Salsa-CSI2 Conference Call
Minutes
September 27, 2007
**Attending**
Chris Misra, University of Massachusetts (Chair)
Joel Rosenblatt, Columbia University
Elliot Kendall, Brandeis University
Phil Denault, WPI
Doug Pearson, Ren-ISAC/IU
Dan Adinolfi, Cornell University
Renee Frost, Internet2
Steve Olshansky, Internet2
Dean Woodbeck, Internet2 (scribe)
**Carryover Action Items**
[AI] Chris will make contact with a potential new member.
[AI] Doug will talk with David Ripley and provide an update on the next call.
**Action Items**
[AI] Elliot will outline the objectives of proposed Google Hacking tools on the wiki.
[AI] Chris will contact the EDUCAUSE Effective Practices chair about the Google effort.
[AI] Chris will touch base with Brian about moving forward on the tools inventory, as discussed on previous calls.
**Security Metrics**
Joel gave a brief update on the security metrics group, which is a sub-group of Effective Practices effort at EDUCAUSE. Joel is chairing the security metrics group. They have started meeting and are developing a purpose statement (which he will share with CSI2 when it is finished). The group has decided to start with spam metrics and do a comparison on the amount of spam a member-campus receives, compared to the total amount of email received. They will look at spam sources and the effectiveness of methods for removal.
**Google Hacking**
This issue has two parts – effective methods for discovering blog/spam and other unwelcome or unauthorized content on your network, perhaps using Google and Google Search to find security holes, blog/spam and perhaps even sensitive information. The second issue is an easy, effective way to have such content removed from the various search engine caches. The consensus was that it would be good to document and provide tools for solving both of these problems.
Elliot suggested documenting these cases on the CSI2 wiki space.
https://spaces.internet2.edu/display/SalsaCSI2WG/Salsa-CSI2+Welcome
[AI] Elliot agreed to outline the objectives of the proposed tools on the wiki.
[AI] Chris will contact the Effective Practices chair about this effort and begin an email thread about documenting the processes.
It was also suggested to propose that REN-ISAC consider forming a relationship with search providers and negotiate a way to bypass the API limitations. Perhaps REN-ISAC could run some sort of tool centrally, then push the results out to the affected campuses.
**CU Spider**
This is in the process of being moved to Internet2 for hosting. There will be a link from the CSI2 site when the move is complete. Cornell personnel will continue to work on CU Spider.
**Upcoming Meetings**
There is no CSI2/security session planned for the upcoming Educause meeting. There will be a security update session at the Internet2 Member Meeting, but no working group meeting for CSI2. This security update information is October 10 at 8:45 am:
http://events.internet2.edu/2007/fall-mm/sessionDetails.cfm?session=3448&event=273
There will likely be a session (via REN-ISAC) at the 2008 Security Professionals Conference and there are tentative plans for a CSI2 dinner one evening.
EDUCAUSE is sponsoring a security/Identity Management Camp in Tempe in February, which may be of interest to CSI2 members. Details are here:
http://www.educause.edu/content.asp?SECTION_ID=306&bhcp=1
**Tools Inventory**
[AI] Chris will touch base with Brian about moving forward on the tools inventory, as discussed on previous calls.
One suggestion was to include items like PCI in a database to provide information on what is “good enough” when you are trying to do PCI.
**Next call: Thursday, October 25, 2007, 2:30 p.m. (EDT)**