Educause Security Discussion mailing list archives
Re: Campus Google search appliance deployments
From: Wyman Miles <wm63 () CORNELL EDU>
Date: Tue, 5 Jun 2007 15:22:04 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Can't stress this enough: a Google appliance is going to be inside any sort of access controls you have -- if you put it there. It will see, record, and cache all manner of things that you thought were confined to your campus. In a previous life, what we did at Rice was build a (then Squid) proxy server, place it on an external network, and point the Google appliance at it. Every server on campus saw requests coming from the proxy server and their access controls applied as-if-external. Further, we could do some filtering and URL rewriting in Squid, search for previously applied bait, etc. We've seen at least one instance here where Cornell's Google appliance cached some mailing list content that was intended to be Cornell-only. It definitely raises the bar, in all sorts of unexpected ways. - --On Tuesday, June 05, 2007 2:05 PM -0400 David Seidl <dseidl () ND EDU> wrote:
Folks, I'm looking for comments and experience with campus Google search appliance deployment. Specifically: 1) Did you take any special security precautions in your deployment? 2) Have you had any security (or other) issues with it? Also, if you have done the integration work to use your campus authentication systems with it using Google's API, I'd be interested to hear about how the process went. If you have any general observations about your appliance, I'd be glad to hear those as well. Thanks! David -- ------------------------------------------------------------ David Seidl, CISSP University of Notre Dame, Office of Information Technologies
Wyman Miles Senior Security Engineer Cornell University, Ithaca, NY (607) 255-8421 -----BEGIN PGP SIGNATURE----- Version: Mulberry PGP Plugin v3.0 Comment: processed by Mulberry PGP Plugin iQA/AwUBRmW33MRE6QfTb3V0EQLzcwCg2DIVdbSlclb6qH629UVxMRENt58An0ab 2r3+bxArHyJAJrAZnm+Rjima =rR+Z -----END PGP SIGNATURE-----
Current thread:
- Campus Google search appliance deployments David Seidl (Jun 05)
- <Possible follow-ups>
- Re: Campus Google search appliance deployments John J. Culkin (Jun 05)
- Re: Campus Google search appliance deployments Wyman Miles (Jun 05)
- Re: Campus Google search appliance deployments Steve Brukbacher (Jun 13)
- Re: Campus Google search appliance deployments Chris Green (Jun 13)