Friday, October 15, 2004
Annual CTC retreat
The annual Carolina Technology Consultants Retreat was held on 10/14/04 in Murphy Hall on UNC's campus.
The Keynote Speaker was Dan Reed, the new Chief Information Officer of UNC. My notes from his speech are as follows:
IT: An Intellectual Lever
IT has become an intellectual lever for human endeavor
It's intended to be an intelligence amplifier
Most successful when invisible
Presentation outline:
Lessons from experience
Consilience examples
Technology enablers
Sociological lessons
ITS reorganization
Information consumes the attention of its recipients.
"Crackberry"
ITS Organizational Change
Principles:
customer focused
opportunity and need driven
nimble, adaptive practices and structures
open to engagement and possibilities
Implications:
organizational flexibility
rapid restructuring
strategic planning and response
empowering and valuing people
CIO's office:
Integrated financial management/budgets
Personnel and human resources
Public relations and communications
Campus and State coordination
Security and regulatory compliance
Strategic planning
Deputy CIO Search Status:
finalists selected; campus interviews are now being scheduled
Four high level components:
Deputy CIO/Associate Vice Chancellor
Associate Vice Chancellor for Planning/Special Projects
area advisory committees
Assistant Vice Chancellor
All slides are on ITS web site (under Dan Reid's homepage) here for example
Our campus is 3-5 years behind the state of the art
Next, of the two morning breakout sessions, I attended the presentation on Wireless Connectivity, which was presented by Chris Colomb, Todd Meath, Mark Ingram, David Rankin
Mark Ingram from Development Office started with a presentation on Blackberries
Uses Exchange and for a few years has had a Blackberry Enterprise server. Integrates with calendar. Blackberry synchs with Blackberry Desktop Manager. For future wants Advise interface for Blackberry. Enterprise server provides encryption and security. Integrates easily with Exchange. Device can be disabled from the management console if it is ever lost (left in a cab, etc.). Ease of use makes it best choice for his department. Wants to see a broader, campus-wide deployment of Blackberry Enterprise Server so he won't need to run his own email server.
Uses Virtual Office in NetWare 6.5. Can do file sharing. File sharing added to Intranet. Demoed Virtual Office. Ties in with Net Storage. This allows distributed access to avoid need for large email attachments. Touts ease of use. No need for VPN client.
According to Chris Colomb the Outlook Connector is a rapidly evolving application and new versions are put up on Shareware frequently. Current version is barely three weeks old.
Mark has several remote users who can get in just fine through an ISP and a VPN and can synch their Blackberries.
Todd Meath
Talked about Push-Pull data with Palm Pilots in Family Medicine. For Push still uses Avantgo, Epocrates drug database, and Campus Calendar. For Pull uses IR beaming. And uses Pendragon for Interactive data. Avantgo.com is still a free service. It's used to retrieve HTML data from any web server. Uses it for both static and highly dynamic data. Uses it to replace several printed documents. Cost savings for printing and lamination of pager numbers alone was $1200 annually. Printing savings of $9000 since 1999. Uses selected calendars from Campus calendar server. Uses groups, resources and other users. Enabled via web access to Campus calendar. Under Security set "Allow Global Agenda Viewing". All Entries must be set to Access=Public. "Email Agenda to a friend" creates an URL that is used to create an Avantgo Channel. It's not an active synchronization.
Uses IR Beaming to pull in speaker notes, presentations, applications, handouts, etc. Uses "Documents to Go" as reader/editor.
For future wants to see synching independent of PC.
Pendragon Internet Forms. It's web based; uses it to easily create and edit forms. It's Pull controlled. Easy to create interactive forms, no coding required. Can be synchronized via PC, IR, 802.11, cell modem. Data is encrypted and inserted into database. Uses a large scale version of the software. Pricey - $5000 (with educational discount). There is also a small scale version for a dedicated, standalone PC which costs $400.
Trouble spots: understanding the methods are available for device/needs. Understanding what "wireless" means: cellular, infrastructure (802.11), Bluetooth, IR. Understanding the limitations. Not all applications support non PC based Sync methods. Applications must be synched sequentially; can't synch all applications in a batch methods. Conduits installed onto Users' systems work well in supported environments. Outcomes diminished as user involvement increased. To solve this, IR is an inexpensive solution: removes standalone PC from the synching equation.
David Rankin was up next with a presentation about handheld computer security.
Presentation is a brief summary of findings on research he did this summer.
The facts: Use of handheld computers (PDAs) is increasing. Useful software on PDA platform increasingly available. PDAs are much more powerful - more memory, more storage, wireless communications.
