In case any of the following nuggets of directness and clarity
might have been overlooked in a long and free-ranging discussion, the
following are excerpts from Craig's and Sherry's postings,
summarizing what the campus minimum security standards policy says
about older, unsupported OSes:
At 05:42 -0700 2004-06-24, Craig Lant wrote:
>Also, I've always made it a point to be as clear as possible about
>the fact that older OSs like Windows 95 are not allowed [on the
>campus network] under this policy. ...
At 05:42 -0700 2004-06-24, Craig Lant wrote:
>The policy says these un-supported platforms are not allowed on the
>network. But, we're not planning to suddenly kick thousands of
>hosts off the net on May 1st, 2005. Our recommendation is that
>anyone running such platforms should upgrade as soon as possible to
>supported platforms.
At 01:34 -0700 2004-06-23, Craig Lant wrote:
>Our current standard for what we block includes only hosts that pose
>a threat. This policy changes that standard slightly to include
>hosts that are *likely* to pose a threat. ...
>
>What this means in practice is that, if a particularly nasty worm is
>released that includes code to attack older/unpatched versions of
>Windows, Mac OS, Linux, or whatever, we could immediately block all
>vulnerable hosts until they can be ... patched or upgraded ...
At 13:55 -0700 2004-06-24, Sherry M. Rogers wrote:
>This may be the right time to stress an issue which those of us who worked
>on the Minimum Security Standards are concerned that people don't
>overlook: this policy applies to _any_ host connecting to the campus
>network.
>
>Not just laptops brought onto campus, but also any home systems which
>connect via a campus ip address. ... We're not talking about having
>this in place by next May, but you should be aware of the direction
>we're going.
In addition, Eric raised some thoughtful points about what
platforms might be determined to be "unsupported":
At 17:20 -0700 2004-06-23, Eric Chamberlain, CISSP wrote:
>There are more issues than just vendor support for patches. Do vendors
>still release AV definitions for these older operating systems? Can systems
>run host based firewalls? Does the OS meet the password requirements?
If such considerations will be taken into account by CISC, et al.,
in determining which OSes are unsupported, this might make the
determination more nuanced -- and potentially cause more OSes to fall
into the "unsupported category" -- than merely identifying platforms
for which vendors are no longer offering security patches.
Aron Roberts
Workstation Software Support Group
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.
Received on Thu Jun 24 14:40:14 2004
This archive was generated by hypermail 2.1.8 : Thu Jun 24 2004 - 14:40:15 PDT