Return-Path: <security-internal-request@MIT.EDU>
Received: from grand-central-station.MIT.EDU by po12.mit.edu (8.9.2/4.7) id IAA20444; Fri, 19 Jan 2001 08:59:18 -0500 (EST)
Received: from melbourne-city-street.MIT.EDU (MELBOURNE-CITY-STREET.MIT.EDU [18.69.0.45]) by grand-central-station.MIT.EDU (8.9.2/8.9.2) with ESMTP id IAA13449 for <security-internal@mit.edu>; Fri, 19 Jan 2001 08:59:16 -0500 (EST)
Received: from [216.254.65.44] (wingnut.bobmah.com [216.254.65.44]) by melbourne-city-street.MIT.EDU (8.9.3/8.9.2) with ESMTP id IAA17445 for <security-internal@mit.edu>; Fri, 19 Jan 2001 08:59:16 -0500 (EST)
Mime-Version: 1.0
Message-Id: <p04320404b68df84e4198@[216.254.65.44]>
Date: Fri, 19 Jan 2001 08:59:13 -0500
To: Security Team <security-internal@mit.edu>
From: Bob Mahoney <bobmah@MIT.EDU>
Subject: Did I forget anything?
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
X-Evolution: 00000063-0000

I sent this in this morning, but if I forgot anything huge, drop a  note...

(Note: I included the 100 logs Matt closed in the log-busting total)

-Bob
-----------
For the Quarterly Report (Numbers based on the last 90 days):

We opened 193 new cases this quarter.  We have 286 open cases at this time.

We held a half-day 'log-busting' session during IAP, where we worked 
to close logs in a concentrated and cooperative manner.   This allows 
all team members could share information, consult with team leaders, 
and work to clean up cases.  Many of these were merely awaiting final 
word from clients, and we closed several external logs where we have 
been unable to contact the initiator.  The 5-hour session closed 160 
logs.

Our average open case load is slightly higher at present, usually 
being around 200.  (We are in the unique position of opening large 
numbers of logs for sometimes reluctant clients, and we carry a fair 
bit of these along while waiting for customer action)

Team servers and scanning machines have been moved to the W92 machine room.

For the second year, team members have taught IAP security classes. 
Kevin Fu and Roger Dingledine taught a 3-hour course, "Concepts in 
Computer and Network Insecurity", which was very well received, with 
over 100 attendees.  (Info at 
http://websis.mit.edu/searchiap/iap-2434.html)  This class has also 
been submitted to USENIX as a proposed tutorial.

A campus Intrusion Detection System is being put into place at the 
network border, to help us to discover probes and trends before they 
become problems.  A second portable machine is being built to make 
that capability available for use in "hot spots" around campus as 
needed.

We hired 4 new students this past semester, to fill open positions 
and address an ongoing manpower crunch.  Unfortunately, we will be 
losing 5 students to graduation over the next quarter, so this need 
continues to be a priority.

Projects for the next quarter include:  Team ID cards, Intrusion 
Detection deployment, and the deployment of several services to 
assist in team work, such as a team PGP-signer.  We are also 
preparing for a large-scale mailing in February to all users who have 
made insecure connections to the dialup servers, and also to all 
private Athena workstations owners who currently allow insecure 
connections to their machines.  Also, several team members will be 
attending a Computer Forensics class at BU in March.  Additional 
training opportunities will be pursued as they become available.

--- end forwarded text