Information Technology News

The latest news from the Office of Information Technology

You are here: Home / Archives for Computer Security

Computer Security

OIT Responds to Security Incident

by

Windows security

Between Saturday, February 26th and Sunday, February 27th an unauthorized user was able to gain access to a Microsoft Windows server operated by the Office of Information Technology. The user was able to access files which may have allowed her/him to compromise a large number of passwords.

The OIT Security team identified the abnormal network behavior on Sunday, February 27th and was able to stop the attackers from gaining additional access. The quick response was instrumental in preventing a more serious incident.

At this time, OIT does not believe the user accessed any other data. OIT has engaged an outside forensics company to validate the incident investigation and to add additional expertise to the response team.

In response to the unauthorized access, OIT undertook the complex process of having users change passwords which may have been affected.  In addition, significant time was dedicated to a detailed review of systems and access logs for evidence of inappropriate access and use of stolen user ids and passwords.

OIT is reviewing its processes and procedures to ensure security remains a high focus and priority.

If you notice any unusual activity related to your computer account, such as your account logged in by someone other than you or problems logging in, please notify the OIT Security team, or call the OIT help desk.

Computer Security News

by

Did you ever wonder if your firewall hardware has known vulnerabilities? Would you like to read an authoritative document on securing Microsoft’s Web Server, IIS? Are you curious about the impact of latest Internet worm?

NACS makes a diligent effort to stay current on issues of network security, to make UCInet the safest infrastructure it can be, consistent with the mission of a public University. We are working with system administrators around campus to upgrade software and close security holes. Nevertheless, an informed community is perhaps our best defense against malicious network attacks.

If you would like an easy way to enhance your knowledge of computer security, do what we at NACS do: subscribe to the weekly newsletter published by the SANS Institute, “SANS NewsBites.” For a free subscription e-mail sans@sans.org with the subject: “Subscribe NewsBites”. Archives of the newsletter can be found at http://archives.neohapsis.com/archives/sans/

Computer Security

by

Computer Viruses and Hoaxes

New computer viruses arrive daily. There are a few practical steps that everyone can take to help keep computers safe.

First, be sure that your computer has updated anti-virus software installed. All modern anti-virus software can be configured for automatic updates. If your computer is using VirusScan, the “About…” menu item should report a Scan Engine of 4.1.40 and a virus definition creation date within one week of the current date. Ask your school’s computing help desk for assistance in configuring your software if you need it.

Many computer viruses arrive as e-mail attachments. Use caution when opening attachments. For example, if your co-worker routinely sends you Excel spreadsheets which you collaborate on, you would expect to open those. But if the same associate sends you a Visual Basic script (a file whose name ends with .vbs), DON’T OPEN IT! It’s probably a virus. Use the good old-fashioned telephone to call and confirm that your co-worker meant to send you an unusual attachment. In general, never open an email attachment unless you know what it is — even if it comes from someone you know and trust: many viruses exploit innocent users and computers to spread themselves.

Another problem is virus hoaxes. Whenever you see a message informing you to e-mail “everyone you know”, it’s probably a hoax. It may even be carrying a virus. DON’T e-mail everyone you know. Instead check with your computing support help desk, or check the Web for hoax reports. Places to check include:

Links on these pages to commercial Web sites do not represent endorsement by the University of California or its affiliates.

Computer Security

by

NACS Distributed Computing Support has developed software to improve campus computer security.

In the same way a night watchman proceeds through a building, turning doorknobs to check that they’re locked, hackers scan the network looking for open ports on computers. The new NACS system collects and analyzes information from UCI Unix and Linux computers to check for activity indicative of possible misuse or attempted misuse.

This system is modeled on security features integral to Linux, and delivered to other Unix systems on campus through NACS’s autoinstall software. It depends on modified network applications (such as telnet and ftp) which are often used for compromising system security. These modified applications report to NACS’s logging system whenever they are used. Certain patterns of use are clues that a particular system may need attention.

Intrusion efforts which can be caught by this system range from the simple-minded (probing for improperly secured network ports) to some very sophisticated kinds of attacks (e.g., “buffer overflow” exploits). While the only way to guarantee a computer is safe from network-based attacks is to remove it from the network, this new system represents another way NACS is making it harder to cause harm to UCI computers.

Linux Security Talk

by

On September 9th, over 40 users and supporters of the Linux operating system attended a 2 hour talk by NACS’ Ted Gielow concerning security issues. Linux has been growing in popularity as an inexpensive and effective variety of the UNIX operating system, as it accommodates both computational and e-mail/Web server uses. Linux systems are very powerful and easy to setup, but are vulnerable to attack if not setup and maintained properly. Break-ins jeopardize computer availability, as well as valuable data and other academic pursuits. Since systems are connected to the campus network, they can be used to disrupt departmental or network communications and are thus a campus-wide concern.

Ted, who is a member of NACS’ Computing/Network Security Team, gave helpful hints on permission settings and on commands to determine what is running, who is connected, and more. He dispelled myths about hackers, discussed how to reduce exposure to network break-ins, talked about security software, and made suggestions for system administration and backups.

See the following document for information on making a UNIX system more secure:

http://www.nacs.uci.edu/support/dcs/security/hardening.html

Keeping a system secure is an ongoing effort — if you are interested in someone else doing it for you, NACS’ Distributed Computing Support (DCS) group provides support services for Red Hat Linux and other UNIX variants. See the following for information on DCS services:

http://www.nacs.uci.edu/support/sysadmin/sysadmin.html

Please contact us at our NACS@UCI.EDU e-mail address to express interest in future seminars, or if you have any Linux or system security concerns.