Also, this will come up Friday as well... scheduling:
First off, how does everyone feel about a 1.5 - 2 day team meeting in July somewhere centralish (UofU or UVU)? Be an opportunity to distribute new hardware and work on tools without the distraction of actually being on an assessment.
Second, I'd like to stick as best as possible to the order we established this last round:
FY 2016 Weber - Dixie - SLCC - Utah State
FY 2017 UofU - Snow - UVU - SUU
I'd like to see if we can get to Weber in early August, with mid-to-late September as a backup. That would put Dixie October / Novemberish (with the contingency of a new arrival in my family due in late November that might influence timing for me/Dixie.) Worst case scenario we'd be looking at Weber in the fall sometime and Dixie in January. I just want to avoid a situation where we go 5 or 6 months with no assessment. We get rusty and have to cram them into the Spring.
Thoughts?
Thanks, Andrew
On 06/22/2015 12:07 PM, Chuck Kimber wrote:
On Mon, Jun 22, 2015 at 11:45 AM, Andrew Goble <goble@dixie.edu mailto:goble@dixie.edu> wrote:
From your point of view, what are the pervasively good, and pervasively bad things we've found across the institutions? (wifi evil twin, etc) What could we be spending money or effort on as a system to help fix some of these issues (system-license of Duo, Cloudpath, etcThings I think everyone is struggling to do or affording where USHE bulk purchasing may help.
IPS, IDS Logging Alerting, where logs do exist Detecting out of norm behaviours. Softwares like Rapid7 UserInsight. The Responder, broadcast stuff Jon has alerted us to and that we've massively exploited already and I can see is going to be trouble for everyone. This is a config and mentality change, not necessarily something to spend money on as a body.
Will also bring up the idea of increasing the time we have available to poke at stuff before we come on-siteI still like this idea, if we can devote any time to it, as APT is such an issue these days. It helps us give a sense of how an APT might play out, albeit on a shorter time period.