The challenge: No organizational policies on support of PDAs. No organizations policies on PDA security. Unchecked and unsupported PDAs can be a security problem. A mobile threat vector; can easily bypass perimeter security defenses.
PDA vulnerabilities: Loss of PDA, Virus infection and transmission. Unencrypted corporate/university data. Unsecured wireless technologies. Physical loss of device is #1 security risk. Hardware is trivial, however data on it can be priceless. Research shows that 40% of lost PDAs are lost in taxicabs!! 20% are left in restaurants. Viruses are #2 threat. Majority of PDAs now run a slimmed down version of Microsoft software. Pocket Word & Excel are vulnerable to the same macro viruses as desktop versions of the software.
So, what's on a lost PDA? 85% meeting notes, 80% business names, addresses & email addresses 32% Organizational email and attachments 33% PIN numbers and passwords. ALL UNENCRYPTED!
What can YOU do about it? Establish support, management and security policies. Control PDA purchases. Control loss of PDAs, Password protection.(require a power on password as a minimum. If possible, incorporate biometrics. Include a routine to delete content after certain amount, for example 15, unsuccessful login attempts). Encrypt PDA data (include not only for integrated memory but also removable storage cards). Anti-virus software.
What more can you do? VPN for wireless communication, etc.
See here for more information.
Next up was Chris Colomb who gave a talk on devices supported. Does not want to enforce proprietary device. Supports standards. Life of wireless devices is usually shorter than even laptops and other devices. Phones are getting smarter. PDAs as they are now may not be around much longer. Mentioned Cingular Express mail pilot program. Currently only available for Treo 600. Future is here today with the CWI program. Mentioned calendar synchronization program, after which wireless capabilities already in student calendar will be available for faculty/staff calendar as well.
Palm encryption software: Teal Lock, Splash ID, PDA Defense.
After lunch I attended the breakout session about Teleworking, which was moderated by Ken Yow and featured several panelists. My notes from this session are as follows:
Teleworking training: Carol Vandenboom, Training Coordinator, Enterprise Applications
Teleworking Training Plan:
Pre-training activities
Introduction memos with links to websites, policy draft, FAQ, etc. to present information about what teleworking is and how it works/what works and what doesn't
Actual training
Teleworker's Curriculum
Understand policies and guidelines
Explore communications
Plan workloads & schedules
Address telework issues
distractions, such as children, family that makes noise with TV, chatty neighbors, etc.
Career opportunities: "outta sight outta mind"
what if you hate it?
insurance, taxes, who pays for what?
Plan for success
Manager's Curriculum
Create a concerns list
Manage teleworkers
Manage workloads
how to supervise work and productivity
Explore communication
Build a telework team
How to schedule and plan meetings. What about impromptu meetings?
Address telework issues
Plan for success
Combined Group Curriculum
Answer questions concerning the Telework Policy - Lisa Lipscomb
Identify HR Deliverables - Lisa
Discuss security issues - Andrew Lee
Review the concerns list
Non-Teleworking curriculum
Create a concerns list
Jealousy?
Explore communication
Plan for success
Post training
Teleworking tips for managers & teleworkers
Teleworking websites
Teleworking articles
Manager's Perspective, presented by Ken Yow, Manager, ITS On-Site Support, User Services and Engagement (USE)
There is a written telework policy!
Positives:
improvement in morale (no-cost benefit)
seemingly getting 8+ hours per day
Happy employees work harder
Flexible hours no set work schedule
Varies by manager
No problems, so far, with deadlines being methods
Truly using results oriented evaluation techniques (it's done on time or it's not)
The managers need to get comfortable with the concept of telework before it will happen. The managers won't be able to get to 'watch' the employee.
Negatives:
Scheduling meetings can be difficult
Getting full picture of problems can become difficult
Teleworker's Perspective
Sharon P. Glover, Systems Accountant, Enterprise Applications, Coesus Team
Office setup
Space. Do you have space? Is it converted to office use?
Equipment? Bring machine from office or use own? Tech Support?
Completed off-campus use agreement
Family Impact
Family needs to understand that work time is work time and shouldn't be interrupted
Encountered more problems with in-laws than immediate family. Treated her as 'errand runner,' so had to set boundaries and learn how to say "No" to family and in-laws.
Communication
Had seven team members, 6 of whom telework. Decided that all come in to office on Wednesdays to take care of meetings and other stuff that requires physical interaction.
