[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] What is wrong with schools these days?

To: "Gaddis, Jeremy L." <jeremy@xxxxxxxxxxxx>
Subject: Re: [Full-disclosure] What is wrong with schools these days?
From: Steve Kudlak <stevex11@xxxxxxxxxxxxx>
Date: Tue, 02 May 2006 21:43:48 -0700

What Planet does all this hypotehtical activity take place on?
I for sure have never visited the place.  Most school departments are pretty
inmdependent. We are far from the days when the Provost had some
military powers.

Have Fun,
Sends Steve


Gaddis, Jeremy L. wrote:

Mike Iglesias wrote:
Many universities do not have a central IT organization running everycomputer on campus as you would in a commercial enterprise. Theyhave a decentralized model where each school, department, or researchgroup runs their computers. In addition, you have many students,faculty, and staff with personally owned laptops that they take careof (or not) themselves. So you have many little fiefdoms runningcomputers, some with more of a clue than others. The clueless oneshave untrained students running the computers, and most of them don'tknow much about security. They're told to setup a computer and putthis data on it so the professor can do his research.
While this often holds true, there should always a central infosecdepartment that has the ability to kill a switch port. Kill thenetwork connection to a critical server exposing private informationand people take notice pretty quick.
Central entities in universities, like the registrar, should knowwhat they are doing if they are setting up ways to remotely accessinformation.
Yes, they should, but they often don't. Remember, these end users arejust that -- users, not security professionals.
Not responding to emails and/or phone calls to the security/abuse/etcgroup is irresponsible, if you ask me.
Agreed, though lack of a response doesn't mean nothing is happening.Often times, the first time infosec must do is contact legal foradvice. Legal's first advice is often to simply not respond.
-j

--
eJeremy L. Gaddis
GCWN, MCP, Linux+, Network+
http://www.jeremygaddis.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- Re: [Full-disclosure] What is wrong with schools these days?
  - From: Gaddis, Jeremy L.

Prev by Date: [Full-disclosure] Dynamic Evaluation Vulnerabilities in PHP applications
Next by Date: Re: [Full-disclosure] What is wrong with schools these days?
Previous by thread: Re: [Full-disclosure] What is wrong with schools these days?
Next by thread: Re: [Full-disclosure] What is wrong with schools these days?
Index(es):
- Date
- Thread