Information Technology News Archive

1996 - 2017

You are here: Home / Archives for Isaac Straley

Isaac Straley

OIT Responds to Security Incident

by

Windows security

Between Saturday, February 26th and Sunday, February 27th an unauthorized user was able to gain access to a Microsoft Windows server operated by the Office of Information Technology. The user was able to access files which may have allowed her/him to compromise a large number of passwords.

The OIT Security team identified the abnormal network behavior on Sunday, February 27th and was able to stop the attackers from gaining additional access. The quick response was instrumental in preventing a more serious incident.

At this time, OIT does not believe the user accessed any other data. OIT has engaged an outside forensics company to validate the incident investigation and to add additional expertise to the response team.

In response to the unauthorized access, OIT undertook the complex process of having users change passwords which may have been affected.  In addition, significant time was dedicated to a detailed review of systems and access logs for evidence of inappropriate access and use of stolen user ids and passwords.

OIT is reviewing its processes and procedures to ensure security remains a high focus and priority.

If you notice any unusual activity related to your computer account, such as your account logged in by someone other than you or problems logging in, please notify the OIT Security team, or call the OIT help desk.

Phishing Attempts Continue

by

Phishing

On October 9, 2009, more than 6000 UCI affiliates received an email message claiming that they were required to click on a link which would take them to a web site to update their email accounts. This message has been confirmed to be an example of “phishing,” a malicious attempt to have you divulge personal information in order to allow someone to gain access to your information or services.

The Office of Information Technology (OIT) would like to remind you that you will never be asked for, and you should never provide, your password or other personal information by email. If you ever question a request for information, please contact the OIT Help Desk at (949) 824-2222 or oit@uci.edu so we can help you check its validity.  If you suspect that you have received a phishing email, do not respond to it or click on the links. You may optionally report it to the Anti-Phishing Workgroup, but in any case delete it.

Spear phishing emails are a special type of phishing email targeted to a select group of users. These emails tend to be more specific than a regular phishing email, including information more detailed and familiar to the recipient. As with standard phishing emails, these messages often include a request for personal information and a notification of account suspension or closure for failing to reply.  At UCI, such a message will often simulate official notification from a real campus department such as OIT, and may make reference to your actual account or email address.

More information on phishing and how to protect yourself can be found online.  If you have not already done so, OIT strongly recommends you take the online “Information Security” tutorial available on TED.

Phishing on the Rise

by


Phishing

Phishing is a name for fraudulent email messages sent by thieves to lure the recipient into divulging personal or financial information. Thieves can then use this information for mischief or profit.

These email messages pretend to be from well-known, legitimate businesses or organizations, and increasingly look as if they actually are.  We’ve seen phishing messages sent to UCI email accounts that have used the NACS name and logo in an attempt to look as genuine as possible.

These messages will often try to create a sense of urgency so the recipient won’t stop to think about the legitimacy of the message.

If you suspect that you have received a phishing email, do not respond to it or click on the links. Reputable organizations, including NACS, will never send an email message requesting personal information such as passwords or financial information. Always be wary of messages requesting such personal information.

For ways to recognize phishing email messages, and for additional information about phishing, see http://security.uci.edu/email/phishing.php

If you are unsure whether an email message about your account is a phishing email or not, call the organization directly to determine the status of your account. The NACS Response Center may be contacted at 949-824-2222 for questions about UCI accounts.

Enhancing UCI’s Internet Firewall through “Server Registration”

by

In September 2007, NACS changed the configuration of the campus network to improve security.  UCI’s Internet firewall (a device that controls off-campus access to UCI computers) now denies inbound connections except the ones that have been approved in advance by faculty and staff. This protects most campus systems from unauthorized access while preserving off-campus connectivity wherever it is needed.

Directing Network Traffic

Directing Network Traffic

The process of authorizing specific off-campus connections is called “server registration” although it is not limited to servers in the traditional sense. If you own or manage a computer that needs to accept network connections from off campus, you can define what kinds of access are needed using a Web-based form. You can then manage all the machines you are responsible for, using a set of online tools.  Please check with your local support, because some units coordinate server registration on behalf of users.

Registration offers a simplified configuration process for common situations, such as remote access — secure shell (SSH) or Microsoft Remote Desktop — or systems that really are servers and are already protected by firewalls. If you manage a large number of systems, you can register them as a group by email request to security@uci.edu .

Since server registration was implemented last September, 4.5 billion unauthorized probes from off campus have been blocked, or roughly 12 million per day.

A more complete description of this service and how to use it can be found on the server registration web page.

Server Registration

by

NACS is always looking for new ways to protect users on UCInet from network-based attacks. One upcoming strategy is to deny inbound connections to campus computers except the ones that have been approved in advance by faculty and staff. This will protect most campus systems from unauthorized access while preserving off-campus connectivity wherever it is needed.

The process of allowing authorizing specific off-campus connections is called “server registration” although it is not limited to servers in the traditional sense. If you own or manage one of the relatively few computers that needs to accept network connections from off campus, you can specify what kind of access is needed on the server registration form: http://www.nacs.uci.edu/network/servers/registration.php .

The form offers a simplified process for common situations, such as remote access (SSH & Remote Desktop Protocol), or systems that really are servers and are already protected by firewalls. If you manage a large number of systems, you can register them as a group by email request to security@uci.edu .

A more complete description of this service, and frequently asked questions can be found at: http://www.nacs.uci.edu/network/servers/ .