Home > TechTalks > Events Archive > TechTalks Event

TechTalks Event

Pandora's Box: Firewalls and Campus Security

with guest experts Randy Marchany, of Virginia Tech, and Clair W. Goldsmith, of the University of Alabama-Birmingham

May 3, 2001

Audio
  • Streaming MP3
  • Download MP3 (Download Tips)

Transcript

2001, it's no longer just the protection of students' or patients' personal or medical information, our institutions are heavily engaged in e-commerce and e-business. Failure to secure WWW based applications and servers could do more than embarrass your institution's leadership, they leave it open to liability lawsuits and cause significant monetary loss. What kinds of attacks can occur? What are some of the simple solutions and not-so-simple solutions for campus security, and their implications/consequences?

Questions during the event indicated that many listeners wanted a direct link to SANS' How To Eliminate The Ten Most Critical Internet Security Threats: The Experts� Consensus .

Guest Experts

RandyRandy Marchany has been involved in the computer industry since 1972. He is currently the senior member of the VA Tech Computing Center's Unix system management group. He is the coordinator of VA-CIRT, an incident response team comprising of IRT's from various VA state Universities. He is the author of VA Tech's Acceptable Use Statement which has become a model for the VA state university system. He has been a frequent speaker at national and international conferences such as SANS, IIA, ISACA, Network Security, IEEE Symposium on Systems Management, DECUS, Computer Security Conference. DECUS-Canada.

The SANS Institute has described him as the "best storyteller in the computer security field." He has taught professional development seminars on Unix System Management, Forming Incident Response Teams, Auditing Unix Systems, Auditing Internet Security for various professional groups such as ISACA, IIA, Ernst & Young and the SANS Institute. He is a co-author of the SANS Institute's "Top 10 Internet Security Vulnerabilities" document that has become a standard for most computer security and auditing software. He is also co-author of the SANS Institute's "Computer Security- Incident Handling - Step by Step" which has been recognized as one of the foremost publications on Incident Response. He is currently working on a new SANS publication which describes how to design Internet Security audit programs.

ClairClair W. Goldsmith came to the University of Alabama at Birmingham in August of 1999 as the Vice President for Information Technology and Chief Information Officer. Dr. Goldsmith oversees units including Communications Services, The University Computer Center (TUCC), the Call Center, Academic Computing, Instructional Technology and Web Services. He was employed with the University of Texas at Austin from 1991 through 1999 as Deputy Director of Academic Computing and Instructional Technology Services. From 1991 until 1994, he was Director of Strategy and Planning for Management Information Systems for the University of Texas System Administration in Austin. Prior to joining U.T. Austin, Dr. Goldsmith was the Vice President of Technology for Advanced Software Technologies, Inc. Beginning in 1976, he spent 13 years at the University of Texas Health Science Center at San Antonio as Director of Computing Resources and Executive Director of Information Technology with responsibility for academic and administrative computing as well as telecommunications. He concurrently served as Adjunct Associate Professor at the University of Texas at Austin and the University of Texas at San Antonio.

Clair has served on numerous committees. He currently is Co-Chair of the Educause Net@EDU PKI working group. He is a member of the University of Alabama CIO Council. Dr. Goldsmith serves as an elected member of the Southeastern University Research Association (SURA) CIO Steering Committee. He served on the U.T. System Strategic Leadership Council and the U.T. System Copyright Compliance Committee. He was the Chair of the EDUCOM'98 program committee.

Co-Hosts

cohosts Howard Strauss (above, left), Manager of Academic Applications at Princeton University, is TechTalk's Technology Anchor.

Judith Boettcher is the Executive Director of CREN.

Together, Howard and Judith will ask the really tough questions—and relay the questions you email to them at expert@cren.net.

Background & Resources

One of the very best ways to get background on an issue is by reviewing the audio, transcript, and resource list from any related Tech Talks which have been previously broadcast and are now fully archived. Two fairly recent archived Tech Talks are germane as background for this discussion:

A major resource for security issues is the SANS (System Administration, Networking, and Security) Institute, a cooperative research and education organization of nearly 96,000 system administrators, security professionals, and network administrators. Its Security Reading Room has dozens of interesting and useful categories such as Firewalls & Perimeter Defense which currently has 42 full-text articles on hand. Titles range from Choosing the Best Firewall through Are Firewalls Enough?.

Judith shared some pertinent resources at one of her favorite online publications, Network Magazine:

If you really want to get deep into firewalls, check out the Firewalls Mailing List about the design, construction, operation, maintenance, and philosophy of Internet firewall security systems. It's a high-volume, expert-loaded list!

Discussion about firewalls is really a discussion about security policy. Here are some resources about security plan development:

In this EDUCAUSE Review note (pdf), Dewitt Latimer, discusses some of the security issues that arise when technologies such as wireless networking become so cheap that anyone can do them anywhere, including on your campus. And here are a couple of a PowerPoint presentations about on current campus system security concerns from the EDUCAUSE Task Force on System Security: 1 and 2.