Archive for May, 2012

Software Updates and Patch Management

May 15th, 2012 by dshettle

The number one cause of computer infections on campus is un-patched software.  Bugs are discovered in software on a regular basis, and some of the bugs can lead to software crashes, which can in turn lead to access of areas of memory on a computer where access shouldn’t be granted.  Hackers use these bugs to inject code into memory, which in turn runs and installs more bad code on the computer.  The end effect is often a computer that is controlled by the attacker, either directly or indirectly.

Often, these bugs are known to the software vendors before they are known to the hackers, or at least prior to the hackers managing to use the bugs to widely infect computers.  Software vendors then issue fixes for these bugs, rendering them inert.  Hackers thrive when we do not apply the fixes our software vendors provide.  Either it would interrupt our work, so we delay the installation for days, weeks, even months, or we’ve disabled or never enabled automatic updates in the first place, and are thus unaware that the vendor has issued fixes.  Software commonly targeted includes the Windows operating system, Java, Adobe products, Firefox, and others.

Hackers have written “Exploit Packs” to take advantage of these holes.  An Exploit Pack is a program that contains dozens, sometimes dozens of dozens of exploits, each designed to attack a single bug in a piece of software.  The program cycles through the exploits, looking for one that’ll succeed, not unlike cycling through a large keyring, looking for the one key that’ll open a door.  These exploit packs are then installed on websites, all around the internet.  Some of them manage to find their way onto legitimate websites, possibly through third party advertising networks, or otherwise.  Two recent outbreaks on campus were distributed like this, the Zeroaccess and Flashback malware, both most frequently delivered via exploit packs targeting known bugs in software.  These exploit packs rely heavily on un-patched software.

In order to address this, the College is rolling out centralized software update management, or patch management.  This enables ITS to ensure that all College computers are kept updated, and makes it substantially more difficult for College computers to get infected.  Just as physical plant doesn’t require you to fix the leak in your ceiling, ITS won’t burden you with fixing the holes in your computers’ software any longer.  We will ensure that critical security updates are applied in a timely manner, and in a manner that is the least disruptive to our work schedules.  Every deployment will be postpone-able for up to 10 hours so that you are able to choose the most convenient time for your system to be rebooted. To the extent possible, patches will be bundled together, so instead of having to deal with the updates for Java, Adobe Reader, Adobe Flash, Firefox, and your operating system updates separately, we will be packaging them all together and deploying them at once, minimizing the time it takes to get updated, and minimizing the number of reboots updating requires.  Most update bundles will only require 1 reboot following the deployment.  Some deployments, in particular initially while your system is getting “caught-up”, will require more reboots.

The software works by having an agent on your computer.  The agent tells the server what patches your system is missing, and the server can then schedule the deployment of the patches.  The server automatically calculates the best way to bundle all the patches required, and knows which patches can have their reboots suppressed, and which cannot.  The server determines the best order to apply the patches in, and then sends the patches to the workstation and applies them.  Following the application, the agent tells you that updates have been applied, and that a reboot is required.  You can choose to reboot then, or tell the agent to remind you later.  You will be given up to 10 hours to reboot.  We have agents for Windows, Mac, and Linux.

In labs and classrooms, these updates will be scheduled to occur at night.  Machines will be woken up if powered off and updated, so that during the day, systems will remain available.  On faculty and staff workstations, these updates will be scheduled as needed, and deployed during the day.  As aforementioned, you will be given the option to delay the required reboots so as not to impact you at an inopportune time.

We will be rolling this out gradually over the coming months, and you’ll receive an email showing you what to expect when we roll it out to you.  If you have any questions, or would like to be in the group of early adopters, don’t hesitate to contact me, David Shettler via email, or at x.3073.

Posted in Security | Comments Off on Software Updates and Patch Management

Phishing Persists

May 14th, 2012 by dshettle

The sophistication of phishing varies greatly.  Our latest example is below.

There is nothing real about this.  The email itself has a strange sender, there are issues with grammar, spelling, and punctuation.  The link points to an unfamiliar URL.   The email isn’t signed by an individual, just a title.  Lastly, the content of the message doesn’t quite jive with what the College is doing, though it is coincidentally close.

