a dorm resident's personal machine), we're
restricted by FERPA issues (basically, if it remotely smells like a student's
records - which it becomes once we turn it over to the student judicial office).

As a result, we're often unable to say much more than "We got your report,
and it will be dealt with as per our policies.  Let us know if there's any
continued trouble".

Attachment: _bin
Description: 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: