Information Technology News Archive

1996 - 2017

You are here: Home / Archives for Voice and Data Services / Network Security

Network Security

Retiring Windows XP

by

No Windows XP
Microsoft will officially retire Windows XP next week.  This means Microsoft will cease development of security patches for this product. Systems running XP after April 8 will be open to attacks which present significant security risks to individual computers, to any network to which they are connected and to other computers on that network. In almost all cases, UCI systems and any others connecting to UCInet should be upgraded to Windows 7 or Windows 8 or should be removed from service.

In the very few cases where business necessity dictates continued use of Windows XP on UCI systems, suitable measures should be taken to protect other systems and users of UCInet. This may involve configuring the XP system’s network connectivity or, in some cases, disconnecting it from the network altogether.  Such measures will depend on the particular system’s situation.  Owners should consult with their local computing support for departmental recommendations.

Those wishing to migrate to a more current operating system can find a discussion of issues and options on OIT’s XP retirement web page.

Autorun is a Security Risk

by

autorun

There is a feature in the Windows operating system, autorun, which on the face of it seems sensible and useful.  When you attach removable media (CD, DVD, USB key, etc.), Windows will look for a file with instructions on what to do with it, such as which program on the device to run.  This makes installation of software simple (insert the DVD, a screen comes up giving you a variety of options including “install”) and autorun can be used for other handy actions.

However, today autorun is being exploited by the makers of malware to put harmful software on your computer.  It is now considered prudent to disable this feature of Windows.  Microsoft has released security updates to all recent versions of Windows to enable end-users to turn it off, and has published a knowledgebase article with instructions how to install the security update and then disable autorun.  If the technical details get in the way, there is a one-button “Fixit” in the knowledgebase article which will download and run a wizard to turn autorun on or off for you.

 

Computer and Network Security Testing

by

Digital sign

Vulnerability Assessment is a valuable portion of an overall process to ensure the security of hosts on a network.   OIT provides software and services to the campus to assist with the vulnerability assessment process.

Usually done hand-in-hand with risk assessment (i.e., the potential loss to the University in the event of unauthorized access), vulnerability assessment at UCI can be applied to a single system or a group of related computers.  Items to check in such a vulnerability assessment include directory and file permissions, user account and password policies, and current operating system patches.

Some tools are available at no cost to interested individuals to download and employ such as Microsoft’s Baseline Security Analyzer.  Other tools require specialized expertise, such as McAfee Foundstone which OIT licenses.

In addition to scanning a computer internally for vulnerability, OIT can assess the security of a computer’s configuration from the point of view of the network and remote users. Items to check in a network based vulnerability assessment include installed and running services, and local firewall settings.

More information is available at the OIT Security Team’s Vulnerability Assessment page.

OIT Responds to Security Incident

by

Windows security

Between Saturday, February 26th and Sunday, February 27th an unauthorized user was able to gain access to a Microsoft Windows server operated by the Office of Information Technology. The user was able to access files which may have allowed her/him to compromise a large number of passwords.

The OIT Security team identified the abnormal network behavior on Sunday, February 27th and was able to stop the attackers from gaining additional access. The quick response was instrumental in preventing a more serious incident.

At this time, OIT does not believe the user accessed any other data. OIT has engaged an outside forensics company to validate the incident investigation and to add additional expertise to the response team.

In response to the unauthorized access, OIT undertook the complex process of having users change passwords which may have been affected.  In addition, significant time was dedicated to a detailed review of systems and access logs for evidence of inappropriate access and use of stolen user ids and passwords.

OIT is reviewing its processes and procedures to ensure security remains a high focus and priority.

If you notice any unusual activity related to your computer account, such as your account logged in by someone other than you or problems logging in, please notify the OIT Security team, or call the OIT help desk.

Phishing Attempts Continue

by

Phishing

On October 9, 2009, more than 6000 UCI affiliates received an email message claiming that they were required to click on a link which would take them to a web site to update their email accounts. This message has been confirmed to be an example of “phishing,” a malicious attempt to have you divulge personal information in order to allow someone to gain access to your information or services.

The Office of Information Technology (OIT) would like to remind you that you will never be asked for, and you should never provide, your password or other personal information by email. If you ever question a request for information, please contact the OIT Help Desk at (949) 824-2222 or oit@uci.edu so we can help you check its validity.  If you suspect that you have received a phishing email, do not respond to it or click on the links. You may optionally report it to the Anti-Phishing Workgroup, but in any case delete it.

Spear phishing emails are a special type of phishing email targeted to a select group of users. These emails tend to be more specific than a regular phishing email, including information more detailed and familiar to the recipient. As with standard phishing emails, these messages often include a request for personal information and a notification of account suspension or closure for failing to reply.  At UCI, such a message will often simulate official notification from a real campus department such as OIT, and may make reference to your actual account or email address.

More information on phishing and how to protect yourself can be found online.  If you have not already done so, OIT strongly recommends you take the online “Information Security” tutorial available on TED.