Committee meeting - December 21, 2017

Darren Bondy
Secretary to the Committee­­­
January 4, 2018

Present: 

Steve Bourque (Chair), Darren Bondy (Secretary), Trevor Bain, Colin Bell, Marko Dumancic,  Erick Engelke, Robyn Landers, Andrew McAlorum, Keith McGowan, Paul Miskovsky, Omar Nafees, Jason Testart

Guests:

Mike Patterson

Regrets:

Andrea Chappell, Daryl Dore, Dave Kibble, Adam Savage

Agenda

  1. Proofpoint Targeted Attack Protection (Mike Patterson [10 min.]
  2. Chair’s remarks [5 min.]
  3. Approval of the minutes of the meeting of November 23, 2017 [5 min.]
  4. Email Technical Working Group: Findings and recommendations (Steven Bourque) [30 min.]
  5. Other Business [10 min.]
  6. Roundtable discussion – all [15 min.]
  1. Next CTSC Meeting

[Will be held Thursday, December 7, 2017, at 1:30 p.m., in EC2 1021.]

Proofpoint Targeted Attack Protection (TAPS)

Mike Patterson attended the meeting to discuss enabling TAPS on Proofpoint for Connect users.

  • IST Security team would like to enable Threat Response (TR) in automatic mode which will allow Proofpoint to automatically pull messages from users’ mailboxes that have been delivered, but later deemed malicious (typically for malware reasons, occasionally for phishing).
    • Pulled messages are stored in a separate mailbox and can be restored or examined by an email administrator.
  • Members present at the meeting have no issues with this feature being enabled.

Chair’s Remarks (Steven Bourque)

  • The Chair reminded members that there is a wiki page set up for future agenda topic ideas.
    • Please feel free to add suggestions and/or offer to present on a topic. 

Approval of the minutes of the previous meeting

The minutes from the previous meeting were accepted as distributed.

Email Technical Working Group (Steven Bourque)

Steven Bourque presented on the email technical working group findings and recommendations. Topics included:

  • Overview
  • Working group membership
  • Tasks/goals/scope
  • Process
  • 4 scenarios and their recommendations

The presentation was distributed to members via the mailing list.

Comments and discussion

  • These scenarios and recommendations within this presentation are high level recommendations; more work is necessary to confirm details and next steps.
  • Under “Recommendations B” it should be noted that the outbound SMTP that should be restricted is port 25.

Other Business

myWaterloo

  • Engineering has opted not to renew the security certificate for myWaterloo effective December 27. Users will need to be directed to SquirrelMail to access their mailservices accounts.

Average cost of a virtual machine

  • As per discussion at the last CTSC meeting, the average cost of a VM is approximately $150.00 not including networking.

New pricing model for NetApp

  • IST is currently looking at a new pricing model for NetApps. More details to come at a future date.

Roundtable Reporting

Computer Science (Lawrence Folland)  

  • We have interest in setting up an app for handling all room and desk assignments for grad students.
    • Engineering is working on something but it is not ready to roll out at this time.

Technology Integrated Services, IST (Steven Bourque)  

  • We are looking into enabling external file sharing within Office 365.
    • Lots of requests have come in for this.

IT Security (Jason Testart)

  • Targeting a go-live date in March for the new Identity and Access Management system.
    • This will be a fairly simple version of it to start.

Next meeting

The next meeting will be held on January 11, 2018 at 1:30pm, in EC2 1021.