*Participants*
Mark Poepping, CMU (chair)
Chas DiFatta, CMU
Deke Kassabian, U. Penn
Kevin Miller, Duke
Greg Travis, Indiana U.
Doug Pearson, Indiana U.
Terry Gray, U. Washington
Jeff Schiller, MIT
Jack Suess, UMBC
Ken Klingenstein, Internet2
Steve Olshansky, Internet2 (scribe)

*Discussion*

Salsa-CSI2 working group is getting rolling. There is a similar activity in Europe, working on facilitating security info exchanges, but at the NREN level, v. the campus-to-campus approach in the US. We are looking at ways in which we could work together with them.

When there is a DoS attack seen on Abilene, and which is sourced e.g. to GEANT, their cooperation is needed for more specific traceback within their network. Same with APAN, discussions are underway to establish the right contacts at the respective NOCs.

There was discussion about issues surrounding various national privacy regulations, and the anonymization of data used for analysis. GEANT does some collection and analysis of data, but for the most part this is done by the respective NRENs to date. There may be cases e.g. where a network operator is restricted from revealing information about a compromised host, due to privacy concerns, but if they are informed by an external entity about it then the privacy issue seems to be less of a problem.

The CALEA Summit held in Cambridge MA recently was attended by some Salsa members. There is still a great deal of uncertainty about how big of an effect it will have on higher ed, and it has been hard to obtain definitive answers from the FCC to date, pending their formal decision. There was some indication that the FCC is aware of cost issues, and is thus unlikely to order unduly burdensome rules. There is a belief by some that higher ed would not be covered by CALEA, but that providers of network services to higher ed likely would be. If this is the case then packet interceptions would occur at the border, and be the responsibility of the ISPs.

At the CALEA Summit Cisco discussed their plans to include CALEA capabilities in their upcoming service provider products, but not in enterprise products because they don't foresee the need for it. For more detail see RFC 3924: "Cisco Architecture for Lawful Intercept in IP Networks" Oct-2004
http://www.ietf.org/rfc/rfc3924.txt

There will be security-related sessions at the upcoming Joint Techs workshop February 5-8 in Albuquerque, and another NetGuru meeting will be held there as well.
http://jointtechs.es.net/newmexico2006/index.html

The anticipated February 3 virus outbreak was discussed. Some campuses are being proactive in alerting IT staff and users, but it is expected to have significant impact on several campuses. There was discussion around potential problems arising from backing up institutional or research data to unencrypted CDs or DVDs, and the vulnerabilities of that unprotected data. The appropriate venue(s) for these sorts of conversations is not entirely clear to many. There are numerous open e-mail lists that campus network managers subscribe to, but some of this kind of discussion may be best kept on restricted lists.

There was an update on FWNA. The US servers have been setup at Merit and U. Tennessee, and they expect to have some initial communications happening by the time Joint Techs gets started. The European effort (Eduroam) is primarily being managed from within JRA5, and better communication between them and the US effort would be helpful.

- Educause Effective Practices Update -
The Effective Practices guide is 2+ years old at this point, and they are talking about revisions. There are not sufficient resources for a complete rewrite, but some significant revisions are clearly needed. There is also recognition that the Educause security website can be difficult to navigate. They are looking at hiring someone with a background in information architecture, and use the security site as a model for improving the navigation of other areas of the Educause site. There was also discussion of transforming the guide into something similar to a wikipedia, i.e. assigning editors for various sections and allowing public contribution/editing. There was a positive reaction to this idea on the call, as a good approach to keeping it current and making a positive contribution to the security space. If Educause is not able to support this, then another option would be for a member university to host it, and Educause would link to it. More on this forthcoming in the near future.

There is also some interest in exploring some multimedia features, e.g audio or video podcasts, incorporating presentations, the goal being publishing timely information effectively.

- Microsoft -
There will be some discussions between higher ed and Microsoft about several issues, including security, and specifically including the recent WMF exploit and how they could have better handled information dissemination and the eventual release of the patch. It may be that the wide adoption of the third-party patch served as a significant eye-opener for them.

This discussion may result in the development of some white papers related to higher ed and Microsoft in the security space. Microsoft ought to be the definitive information resource about exploits, which is often not the case, but which would give them more credibility in the community. There may be some value in leveraging closed lists like REN-ISAC to address things like this.

The next Salsa call would have conflicted with the NetGuru meeting, thus the next call will be in 4 weeks: Thursday 23-February