The email, however, is clearly targeted at us in education.  This is somewhere between “spear phishing”, where an organization is specifically targeted, and normal phishing.  Unfortunately, it happens to coincide with the recent announcements of our migration to Google mail for faculty and staff, which makes to a tad more believable.  If you click on the link, you are sent to a website that solicits a _lot_ of information:

Here the images are blurry, and the red flags are:

  • It is not on a Holy Cross domain name.
  • It is an insecure URL (no https).
  • It is asking for your username and password.
  • You arrived here from a shady email, not a trusted source.

If you fill this form out, the attackers empty your email account, and begin using your email account to spam others with similar messages.

If you happen to fall victim to this attack, please contact the Helpdesk at x. 3548.

Posted in Security | Comments Off on Phishing Persists

Apple iOS software update 5.1.1 should not be overlooked

May 8th, 2012 by dshettle

Apple has released an update to iOS which fixes various security flaws including one particularly dangerous one affecting Safari on iPhones and iPads. ITS strongly recommends users apply the 5.1.1 update as soon as possible.

The major concern with this particular security advisory is that one of the vulnerabilities listed may allow for “remote code execution”, the security industry’s way of saying “bad things like viruses”.  This may open up the iPhone and the iPad to issues similar to those that Mac computers encountered recently with the Flashback virus: what is often called “Drive-by” infection.  Drive-by infection is so named because the victim need not fall for any tricks, as is common versus a Trojan horse.  Instead, all a victim has to do is visit the wrong place on the web, at the wrong time.

While iPads and iPhones have yet to be a major target for malware, it is this type of hole, combined with the prevalence of the devices, that can lead to an outbreak, and for that reason we strongly recommend upgrading to the latest version.

You can update your device by launching “Settings”, choosing “General”, selecting “Software Update”, and following the on-screen instructions from there.

You can read more about the issue in the following articles:

Posted in Security | Comments Off on Apple iOS software update 5.1.1 should not be overlooked

Systems maintenance: Saturday, May 5

May 3rd, 2012 by jnoonan

Faculty, Staff, and Students,

On Saturday, May 5, Information Technology Services staff will be performing required system updates. From 6 a.m. to 10 a.m. the following systems will be intermittently unavailable:

-Eres
-Kiosk workstations
-Kronos (time clocks will remain online)
-Medicat
-One Card vending and laundry
-One Card Hogan deposit center
-Password reset
-Student network file access
-Thin clients

Posted in Uncategorized | Comments Off on Systems maintenance: Saturday, May 5

Holy Cross Faculty and Staff to Go Google!

May 3rd, 2012 by ekeohane

Dear Colleagues,
The IT Steering Committee (comprised of the President, the VPs, and myself) on Monday approved the move of faculty and staff from GroupWise to Google Apps for Education. This comes after a two-year process of information gathering, peer institution comparisons, and the successful move of students to Google Apps. Thank you to all who gave feedback to us.

The main drivers behind the decision are:

  1. The continued viability of GroupWise is in doubt, both in terms of support by the vendor and future capabilities.
  2. The general consensus within Higher Education (and in industry) is that running your own e-mail and calendar system on site is no longer a best practice when comparable external alternatives exist.
  3. The advantages of Google Apps over GroupWise are many, such as:
  • Significantly more space (25gb vs. 250mb)
  • Much better integration with mobile devices such as tablets and smartphones
  • Highly effective SPAM filtering
  • Better compatibility between Windows and Macintosh usage
  • New feature releases far exceeding GroupWise
  • Other “Apps” for image storing, document sharing, web sites, and chat

Information on the transition will be sent regularly from ITS. Here are a few important points:

  1. Faculty and staff email addresses are not changing. We will still be [username]@holycross.edu. Students will continue to have the “g.” in their addresses.
  2. We will move all of your email and calendar items over from GroupWise to Google for you.
  3. The Holy Cross Google/Gmail account is separate from any personal gmail.com account you may already have (though they will work much the same).

