New Security Web Site

security

Whether you’re worried about email scams, trying to choose a good password, or deciding if an internet service will keep your data safe, OIT’s new Security web site has advice and answers.

Newly organized around communities with various needs, you can find information collected for your University role (faculty), the information you work with (student records), a question you have (encryption), or services you need (security certificates), you can now find help quickly and easily.

OIT’s IT Security team watches for the latest threats and solutions, follows changes in law and policy, and is ready to advise UCI affiliates in balancing business efficiency, risk mitigation, and privacy protection.  And if you need help you can’t find on the web site, feel free to email security@uci.edu

Your Password is like a Toothbrush

password
Treat your password like your toothbrush: choose a good one, change it regularly, and don’t share it.

Your UCInetID is your gateway to online services at UCI.  Like a skeleton key, it serves as your single credential for most network services on campus.  Use of a UCInetID and password by anyone other than the owner can result in exploitation of UCI resources, loss of personal and university information, and other potentially severe consequences.

You are responsible for anything done with your UCInetID.  Keep your UCInetID password to yourself.  Don’t share it, don’t keep it in a computer file, and don’t write it down.

IT security is a responsibility we all share.  Many cyber-security breaches begin with an innocent but incautious act.  Let’s all keep UCI safe.

Stay Safe While Using Cloud Services

Cloud services such as Dropbox and Google Docs are becoming increasingly useful, numerous, and popular. You can work with your information – documents, photos, videos – from any internet-connected computer (including your phone) and trust that the information is backed up and secure.

However, when it comes to university data, additional considerations come into play. Are these services compatible with issues of privacy and security, federal and state law, and university policy?

OIT has published a document to help guide faculty and staff in the use of cloud services for UCI business. Highlights include three fundamental ideas you must keep in mind while using cloud services, a list of business situations for which cloud services are almost certainly inappropriate, and links to further reading.

Cloud services promise to save us time and money, and offer us the ability to share information and collaborate with unprecedented ease. However, in the university business context, additional prudence is in everyone’s best interests.

Autorun is a Security Risk

autorun

There is a feature in the Windows operating system, autorun, which on the face of it seems sensible and useful.  When you attach removable media (CD, DVD, USB key, etc.), Windows will look for a file with instructions on what to do with it, such as which program on the device to run.  This makes installation of software simple (insert the DVD, a screen comes up giving you a variety of options including “install”) and autorun can be used for other handy actions.

However, today autorun is being exploited by the makers of malware to put harmful software on your computer.  It is now considered prudent to disable this feature of Windows.  Microsoft has released security updates to all recent versions of Windows to enable end-users to turn it off, and has published a knowledgebase article with instructions how to install the security update and then disable autorun.  If the technical details get in the way, there is a one-button “Fixit” in the knowledgebase article which will download and run a wizard to turn autorun on or off for you.

 

Computer and Network Security Testing

Digital sign

Vulnerability Assessment is a valuable portion of an overall process to ensure the security of hosts on a network.   OIT provides software and services to the campus to assist with the vulnerability assessment process.

Usually done hand-in-hand with risk assessment (i.e., the potential loss to the University in the event of unauthorized access), vulnerability assessment at UCI can be applied to a single system or a group of related computers.  Items to check in such a vulnerability assessment include directory and file permissions, user account and password policies, and current operating system patches.

Some tools are available at no cost to interested individuals to download and employ such as Microsoft’s Baseline Security Analyzer.  Other tools require specialized expertise, such as McAfee Foundstone which OIT licenses.

In addition to scanning a computer internally for vulnerability, OIT can assess the security of a computer’s configuration from the point of view of the network and remote users. Items to check in a network based vulnerability assessment include installed and running services, and local firewall settings.

More information is available at the OIT Security Team’s Vulnerability Assessment page.