University at Buffalo - The State University of New York
Skip to Content

SANS Training

The Information Security office manages SANS Institute "Securing the Human" training to select UB departments. Some of the content is either inconsistent with policies and procedures at UB, or requires further explanation.

General Features

I can't skip ahead (or back) in the videos?

SANS stated "There have been many clients who asked us to disable the ability to skip ahead. Many were due to compliance and certification reasons, so we made that a permanent feature".

Do I really need prior authorization to connect an wireless access point to the network?

UB doesn't require prior authorization before attaching a wireless access point to the network. However, we do expect that access points will be appropriately secured with strong encryption (not "WEP"). However, we do not permit the use of our official SSIDs (eduroam, UB_Secure, UB_Wireless, UB_Guest) as this is often an indicator of someone trying to intercept traffic. Those SSIDs are reserved exclusively for the UB Wi-Fi service.

The video recommends encryption. How do I know if I'm using it?

We strongly recommend that you use eduroam or UB_Secure and not UB_Wireless or UB_Guest. eduroam and UB_Secure uses encryption and UB_Wireless or UB_Guest do not.

Do I really need to turn Wi-fi off when done using my computer?

No you do not. Disregard that statement.

This video says I should remove unused programs?

While it's always a good idea to remove old and unused (and likely unmaintained and unpatched!) items from your system you should always check with your IT support first before making system changes.

A note regarding directory information.

The training implies that directory information may be given out. This is not correct for UB. The student may opt to restrict their directory information. The best way to handle requests for directory information is to direct the requester to the UB Online Directory. If the student has restricted their information, it will not appear there. There is no other mechanism to determine whether or not a student has restricted their information.

The video says I may have to show ID to leave a building?

Disregard this statement. There are several facilities that require authentication (card swipes) upon entry but none, as far as we know, that require that you authenticate before leaving.

The video states that you should contact the Help Desk with questions.

Disregard that statement and instead contact the Information Security Office.