What is the expected time frame?
No one will move prior to Commencement. We expect to move ITS and one or two pilot departments some time in June to solidify the transfer process. In July and early August we hope to begin with volunteer “early adopters” who use the basic features of GroupWise (e.g. just email and not shared calendars or proxy accounts). After the busy start of the semester settles down, we anticipate doing a department-by-department transition over the fall (Oct-Dec). When your department moves will be largely up to you and what works best for your department. We hope to have most people moved by the end of the winter break.

What should you do now?
There is nothing that needs to be done on your part now. It would be helpful overall if people cleaned up their email prior to moving. Feel free to do some of that. Detailed instructions will follow as the time approaches for your move to explain such things as getting email out of archives if you have them, saving personal address books if you use those, etc..

Will there be training on the new Apps?
Yes, ITS and our partners across the College will be offering training in a number of ways… through training classes, tip sheets posted on a web site, email, and in-person assistance. Our focus during the transition months will be on assisting with using the new email and calendar apps. If you find use for the additional apps that come with Google Apps for Education, such as for document sharing, image storing, chat, or web sites, these will be available to you. ITS will offer training and assistance with those after getting everyone up and running on email and calendar.

Many people have told me they are eager for this move. I am excited about it. While changes as big as this can and will be disruptive, we are hearing very positive feedback from the many other institutions that have gone Google. We will do our best to make it a smooth transition for Holy Cross.

Please don’t hesitate to reach out to me or any member of my staff with comments or suggestions at any time.
Take care–
–Ellen.

————————————————-
Dr. Ellen J. Keohane
Director, Information Technology Services
College of the Holy Cross
1 College Street
Worcester, MA 01610-2395
ph: 508.793.2652 fax: 508.793.2711

Please consider the environment before printing this e-mail

“Festina Lente” (Hasten Slowly)

Tags:
Posted in Announce | Comments Off on Holy Cross Faculty and Staff to Go Google!

Email security now, and email security under Google Apps

May 3rd, 2012 by dshettle

Email security has been around for over a decade, and while one might think that processes to secure email would have simplified over time, they really haven’t — if anything they’ve become more complex than ever.

The College uses a gateway system to filter incoming email — this system takes several hundred thousand messages a day, and reduces it to several thousands per day.  The vast majority of incoming email is garbage: spam, malware, phishing attacks, and other annoyances.  Every message goes through a complex process to determine whether or not it should actually be received by the recipient:

First, the message is checked against the College “whitelist”.  This list is something we maintain to make sure that specific email from important, “safe” sources does not go through any other checks.  If the sender is on the whitelist, they go right along to the user.  If not, it’s on to the “blacklist” check.  The blacklist check is a check of the sender’s computer against various free and paid databases of known-bad sources.  These lists are not College maintained, we get them as a service.  Sender computers on blacklists get blocked right away, but if they are not on the blacklist, they move on to the spam check, or the word & phrase filters.

The spam filter scans the message for specific attributes that are common in spam, such as specific combinations of words and/or phrases.  Each “hit” on a given word, phrase, or email attribute adds points to the spam rating of the message.  Once completed, the total score is evaluated.  Any message with a score greater than or equal to 6.5 goes into the trash.

Most real email messages score somewhere between 1 and 4. The 6.5 threshold has to be periodically adjusted, and the whitelist constantly tweaked.  Scores for word and phrase combinations also need to be manipulated.  If we’re too conservative, we get lots of spam in our inboxes.  If we’re too aggressive, we start blocking legitimate email.  After scoring, it’s on to a quick virus check, then if all is well, your mailbox.

Over the years we’ve found the right balance, and we constantly strive to maintain it.  But this balance is time consuming, imperfect, and ultimately less effective than new cloud-based solutions like Gmail.  How does the above look when we “go Google”?  More like this:

They do all the work, and from most people’s experiences, they do it better than we do.  In addition, we’ll be purchasing Postini services from Google to further enhance the security of our email, so by most accounts, email will be easier to manage, more available, and more secure.

Posted in Security | Comments Off on Email security now, and email security under Google Apps