Used same phone greeting as in the office so that teleworking appears transparent to customers
Organizing for Productivity
Organize tasks that require uninterrupted concentration to do at home and tasks that require interaction or don't require so much focus for office day
Efficient Use of Resources
Telework Statistics
presented by Ken Yow
Total number of original participants: 61
Current number of teleworkers - about 30 (based on ISP reimbursements; may be a bit higher)
Number that started after the original group - 4
Average% of hours per week teleworked - 30%
The final session of the day was a presentation about spam management, and it too featured several panelists.
Doug Douillard: Dental School
Using GFI Spam management on top of Exchange 2003
Uses blacklisting, whitelisting, keyword matching, header checking to identify spam.
Searches headers for malformed MIME, multinumber email address, etc. to identify spam. Searches also in body of message.
Uses Bayesian filter to learn as it goes
Has public folders available to which users can drag and drop messages to identify messages to blacklist, whitelist, etc. They don't use this feature at Dental school to avoid misuse.
Has a spamblock list so that admins can review messages to add to filter.
Admin tools lets you view messages, traffic for one day, and more. Keeps info in a SQL database.
Has options for listservs, footers with disclaimers, web interface, etc.
Users in Dental school have given positive feedback.
Costs $1500/year.
Has been running it for the last six months. Has approx. 760 Exchange accounts.
The setup that they have didn't require any user training
Larry Fritsche - Business School
Pharmaceuticals and health care are currently the most prolific spammers, surpassing even porn. Mortgages and gambling are way off as well. Spam is so prevalent because it works.
Can Spam Act is ineffective. Only about 4% of spam is actually compliant. Don't rely on government to take care of this situation.
Has about 2500 full time active Exchange accounts, as well as grad student accounts.
Spam filtering process: IIS, Banned subnets and IPs. Next, goes through GFI mail Essentials and Antigen. Then goes through Exchange 2003 Intelligent Mail Filers.
In GFI a suite of filters is applied, such as Spamhaus, Subject content, blacklist, message content, embedded only, Bayesian, etc.
Antigen is an antivirus product that contains a spam component, but that is only an added feature and shouldn't be relied on exclusively.
Customer service:
You must know your customers
Are your med students studying Viagra and Cialis
Is someone researching marketing and pornography?
Did your Korean student expect a valid email from a family member or employer?
Privacy - How sensitive are your customers to inspection?
Regulations? Hippa, Sarbox, etc.
Pilot your solutions
Communicate
Primary Decisions
Delete, Quarantine or Deliver? - Products that rate spam are the most flexible
How much admin control do you need? - Antigen vs GFI vs Exchange/Brightmail
Initial cost vs. ongoing? - Brightmail vs. GFI
Outsource? - Valid option but NOT recommended
Best Practices/Tips
Eliminate or greatly reduce the risk of false positives
Costs - Prepare your customers and IT staff for the labor involved. For example, Spam has a labor cost no matter what options your choose
Evaluate the vendor AND the product - Check their business and technical status
Monitor your systems and stay in touch with your customers
Chris Colomb - ITS Messaging
Evolution of Spam
Cantor & Siegel "How to make a fortune of the Information Superhighway" - and spammed 6000 newsgroups
Open relays
Open proxies
Trojan/zombie PCs - when viruses and spam collide
current estimate: 50 - 100 million of these compromised hosts
ROKSO - Registry of Known Spam Operations
200 known spam operations responsible for 90% of spam
How does UNC handle Spam
spam@unc.edu & spam reporting
Source based blocking
Spam blocking: our dynamic block list
updated four times a day (now every hour)
several hundred entries per update
from 7800 entries in May 2003 to 1.6 million entries today
proactive additions based on traffic analysis
Content based locking
Heuristic spam filtering - At 99% effective spam filtering about 5000 spams would go through at UNC
Internal Challenges
http://mail.unc.edu/spam - Spam filter. Uses spamassasin. Marcus Cox is the principal implementer of this product.
New feature: Whitelist sender: way to deal with false positives
Hope to roll this out to general users soon. Main holdup has been a lack of hardware.
New, revised webmail coming soon. http://webmail2.isis.unc.edu
Ken Bradley - ITS Security
You get spam because you are on some sort of list
signed up for promotions or email lists.
downloading applications and registering them
try using a different email account for this kind of thing
'strafing' web pages. Harvesting web pages for email addresses.
Has been used by 12 year old script kiddies.
Avoid by not putting your email addy in web pages or reformatting it, for example by using 'name at x dot y'
Impossible to avoid all of it. Spam will happen!
