the 2006 resnet security survey resnet applied research group
Download
Skip this Video
Download Presentation
The 2006 ResNet Security Survey ResNet Applied Research Group

Loading in 2 Seconds...

play fullscreen
1 / 20

The 2006 ResNet Security Survey ResNet Applied Research Group - PowerPoint PPT Presentation


  • 108 Views
  • Uploaded on

The 2006 ResNet Security Survey ResNet Applied Research Group. David Futey Kevin Guidry December 15, 2006. Introduction. Background References ResNet Applied Research Group (RARG) 2006 ResNet Survey development Placing the survey results in context 2006 ResNet Security Survey overview.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'The 2006 ResNet Security Survey ResNet Applied Research Group' - venice


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
the 2006 resnet security survey resnet applied research group
The 2006 ResNet Security Survey ResNet Applied Research Group

David Futey

Kevin Guidry

December 15, 2006

introduction
Introduction
  • Background
  • References
  • ResNet Applied Research Group (RARG)
  • 2006 ResNet Survey development
  • Placing the survey results in context
  • 2006 ResNet Security Survey overview
background
Background
  • Continuing evaluation of security
    • Security Vulnerability Survey
      • Assess readiness for Fall 2004
      • 94 respondents
    • 2005 ResNet Survey
      • Security component
      • 224 respondents
    • 2006 Security Survey
      • 101 respondents
references
References
  • RARG research
    • http://www.resnetsymposium.org/workinggroups/research.htm
  • Get Connected: An Approach to ResNet Services
    • EDUCAUSE Quarterly, No. 4, 2006
    • http://www.educause.edu/ir/library/pdf/eqm0643.pdf
  • 2005 ResNet Survey Results: A Baseline Analysis
    • EDUCAUSE Center for Applied Research, bulletin Issue 20, 2005
    • http://www.educause.edu/LibraryDetailPage/666?ID=ERB0520
resnet applied research group
ResNet Applied Research Group
  • History
    • Formed August 2004
    • Volunteer group within ResNet organization
  • Present & Past (*) Members
    • Carol Anderer, University of Delaware
    • *Kevin Bullard, UNC-Greensboro
    • David Futey, ResNet Applied Research Group
    • *Jan Gerenstein, Northern Illinois University
    • Kevin Guidry, Sewanee: University of the South
    • Clifton Pee, Azusa Pacific University
    • Erica Spencer, Baylor University
2006 survey development
2006 Survey Development
  • Assistance
    • Question creation and review
    • Pilot survey
  • Support received from:
    • ResNet Listserv members
    • Security Task Force: Effective Practices Group
    • Internet2/SALSA-NetAuth
slide10
Network Registration Tools
  • 2004 ResNet Vulnerability Survey
    • 85% use a tool to register student computers
  • 2005 ResNet Survey
    • 74% use a tool to register student computers
  • 2006 ResNet Security Survey
    • 83% use a tool to register student computers
student machine vulnerability evaluation
Student Machine Vulnerability Evaluation
  • 2004 ResNet Vulnerability Survey
    • 69% use a tool to evaluate student's computer
  • 2005 ResNet Survey
    • 71% use a tool to evaluate student computers
  • 2006 ResNet Security Survey
    • 60% use a tool to passively evaluate student computers
    • 42% use a tool to actively evaluate student computers
slide12
QOS
  • 2005 ResNet Survey
    • Practicing packetshaping or Quality Of Service (Y=84%)
  • 2006 ResNet Security Survey
    • Practicing packetshaping or Quality Of Service (Y=86%)
slide14
Who is responsible for setting and enforcing policies?

Number of respondents

Questions 6-7 (2006)

how is policy decided
How is policy decided?
  • A vast majority of respondents (94%) indicated that their institution blocks, filters, or otherwise restricts network services for security purposes. (Q.8, N=101) (85% in 2005 ResNet Survey)
  • A majority of respondents, (78%) either entirely or in part, base their decision to filter, block, or restrict on published best practices from professional security groups. (Q.14, N=95)
  • Service License Agreements and Internal IT Security Expertise were the other predominate factors, besides the published best practices, that impacted the decision to block, filter, or restrict. (Q.14a)
policy enacted
Policy enacted..
  • In the event of an unexpected security incident, Central IT (50%), Security (25%), and Networking (18%) had authority to request immediate action.(Q.13, N=95)
  • Central IT (52%), Networking (18%), and Security (17%) are primarily responsible for determining what services, ports or protocols are blocked, filtered, or restricted.(Q.12, N=95)
what services are blocked sampling from question 9 11
What services are blocked?Sampling from Question 9-11
  • Questions 9-11 looked at what services were blocked if the traffic was inbound to the ResNet network, outbound from the ResNet network, or remained internal to the ResNet Network. Please review the questions for specifics.
  • Non-established services coming into the ResNet network are blocked (Q.9, 48%, N=90)
  • Services with high percentages of not being blocked include FTP, Instant messaging, IRC, VoIP, IPSec, gaming, and console gaming.
  • SMTP and Windows File and Print Sharing had high percentages of 'Always' being blocked, inbound and outbound
slide18
Does your institution require protective software be installed and is that software provided by the institution?

Number of respondents, N=101

Questions 22 & 23 (2006)

wireless
Wireless
  • A majority of respondents, 74%, do not allow students to install personally-owned access points. (Q.31, N=98) (60% in 2005 ResNet Survey)
  • Wireless installations in residences are (Q.32, N=97) :
    • Not provided (37%) (46% in 2005 ResNet Survey)
    • Part of overall institution wireless network (47%)
    • Separate from institution wireless network (13%)
  • SSID naming convention and 802.1x were primary security measures used for institutionally managed wireless
  • Nearly (1/5) of respondents provided no security measures
let s hear from you
Let's Hear From You

Suggestions, questions, and comments can be directed to the RARG at:

[email protected]

ad