Information Technology News Archive

1996 - 2017

You are here: Home / Archives for Network Security

Network Security

Phishing on the Rise

by


Phishing

Phishing is a name for fraudulent email messages sent by thieves to lure the recipient into divulging personal or financial information. Thieves can then use this information for mischief or profit.

These email messages pretend to be from well-known, legitimate businesses or organizations, and increasingly look as if they actually are.  We’ve seen phishing messages sent to UCI email accounts that have used the NACS name and logo in an attempt to look as genuine as possible.

These messages will often try to create a sense of urgency so the recipient won’t stop to think about the legitimacy of the message.

If you suspect that you have received a phishing email, do not respond to it or click on the links. Reputable organizations, including NACS, will never send an email message requesting personal information such as passwords or financial information. Always be wary of messages requesting such personal information.

For ways to recognize phishing email messages, and for additional information about phishing, see http://security.uci.edu/email/phishing.php

If you are unsure whether an email message about your account is a phishing email or not, call the organization directly to determine the status of your account. The NACS Response Center may be contacted at 949-824-2222 for questions about UCI accounts.

Enhancing UCI’s Internet Firewall through “Server Registration”

by

In September 2007, NACS changed the configuration of the campus network to improve security.  UCI’s Internet firewall (a device that controls off-campus access to UCI computers) now denies inbound connections except the ones that have been approved in advance by faculty and staff. This protects most campus systems from unauthorized access while preserving off-campus connectivity wherever it is needed.

Directing Network Traffic

Directing Network Traffic

The process of authorizing specific off-campus connections is called “server registration” although it is not limited to servers in the traditional sense. If you own or manage a computer that needs to accept network connections from off campus, you can define what kinds of access are needed using a Web-based form. You can then manage all the machines you are responsible for, using a set of online tools.  Please check with your local support, because some units coordinate server registration on behalf of users.

Registration offers a simplified configuration process for common situations, such as remote access — secure shell (SSH) or Microsoft Remote Desktop — or systems that really are servers and are already protected by firewalls. If you manage a large number of systems, you can register them as a group by email request to security@uci.edu .

Since server registration was implemented last September, 4.5 billion unauthorized probes from off campus have been blocked, or roughly 12 million per day.

A more complete description of this service and how to use it can be found on the server registration web page.

Password Security

by

NACS has recently upgraded its password infrastructure to allow for longer passwords. Longer passwords are more secure because it becomes prohibitively difficult to discover a password by computationally grinding through all the possibilities. The “rules” for choosing a good password still stand: use a combination of upper- and lower-case letters, numbers, and punctuation; don’t use recognizable strings (dictionary words, runs of keys as they appear on the keyboard, multiple copies of the same letter) or personal information (name, UCInetID, birthday, employee ID number). A summary of password guidelines can be found at http://www.nacs.uci.edu/ucinetid/password.html

It is also strongly recommended to change your password at least once a year. Long-lived passwords accumulate risk as the number of times and places they are used increases. One of the major risks today’s users are exposed to are so-called “key loggers,” small programs that hide on a computer and watch everything that is typed. Regular security scans (e.g., virus checkers), applying security patches, and caution with regard to opening email attachments or visiting unfamiliar web sites will help protect you from key loggers.

Security may seem inconvenient, and costs the University resources that we’d rather use in other ways, but it is an inescapable part of providing reliable network services, and much cheaper than the loss of valuable research data or identity theft. NACS will continue to watch the security landscape, make necessary advances in network security, and work with users and departments to help protect UCI.

Blocking Misbehaving Systems Protects UCInet

by

NACS is working hard to ensure that a robust and secure UCInet is always available to do the University’s business. To that end, we will occasionally deny access to systems which threaten the safe operation of the network.

Whenever a system connected to the UCInet is discovered attacking other computers, or engaging in other forms of inappropriate behavior (such as the illegal distribution of copyrighted material), NACS may block that system from further network access. Occasionally, NACS may also block systems that have not been patched in a timely manner against particularly nasty viruses.

There are two simple strategies you can follow if you suspect your system has been blocked. You can search the blocked systems list athttp://www.nacs.uci.edu/ucinet/blocked/ (usually, you’ll need to use an unblocked system to do that). Or, you can call NACS at (949) 824-2222. Our helpful consultants will explain why your system was blocked, and what to do to correct the problem. Generally, once you have taken the appropriate steps, the system can be unblocked within a few hours. Please note, however, that unblocking can only be performed during regular business hours except in emergency situations.

NACS is responsible for UCInet, but you are responsible for the proper operation of your own systems. By staying up to date on security patches, and by carefully abiding by the Computer and Network Use Policy at http://www.policies.uci.edu/adm/pols/714-18.html you can preserve your access to the UCInet and help guarantee a secure and reliable service for the entire campus.

Tripwire Watches for Hackers

by

There are a great many ways malicious users of the Internet are devising to sneak software onto a computer. It can be simply annoying but benign (adware), invasive of privacy (tracking visited web sites), and even destructive.

Security patches and firewalls are excellent defensive measures, but if something gets past those defenses, it’s important to find out before any data can be stolen or destroyed. And if your department runs a server, any disruption can be far-reaching.

Wouldn’t it be nice if something monitored the software installed on a key computer, and the configuration of the system, and notified the appropriate person any time it spotted a change? He or she could ignore changes that were deliberate, but take swift action when something was changed without permission.

This is just what Tripwire offers. Tripwire takes a snapshot of a computer, and stores this “baseline configuration” in a database. It then makes regular “integrity checks” and reports any changes (what changed, when, and by whom). Authorized changes become part of a  new baseline configuration.

Tripwire is available for Linux, Sun’s Solaris, HP’s OSF1, IBM’s AIX, and Microsoft Windows. NACS systems administrators, as well as Computing Support Coordinators in some other campus units, are deploying Tripwire to protect their key servers. The NACS Distributed Computing Support (DCS) group is also deploying Tripwire on servers it has under contract, thereby making the benefits of the software available to DCS clients.

A recent UC system wide agreement has made the Tripwire software very affordable. Departmental computing support staff and others interested are invited to contact NACS to discuss deploying Tripwire in their units.