Spam can be minimized by using rule sets and filters available in email clients.
Comments []
The Keynote Speaker was Dan Reed, the new Chief Information Officer of UNC. My notes from his speech are as follows:
IT: An Intellectual Lever
IT has become an intellectual lever for human endeavor
It's intended to be an intelligence amplifier
Most successful when invisible
Presentation outline:
Lessons from experience
Consilience examples
Technology enablers
Sociological lessons
ITS reorganization
Information consumes the attention of its recipients.
"Crackberry"
ITS Organizational Change
Principles:
customer focused
opportunity and need driven
nimble, adaptive practices and structures
open to engagement and possibilities
Implications:
organizational flexibility
rapid restructuring
strategic planning and response
empowering and valuing people
CIO's office:
Integrated financial management/budgets
Personnel and human resources
Public relations and communications
Campus and State coordination
Security and regulatory compliance
Strategic planning
Deputy CIO Search Status:
finalists selected; campus interviews are now being scheduled
Four high level components:
Deputy CIO/Associate Vice Chancellor
Associate Vice Chancellor for Planning/Special Projects
area advisory committees
Assistant Vice Chancellor
All slides are on ITS web site (under Dan Reid's homepage) here for example
Our campus is 3-5 years behind the state of the art
Next, of the two morning breakout sessions, I attended the presentation on Wireless Connectivity, which was presented by Chris Colomb, Todd Meath, Mark Ingram, David Rankin
Mark Ingram from Development Office started with a presentation on Blackberries
Uses Exchange and for a few years has had a Blackberry Enterprise server. Integrates with calendar. Blackberry synchs with Blackberry Desktop Manager. For future wants Advise interface for Blackberry. Enterprise server provides encryption and security. Integrates easily with Exchange. Device can be disabled from the management console if it is ever lost (left in a cab, etc.). Ease of use makes it best choice for his department. Wants to see a broader, campus-wide deployment of Blackberry Enterprise Server so he won't need to run his own email server.
Uses Virtual Office in NetWare 6.5. Can do file sharing. File sharing added to Intranet. Demoed Virtual Office. Ties in with Net Storage. This allows distributed access to avoid need for large email attachments. Touts ease of use. No need for VPN client.
According to Chris Colomb the Outlook Connector is a rapidly evolving application and new versions are put up on Shareware frequently. Current version is barely three weeks old.
Mark has several remote users who can get in just fine through an ISP and a VPN and can synch their Blackberries.
Todd Meath
Talked about Push-Pull data with Palm Pilots in Family Medicine. For Push still uses Avantgo, Epocrates drug database, and Campus Calendar. For Pull uses IR beaming. And uses Pendragon for Interactive data. Avantgo.com is still a free service. It's used to retrieve HTML data from any web server. Uses it for both static and highly dynamic data. Uses it to replace several printed documents. Cost savings for printing and lamination of pager numbers alone was $1200 annually. Printing savings of $9000 since 1999. Uses selected calendars from Campus calendar server. Uses groups, resources and other users. Enabled via web access to Campus calendar. Under Security set "Allow Global Agenda Viewing". All Entries must be set to Access=Public. "Email Agenda to a friend" creates an URL that is used to create an Avantgo Channel. It's not an active synchronization.
Uses IR Beaming to pull in speaker notes, presentations, applications, handouts, etc. Uses "Documents to Go" as reader/editor.
For future wants to see synching independent of PC.
Pendragon Internet Forms. It's web based; uses it to easily create and edit forms. It's Pull controlled. Easy to create interactive forms, no coding required. Can be synchronized via PC, IR, 802.11, cell modem. Data is encrypted and inserted into database. Uses a large scale version of the software. Pricey - $5000 (with educational discount). There is also a small scale version for a dedicated, standalone PC which costs $400.
Trouble spots: understanding the methods are available for device/needs. Understanding what "wireless" means: cellular, infrastructure (802.11), Bluetooth, IR. Understanding the limitations. Not all applications support non PC based Sync methods. Applications must be synched sequentially; can't synch all applications in a batch methods. Conduits installed onto Users' systems work well in supported environments. Outcomes diminished as user involvement increased. To solve this, IR is an inexpensive solution: removes standalone PC from the synching equation.
David Rankin was up next with a presentation about handheld computer security.
Presentation is a brief summary of findings on research he did this summer.
The facts: Use of handheld computers (PDAs) is increasing. Useful software on PDA platform increasingly available. PDAs are much more powerful - more memory, more storage, wireless communications.
