At the first MIT Security Camp in 1999, we offered an informal
survey. Now, five years later, we're offering it again. Please take a few minutes to fill it out. Thanks.
Do you have a dedicated security group?
Yes
No
Team Makeup (of those universities with security groups)
When you discover a compromised machine on your campus, do you...
|
look over the machine to trace the source of the attack?
Yes
No
Not Sure
contact authorities?
Yes
No
Not sure
format the machine?
Yes
No
Not sure
disable network access?
Yes
No
Not sure
When you discover vulnerability scans of your campus, do you...
|
ignore the scan?
Yes
No
Not Sure
contact the source of the scan?
Yes
No
Not sure
If it depends on the situation, please elaborate briefly.
filter out the source? (if possible)
Yes
No
Not sure
dedicated firewalls?
Yes
No
Not sure
filtering on your router?
Yes
No
Not sure
filtering to prevent spoofed IP source address from your campus?
Yes
No
Not sure
other security measures? (host-based, crypto, etc.)
Do you mandate any special security rules?
(e.g. no email attachments, no web servers, no windows boxes)
Yes
No
Not sure
If yes, please briefly specify.
Do you offer something equivalent to encrypted telnet to your users?
Yes
No
Not sure
Do you forbid the use of unecrypted telnet?
Yes
No
Not sure
Does your team use PGP or another secure mechanism for email?
Yes
No
Not sure
Does your campus use PGP or another secure mechanism for email?
Yes
No
Not sure
Do you have a case tracking tool?
Yes
No
Not sure
If yes:
Home grown
Open source
Commercial
Which tool?
How big is your address space?
Class A
Class B
Class C
Class D
How many breakins do you encounter in a week?
How many computers do you have on your network at any given time?
How many devices (including computers, printers, coffeemakers, etc.) do you
have on your network at any given time?
How much is budgeted for your campus' network security?
How do you reach your user base for one-time/emergency alerts? (ex. the Blaster worm)
How do you reach your user base for more regular alerts? (ex. CERT announcements)
How else do you reach out to your user base? (ex. info sessions, education programs)
Is there anything else you would like to add? Did we forget to ask something?
OPTIONAL
You may provide your name and email address to us if you wish to identify your response and comments to the MIT Network Security Staff.
Name: Email:
|