[unisog] New DISS Security Model

Bryan Zimmer bzimmer at ucsc.edu
Thu Jun 1 01:04:25 GMT 2006

Up until about two months ago I worked for the Department of Defense
agency that housed some of those systems and the domain authentication
backend. I hadn't heard about this before I left but knowing their
mentality I'm guessing the idea was "cutting off access from some IPs is
more secure than cutting off access from no IPs." They probably don't
have any .edu customers so cutting .edu out wasn't a problem. I'm
assuming they would have liked to exclude .coms as well, but a few
legitimate customers there prevented it. I'm guessing they also think
security at a .edu is a lot more open (physically and logically) than a
.com, assuming of course the .com is a legitimate business. As we all
know, that's a big assumption with a lot of .coms.

I completely agree that the idea is moronic at best (although I've seen
worse there), but at least they're slowly improving the security of
their sensitive data. Emphasis on slowly. ;)


marchany at vt.edu wrote:
> I don't know what to say......please tell me this is a dream. :-)
> It's a little unbelievable but apparently true. The attached document contains 
> the full details but here is the headline:
> ----------
> Effective 31 May 2006, a security system will be deployed to enhance DISS 
> applications.  The new security system will restrict .net, .org and .edu 
> domains accessing JPAS, ISFD and DCII applications.  Without exception, all 
> .edu domains will be denied access to all automated applications within DISS 
> (JPAS, ISFD, etc.).  DISS will continue to allow users from .mil, .gov and 
> .com domains to access these applications; given the IP address contains a 
> true .mil, .gov or .com.
> -----------
> Here's the best part:
> Organizations with .edu domains, requiring continued access to DISS, should 
> explore options with their internet service provider to convert their .edu 
> domain to an acceptable domain and follow the procedures outlined above.
> ---------------
> I'm glad I'm sitting down as I post this to you guys.
> 	-r.

More information about the unisog mailing list