The challenge: No organizational policies on support of PDAs. No organizations policies on PDA security. Unchecked and unsupported PDAs can be a security problem. A mobile threat vector; can easily bypass perimeter security defenses.
PDA vulnerabilities: Loss of PDA, Virus infection and transmission. Unencrypted corporate/university data. Unsecured wireless technologies. Physical loss of device is #1 security risk. Hardware is trivial, however data on it can be priceless. Research shows that 40% of lost PDAs are lost in taxicabs!! 20% are left in restaurants. Viruses are #2 threat. Majority of PDAs now run a slimmed down version of Microsoft software. Pocket Word & Excel are vulnerable to the same macro viruses as desktop versions of the software.
So, what's on a lost PDA? 85% meeting notes, 80% business names, addresses & email addresses 32% Organizational email and attachments 33% PIN numbers and passwords. ALL UNENCRYPTED!
What can YOU do about it? Establish support, management and security policies. Control PDA purchases. Control loss of PDAs, Password protection.(require a power on password as a minimum. If possible, incorporate biometrics. Include a routine to delete content after certain amount, for example 15, unsuccessful login attempts). Encrypt PDA data (include not only for integrated memory but also removable storage cards). Anti-virus software.
What more can you do? VPN for wireless communication, etc.
See here for more information.
Next up was Chris Colomb who gave a talk on devices supported. Does not want to enforce proprietary device. Supports standards. Life of wireless devices is usually shorter than even laptops and other devices. Phones are getting smarter. PDAs as they are now may not be around much longer. Mentioned Cingular Express mail pilot program. Currently only available for Treo 600. Future is here today with the CWI program. Mentioned calendar synchronization program, after which wireless capabilities already in student calendar will be available for faculty/staff calendar as well.
Palm encryption software: Teal Lock, Splash ID, PDA Defense.
After lunch I attended the breakout session about Teleworking, which was moderated by Ken Yow and featured several panelists. My notes from this session are as follows:
Teleworking training: Carol Vandenboom, Training Coordinator, Enterprise Applications
Teleworking Training Plan:
Pre-training activities
Introduction memos with links to websites, policy draft, FAQ, etc. to present information about what teleworking is and how it works/what works and what doesn't
Actual training
Teleworker's Curriculum
Understand policies and guidelines
Explore communications
Plan workloads & schedules
Address telework issues
distractions, such as children, family that makes noise with TV, chatty neighbors, etc.
Career opportunities: "outta sight outta mind"
what if you hate it?
insurance, taxes, who pays for what?
Plan for success
Manager's Curriculum
Create a concerns list
Manage teleworkers
Manage workloads
how to supervise work and productivity
Explore communication
Build a telework team
How to schedule and plan meetings. What about impromptu meetings?
Address telework issues
Plan for success
Combined Group Curriculum
Answer questions concerning the Telework Policy - Lisa Lipscomb
Identify HR Deliverables - Lisa
Discuss security issues - Andrew Lee
Review the concerns list
Non-Teleworking curriculum
Create a concerns list
Jealousy?
Explore communication
Plan for success
Post training
Teleworking tips for managers & teleworkers
Teleworking websites
Teleworking articles
Manager's Perspective, presented by Ken Yow, Manager, ITS On-Site Support, User Services and Engagement (USE)
There is a written telework policy!
Positives:
improvement in morale (no-cost benefit)
seemingly getting 8+ hours per day
Happy employees work harder
Flexible hours no set work schedule
Varies by manager
No problems, so far, with deadlines being methods
Truly using results oriented evaluation techniques (it's done on time or it's not)
The managers need to get comfortable with the concept of telework before it will happen. The managers won't be able to get to 'watch' the employee.
Negatives:
Scheduling meetings can be difficult
Getting full picture of problems can become difficult
Teleworker's Perspective
Sharon P. Glover, Systems Accountant, Enterprise Applications, Coesus Team
Office setup
Space. Do you have space? Is it converted to office use?
Equipment? Bring machine from office or use own? Tech Support?
Completed off-campus use agreement
Family Impact
Family needs to understand that work time is work time and shouldn't be interrupted
Encountered more problems with in-laws than immediate family. Treated her as 'errand runner,' so had to set boundaries and learn how to say "No" to family and in-laws.
Communication
Had seven team members, 6 of whom telework. Decided that all come in to office on Wednesdays to take care of meetings and other stuff that requires physical interaction.
