Educause Security Discussion mailing list archives
Vendor Participation on List and Proper Identification
From: "Parker, Ron" <Ron.Parker () BRAZOSPORT EDU>
Date: Thu, 28 Jul 2005 08:05:53 -0500
Before we all bounce down this road about vendors on the list, remember that EDUCAUSE's policies do allow it. I think it can be valuable in many cases. In particular, I've seen some very effective vendor input over on the wireless networking list. I've also seen some vendors make real fools of themselves over on the CIO list. I do have some concerns, which I've expressed to EDUCAUSE, about the way some vendors use these lists and the archives to generate sales leads. I think that the current issue is just one of asking vendors to make sure it is clear who they are when they post something to the list. In Mr. Stapleton's case, his signature doesn't always indicate his affiliation. I suspect that is just an oversight on his part and that he will correct it in the future. I would encourage him and all vendors on the list to participate but to make sure it is clear in their signature what their affiliation is. I think it is healthy, particularly on a technical list like this one, to have a good flow of information between the user community and the vendor side of the world. I think this identification requirement/suggestion goes for everyone on the list, by the way. I think everyone needs to include enough information in their signature so that we understand their relationship to the topic under discussion. In most cases it's obvious from the poster's e-mail address but I've seen higher ed people post from anonymous accounts that make identification problematic. -- Ron Parker, Director of Information Technology, Brazosport College http://www.brazosport.edu
-----Original Message----- From: Matthew Keller [mailto:kellermg () POTSDAM EDU] Sent: Thursday, July 28, 2005 7:37 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Barracuda Spam Filter On the high-ed lists I manage, only higher-ed personnel are invited/allowed period. Educause seems to open their lists up more, and that's their prerogative if that's what they like. As you decided NOT to identify your message as that from a vendor (and in fact went out of your way to alter your normal signature), I felt it necessary to do it for you. On Thu, 2005-07-28 at 08:20 -0400, Jamie A. Stapleton wrote:We do indeed sell the product. However, I was just tryingto answer questions. If this sort of info is not desired, just let me know and I will not reply again.-------------------------- Sent from my BlackBerry Wireless Handheld Jamie A. Stapleton CBSi - Connecting your problems with solutions. FlexiCall: (804) 412-1601 Facsimile: (804) 412-1611 A-Key ESN: 1004-8969 -----Original Message----- From: Matthew Keller <kellermg () POTSDAM EDU> To: SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU> Sent: Thu Jul 28 08:12:55 2005 Subject: Re: [SECURITY] Barracuda Spam Filter List, please note that Jamie @ CBSI is a reseller of Barracuda Networks products. On Wed, 2005-07-27 at 20:36 -0400, Jamie A. Stapleton wrote:Let me do my best to answer these questions. 1) Barracuda's firmware updates the spam assassin enginewhen thereare major updates in the SA engine. The firmware/os ishardened soadmins will not be able to install a new kernel orsoftware patch tothe engine. 2) The models 300 and above allow Bayesian databases both on the user and admin side (maintained separately). 3) The Barracuda Spam Firewall is easily customizable in terms of the Bayesian filter. The user will have two buttonsadded to theirEmail Client which are "Mark Message as Spam" and "MarkMessage Not as Spam".The user log-in for the Barracuda is "dummy-proofed" in that, the only options allowed for users is to delete, deliver orwhite-list messages.4) You can see the demo site (spam.barracudanetworks.com)for rulesets.5) The Barracuda can create its' own reports and scores.If you logonto the demo site, this will show you the reporting and scoring capabilities if the unit. Let me know if this is the correct information that you are looking for. 6) Currently there is no direct link/connection to Razor or DCC Networks. Barracuda maintains their own black-list andsubscribesto Spamhaus, Spamcop, And ordb. 7) Currently the Barracuda does not support Gray-listing.This isto reduce the chances of false-positives. The product also does anti-virus. Jamie In Ashland, VA ;-) (804) 412-1601 (804) 412-1611, fax -----Original Message----- From: Dave Koontz [mailto:dkoontz () MBC EDU] Sent: Tuesday, July 26, 2005 7:42 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Barracuda Spam Filter Watching this thread, I have a couple questions about the 'cuda' product. What exactly does this product do that the free SpamAssassin codedoesn't? In other words, why should I pay someone $1000+ dollarsannually forwhat appears to basically be free software bundled on ascaled downserver. It looks like the 'cuda' device uses SA version 3.02,which is twofull versions behind the SA code branch.... which may frankly address some issues posted here. Initially, it would seem in the "device" world, I might actually loose a lot of functionality and features that I have running the full fledged product. So... 1) How easy is it to upgrade the device to the latestspam assassinversion? 