Educause Security Discussion mailing list archives
Re: SECURITY Listserv Instructions and ParticipationGuidelines
From: Wayne Wilson <wwilson () UMICH EDU>
Date: Wed, 3 Jul 2002 15:40:58 -0400
H. Morrow Long wrote:
The following appeared in the Network World Fusion Security Newsletter today and can only reinforce in the mind of the public that 'Universities are the worst-secured component of the American economy' which I don't believe is entirely true (there are plenty of companies of different sizes with poor IT security as well as many individuals -- such as a large number of high speed Cable/DSL Internet users).
That statement is probably no longer true, especially in the context of the 'economy'. As I recall, most of the thousands of credit card numbers which have been stolen electronically, most of the extortion using compromised systems as leverage and most of the fiscal loss's are due to commerical, for profit entities. The last time I saw numbers on the residual pool of Nimda and Code Red hosts, .edu was not in the lead.... What I find more interesting are the three 'tasks' assigned to Universities:
First, help us design the research projects.
> "The second thing we need from the academic sector is to teach. > "The third element is securing the universities' own networks, > which are the major source of hack attacks today - probably > three-quarters of the total number of attacks > These are all good tasks. Since Universities have been on the front lines of acutually running systems within the Internet as long as anybody, have experience in large scale systems, especially authentication systems and have been the past brunt of most 'attacks', it would seem to me we might have expertise to lend in operations as well as robust systems design. In fact, Kabay's suggestions are mostly operational. Meanwhile, such things like creating a secure operating system are being left to Bill Gates ...
Bill Gates says he will devote the resources of this enormous corporation to developing a security operating system.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/cg.html.
Current thread:
- Re: SECURITY Listserv Instructions and ParticipationGuidelines H. Morrow Long (Jul 03)
- <Possible follow-ups>
- Re: SECURITY Listserv Instructions and ParticipationGuidelines Wayne Wilson (Jul 03)
- Re: SECURITY Listserv Instructions and ParticipationGuidelines Rodney Petersen (Jul 07)
- Re: SECURITY Listserv Instructions and ParticipationGuidelines Randy Marchany (Jul 08)
- Re: SECURITY Listserv Instructions and ParticipationGuidelines Gene Spafford (Jul 08)