Educause Security Discussion mailing list archives
Re: SECURITY Listserv Instructions and ParticipationGu idelines
From: "St. Laurent, Tim" <tstlaure () RICHMOND EDU>
Date: Wed, 3 Jul 2002 16:17:34 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm not sure about the research grants that many of you all get, but I know that the grants we get here typically come with very powerful computer systems. I think part of the problem, a very big part in my opinion, is the fact that many of these government grants do not come with funds to adequately support such systems. We find that a department will get a grant and put these systems up on the network without any forethought to security. I know that part of the solution is policy and procedural, which is a whole separate topic. However, a large part of this problem is that the research for these grants take up a large amount of time and give little time for doing essential system administration. I think that part of the national infrastructure protection plan should include a section that explicitly deals with grants and the support of the systems that go along with the grant. This would be a win win situation for both the institutions and the government! - -----Original Message----- From: Wayne Wilson [mailto:wwilson () UMICH EDU] Sent: Wednesday, July 03, 2002 3:41 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] SECURITY Listserv Instructions and ParticipationGuidelines H. Morrow Long wrote:
The following appeared in the Network World Fusion Security Newsletter today and can only reinforce in the mind of the public that 'Universities are the worst-secured component of the American economy' which I don't believe is entirely true (there are plenty of companies of different sizes with poor IT security as well as many individuals -- such as a large number of high speed Cable/DSL Internet users).
That statement is probably no longer true, especially in the context of the 'economy'. As I recall, most of the thousands of credit card numbers which have been stolen electronically, most of the extortion using compromised systems as leverage and most of the fiscal loss's are due to commerical, for profit entities. The last time I saw numbers on the residual pool of Nimda and Code Red hosts, .edu was not in the lead.... What I find more interesting are the three 'tasks' assigned to Universities:
First, help us design the research projects.
"The second thing we need from the academic sector is to
teach.
"The third element is securing the universities' own
networks,
which are the major source of hack attacks today - probably three-quarters of the total number of attacks
These are all good tasks. Since Universities have been on the front lines of acutually running systems within the Internet as long as anybody, have experience in large scale systems, especially authentication systems and have been the past brunt of most 'attacks', it would seem to me we might have expertise to lend in operations as well as robust systems design. In fact, Kabay's suggestions are mostly operational. Meanwhile, such things like creating a secure operating system are being left to Bill Gates ...
Bill Gates says he will devote the resources of this enormous corporation to developing a security operating system.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/cg.html. -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBPSNb320ND4rSGyCQEQJiUgCeMozTxfenjFaCSSgtLSKWLxj+toAAnjNF MGY5eUh2tlXZZIfq8avwvF9s =KCGO -----END PGP SIGNATURE----- ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/cg.html.
Current thread:
- Re: SECURITY Listserv Instructions and ParticipationGu idelines St. Laurent, Tim (Jul 03)
- <Possible follow-ups>
- Re: SECURITY Listserv Instructions and ParticipationGu idelines Gene Spafford (Jul 03)
- Re: SECURITY Listserv Instructions and ParticipationGu idelines Randy Marchany (Jul 07)
- Re: SECURITY Listserv Instructions and ParticipationGu idelines Gene Spafford (Jul 07)
- Re: SECURITY Listserv Instructions and ParticipationGu idelines Randy Marchany (Jul 07)
- Re: SECURITY Listserv Instructions and ParticipationGu idelines Gene Spafford (Jul 07)