On Sun, 30 Apr 2006 20:16:27 EDT, "Gaddis, Jeremy L." said: > While this often holds true, there should always a central infosec > department that has the ability to kill a switch port. Kill the network > connection to a critical server exposing private information and people > take notice pretty quick. It's the rare university indeed where all the copper in all the departments is owned by one networking group that has the clue to manage it all. The biggest info leakage problem usually *isn't* a "critical server", it's some administrative staffer who's got an extract from some database sitting in a folder on their hard drive so they can beat the snot out of it with Excel and get a pretty graph for some PHB - and said staffer is blissfully unaware that C$: is shared to the entire world.... And sometimes, even when you turn off the link on their RJ-45 and call them to tell them there's a problem, it's hard to get their attention. Remember that they are *not* paid to be computer security wizards, and *you* are interfering with *their* report being completed on time..... It's *particularly* hard to get their attention when the PHB is the University Vice President of <Foo>, and said PHB needs the pretty graph to present to some accreditation committee that's visiting the campus in 3 days... (And you over in corporate-land quit snickering - I'm sure that you have VPs that have emergency reports that need to be finished because the audit team from one of the Big-Used-To-Be-5 is arriving later this week....) > Agreed, though lack of a response doesn't mean nothing is happening. > Often times, the first time infosec must do is contact legal for advice. > Legal's first advice is often to simply not respond. Quite often (especially if it's a dorm resident's personal machine), we're restricted by FERPA issues (basically, if it remotely smells like a student's records - which it becomes once we turn it over to the student judicial office). As a result, we're often unable to say much more than "We got your report, and it will be dealt with as per our policies. Let us know if there's any continued trouble".
Attachment:
pgpckGKIxuy00.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/