IT-DISCUSS Archives

March 2001

IT-DISCUSS@LIST.UVM.EDU

Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
From:
Roger Lawson <[log in to unmask]>
Reply To:
Departmental Technology Coordinators <[log in to unmask]>
Date:
Tue, 27 Mar 2001 15:36:37 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (50 lines)
As most of you are no doubt aware, our campus network and the
computers on it are increasingly threatened by people seeking to
steal information, conduct fraudulent transactions, deny service, or
simply demonstrate their ability to vandalize networks and attached
computers. A few computers at UVM have already been victimized.
Unfortunately, computers whose security has been compromised are a
threat to the entire campus network, not just that computer system.
Therefore it is essential that we protect all computers, even those
without valuable or confidential information. Even with increased
protection, some computers will be attacked, some successfully. It is
essential that we promptly detect and correct such intrusions.

At the urging of our external auditors, we have begun a process to
establish clearer security policies, strengthen our network defenses
and provide a higher level of default protection for computers on the
UVM campus network. In February UVM contracted with an external
consulting firm (Applied Computer Group) which specializes in network
security. Earlier this month they led a two-day examination with UVM
security experts of UVM's networking environment. A written report is
expected next week.

In the meantime, I have drafted a work-in-progress Web site
describing our plans at

                http://www.uvm.edu/~ral/security/

Note that, among other things, the plan for strengthening of security
includes the following:

   * A firewall
       see schedule
<http://www.uvm.edu/~ral/security/?Page=net.security.schedule.html>

   * Four classes of network protection
      see <http://www.uvm.edu/~ral/security/?Page=firewall.html>

   * Formal administrative requirements for unprotected servers.
        http://www.uvm.edu/~ral/security/?Page=server.admin.html


Your feedback, comments and questions will help us craft security
policy and implementations that maximize the protection and minimize
disruption. However, as most of you know, it is difficult to enhance
security without some effort and, quite likely, some disruption.

Please let us know what you think by responding to this list, or if
you prefer, to me directly.

Roger

ATOM RSS1 RSS2