Number of schools responding: 11
Dedicated security group:
Avg group size overall = 28/5 = 5.60
Notably, only one school utilizes students.
When you discover a compromised machine on your campus, do you:
Look over the machine to trace the source of the attack?When you discover vulnerability scans of your campus, do you:
Ignore the scanDo you mandate any special security rules (e.g., no email attachments, no web servers, no linux boxes)?
Do you offer something equivalent to encrypted telnet to your users?
Do you forbid the use of unencrypted telnet?
Do you use PGP or another secure mechanism for email?
Do you have a case tracking tool (e.g., trouble tickets)?
How many breakins do you encounter a week? (of those who claimed >0 breakins/week)
.3 +2.5 +3 +3 +.25 -> 9.05/5 = 1.81 averageHow much is budgeted for your network security (approx)?
Responses varied drastically from $0 to $20,000
We now have ISS in house and are starting to develop a policy to configure the software. We have some issues regarding unplugging machines that are both political and economic. We are actively pursuing carrots because they are more effective.
Security by obscurity has been our philosophy. We are fortunate to have a campus with a well-behaved student body.
Multiple groups at Tufts handle security; central IT, IT at various colleges of the university, and the central network group. actions taken depend on type of attack, who owns the box, and so on. some groups have trouble ticketing systems. we're in the process of shutting down all non-local mail relaying. secureid system for the administrative firewall is onsite but not in use.
Fun Facts out of 11 responding universities: