SANS: Securing the Human
The Information Security Office manages training provided by SANS. Some of the preset content is
either inconsistent with UB policies and procedures, or requires
further explanation. Please review the following information prior
to taking the SANS course.
Frequently Asked Questions
I can't skip ahead (or back) in the videos?
SANS states, "There have been many clients who asked us to
disable the ability to skip ahead feature. Many were due to
compliance and certification reasons, so it became a permanent
Do I really need prior authorization to connect a wireless access point to the network?
UB doesn't require prior authorization before attaching a
wireless access point to the network. However, we do expect that
access points will be appropriately secured with strong encryption
(not "WEP"). We don’t permit the use of our official SSIDs
(UB Wireless, UB Guest, and UB’s Secure Wi-Fi) as this is
often an indicator of someone trying to intercept traffic. Those
SSIDs are reserved exclusively for the UB Wireless service.
The video recommends encryption. How do I know if I'm using an encrypted network?
We strongly recommend that you use UB’s Secure Wi-Fi,
which is available through ubwifisetup.buffalo.edu (UBITName/password
required) and not UB Wireless or Guest. UB’s Secure Wi-Fi
uses encryption and the other two do not.
Do I really need to turn Wi-Fi off when done using my computer?
No, you do not. Please disregard that statement.
Protecting Your Computer
Should I remove unused programs?
While it's always a good idea to remove old and unused (and
likely unmaintained and unpatched) items from your system, you
should always check with your IT support before making system
Should directory information always be given out?
No. The student may opt to restrict their directory information.
The best way to handle requests for directory information is to
direct the requester to UB's Online Directory. If the student has
restricted their information, it will not appear there. There is no
other mechanism to determine whether or not a student has
restricted their information.
Do I need to show ID before I leave a building?
Disregard this statement. There are several facilities that
require authentication (card swipes) upon entry but none, as far as
we know, that require that you authenticate before leaving.
Summary of Training
The video states that you should contact the CIT Help Desk with related questions.
Disregard that statement. Questions should be directed to the Information