Security Camp Participants Survey

At the first MIT Security Camp in 1999, we offered an informal survey. Now, five years later, we're offering it again. Please take a few minutes to fill it out. Thanks.

Security Team

Do you have a dedicated security group?
Yes
No

Team Makeup (of those universities with security groups)

Full-time staff:

Students:

Contractors:

Other:

When you discover a compromised machine on your campus, do you...

look over the machine to trace the source of the attack?
Yes
No
Not Sure

contact authorities?
Yes
No
Not sure

format the machine?
Yes
No
Not sure

disable network access?
Yes
No
Not sure

When you discover vulnerability scans of your campus, do you...

ignore the scan?
Yes
No
Not Sure

contact the source of the scan?
Yes
No
Not sure
If it depends on the situation, please elaborate briefly.

filter out the source? (if possible)
Yes
No
Not sure

Do you use...

dedicated firewalls?
Yes
No
Not sure

filtering on your router?
Yes
No
Not sure

filtering to prevent spoofed IP source address from your campus?
Yes
No
Not sure

other security measures? (host-based, crypto, etc.)

Other Policies

Do you mandate any special security rules?
(e.g. no email attachments, no web servers, no windows boxes)
Yes
No
Not sure
If yes, please briefly specify.

Do you offer something equivalent to encrypted telnet to your users?
Yes
No
Not sure

Do you forbid the use of unecrypted telnet?
Yes
No
Not sure

Does your team use PGP or another secure mechanism for email?
Yes
No
Not sure

Does your campus use PGP or another secure mechanism for email?
Yes
No
Not sure

Stats

Do you have a case tracking tool?
Yes
No
Not sure
If yes:
Home grown
Open source
Commercial
Which tool?

How big is your address space?
Class A
Class B
Class C
Class D

How many breakins do you encounter in a week?

How many computers do you have on your network at any given time?

How many devices (including computers, printers, coffeemakers, etc.) do you have on your network at any given time?

How much is budgeted for your campus' network security?

Community Outreach

How do you reach your user base for one-time/emergency alerts? (ex. the Blaster worm)

How do you reach your user base for more regular alerts? (ex. CERT announcements)

How else do you reach out to your user base? (ex. info sessions, education programs)

Final Comments

Is there anything else you would like to add? Did we forget to ask something?

OPTIONAL
You may provide your name and email address to us if you wish to identify your response and comments to the MIT Network Security Staff.
Name: Email: