Airwatch Improves Smart Phone Security

As more UCI faculty and staff rely on mobile computing, the campus faces new risks.  Mobile devices (phones, tablets) are easier to lose and provide targets for theft.  The device then may grant unauthorized access to university systems and information.

Airwatch is a software package that allows centralized management of iPhone and iPad devices without the need to have physical access.  With Airwatch, OIT staff can set policies, configure devices (including email setup), enforce strong passwords, and in the event of theft, force the device to erase itself.

Airwatch is in pilot use by the department of Athletics, which is obliged by NCAA regulations to implement strong protections for their information on student athletes.  In the future, OIT plans to offer Airwatch protection to additional university owned iPhones and iPads, and is exploring options for similar protections for the Android and Blackberry platforms.

Network Security Vulnerability Scans

hacking

The OIT Security Team has begun implementing periodic scans of all hosts connected to the UCI network for the most common and high impact network and web security vulnerabilities.

The purpose to these scans is to find unprotected systems before hackers do.  We can then work with system owners to better protect their computers and data.

Since these scans are benign versions of the attacks hackers use, you may notice certain behaviors in your computer:

  • Your log files may show attempts to login from strange addresses or multiple failures in a row that you don’t expect.  Web access logs may show many requests from the same IP including strange URLs.
  • If you allow anonymous updates to your websites (i.e. no login required), junk data or what looks like spam may be inserted into your application’s database or email forms.
  • If web application uses a database and vulnerable to input injection, regular database queries with altered SQL could take longer to run, connection pools may fill up and requests hang waiting for new connections.

If you observe any of these behaviors, treat it as you would any security breach.  This may include contacting OIT’s IT security team. If these scans discover a vulnerability, IT Security will contact you with advice.  More information can be found on the Security Vulnerability Scans web site.

Autorun is a Security Risk

autorun

There is a feature in the Windows operating system, autorun, which on the face of it seems sensible and useful.  When you attach removable media (CD, DVD, USB key, etc.), Windows will look for a file with instructions on what to do with it, such as which program on the device to run.  This makes installation of software simple (insert the DVD, a screen comes up giving you a variety of options including “install”) and autorun can be used for other handy actions.

However, today autorun is being exploited by the makers of malware to put harmful software on your computer.  It is now considered prudent to disable this feature of Windows.  Microsoft has released security updates to all recent versions of Windows to enable end-users to turn it off, and has published a knowledgebase article with instructions how to install the security update and then disable autorun.  If the technical details get in the way, there is a one-button “Fixit” in the knowledgebase article which will download and run a wizard to turn autorun on or off for you.

 

Computer and Network Security Testing

Digital sign

Vulnerability Assessment is a valuable portion of an overall process to ensure the security of hosts on a network.   OIT provides software and services to the campus to assist with the vulnerability assessment process.

Usually done hand-in-hand with risk assessment (i.e., the potential loss to the University in the event of unauthorized access), vulnerability assessment at UCI can be applied to a single system or a group of related computers.  Items to check in such a vulnerability assessment include directory and file permissions, user account and password policies, and current operating system patches.

Some tools are available at no cost to interested individuals to download and employ such as Microsoft’s Baseline Security Analyzer.  Other tools require specialized expertise, such as McAfee Foundstone which OIT licenses.

In addition to scanning a computer internally for vulnerability, OIT can assess the security of a computer’s configuration from the point of view of the network and remote users. Items to check in a network based vulnerability assessment include installed and running services, and local firewall settings.

More information is available at the OIT Security Team’s Vulnerability Assessment page.

Phishing Attempts Continue

Phishing

On October 9, 2009, more than 6000 UCI affiliates received an email message claiming that they were required to click on a link which would take them to a web site to update their email accounts. This message has been confirmed to be an example of “phishing,” a malicious attempt to have you divulge personal information in order to allow someone to gain access to your information or services.

The Office of Information Technology (OIT) would like to remind you that you will never be asked for, and you should never provide, your password or other personal information by email. If you ever question a request for information, please contact the OIT Help Desk at (949) 824-2222 or oit@uci.edu so we can help you check its validity.  If you suspect that you have received a phishing email, do not respond to it or click on the links. You may optionally report it to the Anti-Phishing Workgroup, but in any case delete it.

Spear phishing emails are a special type of phishing email targeted to a select group of users. These emails tend to be more specific than a regular phishing email, including information more detailed and familiar to the recipient. As with standard phishing emails, these messages often include a request for personal information and a notification of account suspension or closure for failing to reply.  At UCI, such a message will often simulate official notification from a real campus department such as OIT, and may make reference to your actual account or email address.

More information on phishing and how to protect yourself can be found online.  If you have not already done so, OIT strongly recommends you take the online “Information Security” tutorial available on TED.