2) Do users have their own baysian DB's and rules, or are they globally maintained? 3) How easy can users interact with or train the system? 4) Can you easily add your own SA rulesets? (Custom or SARES) 5) Can the device test & score SPF/DK/DKIM/RBL/SUBL/URIBL results? 6) Does the device support the Razor and/or DCC networks? 7) Does the device support the usage of Grey Listing Technology? Lastly... Is this product really just a way for a site to"easily"use Spam Assassin without having to invest any time oreffort intolearning the program? If so, that's fine, but it may notbe as fullfeatured as the product could be. If the product does all the above and more... I willimmediately askfor a purchase order to save me some precious time! :-) --- Dave Koontz Mary Baldwin College Staunton VA -----Original Message----- From: Justin Sipher [mailto:jsipher () SKIDMORE EDU] Sent: Tuesday, July 26, 2005 3:59 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Barracuda Spam Filter Add us to the list of schools who are very happyBarracuda users.However, I will share a recent story which dampers our enthusiasm slightly. Our single unit (model 600) had a hardware failurerecently. It wasin this process that we learned that we had a new "singlepoint of failure"in the e-mail system. One major problem at the point ofthe failureis that all mail in the quarantine at the time of thefailure was lost.Although most was SPAM, I do know that I had at least one valid e-mail in it. It was between when I received the e-mailquarantinesummary and when I actually went to retrieve/delete themessage whenthe failure occurred. To prevent this in the future,we've bought asecond one and will have the two clustered for redundancy. The second problem we had is that they **appear** to be a victim of their own success. At thepoint of thefailure they were out of stock for a replacement eventhough we wereat the upgraded "instant replacement" level. In our case it took three days to get a replacement and then it was a 400model to holdus over till they could get a 600. Not ideal. I do think they have learned from this (and maybe other)incidentsand knowing everything I know now, I'd still buy anotherone, so theup-side is pretty high to overcome those shortcomings. ...Justin _______________________________________________________ Justin Sipher Chief Technology Officer Skidmore College Saratoga Springs, NY jsipher () skidmore edu 518-580-5909 _______________________________________________________ On Jul 25, 2005, at 11:35 AM, Gibbs, Aaron M. wrote:I'm looking at the Barracuda Spam Filter and would liketo know ifanyone is currently using it. If so what yourexperiences have been.Aaron M Gibbs Interim Vice President/CIO Center for Information Technology St. Augustine's College 919-516-4379 (Office) 919-516-4382 (Fax) amgibbs () st-aug edu www.st-aug.edu-- Matthew Keller signat-url: http://mattwork.potsdam.edu/signat-url/ "Would you have banned the Internet to save the libraries?" -I, Robot
Current thread:
- Vendor Participation on List and Proper Identification Parker, Ron (Jul 28)
- <Possible follow-ups>
- Re: Vendor Participation on List and Proper Identification Information Security (Jul 28)
- Re: Vendor Participation on List and Proper Identification Dave Koontz (Jul 28)
- Re: Vendor Participation on List and Proper Identification Sarah Stevens (Jul 28)
- Re: Vendor Participation on List and Proper Identification Tom Bossie (Jul 29)
- Re: Vendor Participation on List and Proper Identification Dennis Meharchand, CEO Valt.x (Jul 29)
- Re: Vendor Participation on List and Proper Identification Theresa M Rowe (Jul 29)
- Re: Vendor Participation on List and Proper Identification Jimmy L. Fikes (Jul 29)
- Re: Vendor Participation on List and Proper Identification John Nunnally (Jul 29)
- Re: Vendor Participation on List and Proper Identification Jason Richardson (Jul 29)
- Re: Vendor Participation on List and Proper Identification Harry A'Hole (Jul 29)
(Thread continues...)