Used same phone greeting as in the office so that teleworking appears transparent to customers
Organizing for Productivity
Organize tasks that require uninterrupted concentration to do at home and tasks that require interaction or don't require so much focus for office day
Efficient Use of Resources
Telework Statistics
presented by Ken Yow
Total number of original participants: 61
Current number of teleworkers - about 30 (based on ISP reimbursements; may be a bit higher)
Number that started after the original group - 4
Average% of hours per week teleworked - 30%
The final session of the day was a presentation about spam management, and it too featured several panelists.
Doug Douillard: Dental School
Using GFI Spam management on top of Exchange 2003
Uses blacklisting, whitelisting, keyword matching, header checking to identify spam.
Searches headers for malformed MIME, multinumber email address, etc. to identify spam. Searches also in body of message.
Uses Bayesian filter to learn as it goes
Has public folders available to which users can drag and drop messages to identify messages to blacklist, whitelist, etc. They don't use this feature at Dental school to avoid misuse.
Has a spamblock list so that admins can review messages to add to filter.
Admin tools lets you view messages, traffic for one day, and more. Keeps info in a SQL database.
Has options for listservs, footers with disclaimers, web interface, etc.
Users in Dental school have given positive feedback.
Costs $1500/year.
Has been running it for the last six months. Has approx. 760 Exchange accounts.
The setup that they have didn't require any user training
Larry Fritsche - Business School
Pharmaceuticals and health care are currently the most prolific spammers, surpassing even porn. Mortgages and gambling are way off as well. Spam is so prevalent because it works.
Can Spam Act is ineffective. Only about 4% of spam is actually compliant. Don't rely on government to take care of this situation.
Has about 2500 full time active Exchange accounts, as well as grad student accounts.
Spam filtering process: IIS, Banned subnets and IPs. Next, goes through GFI mail Essentials and Antigen. Then goes through Exchange 2003 Intelligent Mail Filers.
In GFI a suite of filters is applied, such as Spamhaus, Subject content, blacklist, message content, embedded only, Bayesian, etc.
Antigen is an antivirus product that contains a spam component, but that is only an added feature and shouldn't be relied on exclusively.
Customer service:
You must know your customers
Are your med students studying Viagra and Cialis
Is someone researching marketing and pornography?
Did your Korean student expect a valid email from a family member or employer?
Privacy - How sensitive are your customers to inspection?
Regulations? Hippa, Sarbox, etc.
Pilot your solutions
Communicate
Primary Decisions
Delete, Quarantine or Deliver? - Products that rate spam are the most flexible
How much admin control do you need? - Antigen vs GFI vs Exchange/Brightmail
Initial cost vs. ongoing? - Brightmail vs. GFI
Outsource? - Valid option but NOT recommended
Best Practices/Tips
Eliminate or greatly reduce the risk of false positives
Costs - Prepare your customers and IT staff for the labor involved. For example, Spam has a labor cost no matter what options your choose
Evaluate the vendor AND the product - Check their business and technical status
Monitor your systems and stay in touch with your customers
Chris Colomb - ITS Messaging
Evolution of Spam
Cantor & Siegel "How to make a fortune of the Information Superhighway" - and spammed 6000 newsgroups
Open relays
Open proxies
Trojan/zombie PCs - when viruses and spam collide
current estimate: 50 - 100 million of these compromised hosts
ROKSO - Registry of Known Spam Operations
200 known spam operations responsible for 90% of spam
How does UNC handle Spam
spam@unc.edu & spam reporting
Source based blocking
Spam blocking: our dynamic block list
updated four times a day (now every hour)
several hundred entries per update
from 7800 entries in May 2003 to 1.6 million entries today
proactive additions based on traffic analysis
Content based locking
Heuristic spam filtering - At 99% effective spam filtering about 5000 spams would go through at UNC
Internal Challenges
http://mail.unc.edu/spam - Spam filter. Uses spamassasin. Marcus Cox is the principal implementer of this product.
New feature: Whitelist sender: way to deal with false positives
Hope to roll this out to general users soon. Main holdup has been a lack of hardware.
New, revised webmail coming soon. http://webmail2.isis.unc.edu
Ken Bradley - ITS Security
You get spam because you are on some sort of list
signed up for promotions or email lists.
downloading applications and registering them
try using a different email account for this kind of thing
'strafing' web pages. Harvesting web pages for email addresses.
Has been used by 12 year old script kiddies.
Avoid by not putting your email addy in web pages or reformatting it, for example by using 'name at x dot y'
Impossible to avoid all of it. Spam will happen!
Spam can be minimized by using rule sets and filters available in email clients.
Comments []
