Archive for the ‘Security’ Category

« Older Entries

Data Destruction Day 2

September 9th, 2013 by dshettle

Information Technology Services and Physical Plant’s Environmental Services are pleased to announce our second “Data Destruction Day.” On October 3rd, in front of O’Kane on Linden Lane, the College’s shredding partner, ProShred, will be stationed with their paper and hard drive shredding trucks from 9am to 11am. Once again, bring in any paper items, old hard drives, floppy drives, thumb drives, CDs, DVDs, zip drives, audio tapes, and ProShred will physically destroy them onsite.  This year, Physical Plant’s Environmental Services is sponsoring a container to recycle your computer and computer peripherals as well.

Last year we trimmed College storage rooms and filing cabinets of roughly 4,000 pounds of paper, and 150 pounds of electronic storage media. Let’s try to beat those numbers this year. Those dot matrix reports that haven’t been a tree since 1976? That CD with your parent’s tax return from 1998 in the milk crate under your desk? Bring them. Even bring things from home, with the caveat that the College isn’t responsible for its security (though you’ll get to watch it be destroyed, so don’t let the disclaimer spook you).

All materials destroyed are recycled where possible by ProShred.  All computers and peripherals will also be recycled by Environmental Services.

As with last year, some ground rules:

  • This event is open only to Holy Cross Faculty, Students and Staff. Bring your HC ID.
  • As aforementioned, bring material from home if you’d like, but the College isn’t responsible if you lose it or it otherwise vanishes prior to destruction.
  • Electronic media is limited to hard drives, flash/thumb drives, CD’s, DVD’s, floppy disks, tapes, and zip drives. If you have an old computer, we can help you remove the hard drive that day and Environmental Services will recycle the shell and your computer peripherals.
  • Environmental Services will only take and recycle your old computer and its peripherals (keyboard, mouse, monitor, etc.)  Strict limit of 1 monitor per computer.  They will not take your 1980’s living room entertainment center, or the storage unit full of old microwaves! No T.V.s, VCRs, etc.
  • Get the necessary approvals before bringing stuff. Emptying that filing cabinet may seem like a good idea, but make sure none of it is needed any longer. If in doubt, ask.
  • Don’t leave anything you bring to the event unattended on the way.

If you have any questions, don’t hesitate to ask.

Posted in Announce, Security | Comments Off on Data Destruction Day 2

Password Security and Hacked Passwords

May 1st, 2013 by dshettle

Over the last 12 months, hackers have been targeting passwords of users through various resources on the Internet. In recent months, the following major websites have had their password databases stolen:

  • LivingSocial (50 million accounts)
  • Evernote (50 million accounts)
  • Zappos (24 million accounts)
  • LinkedIn (6.5 million accounts)
  • eHarmony (1.5 million accounts)
  • Last.fm (undisclosed but estimated at over 16 million)

These attacks highlight the need to keep isolated credentials. Make sure the passwords you use for College resources are unique, and not similar to any password you use for external resources. In addition, you should keep your Holy Cross network password unique from your Holy Cross Gmail password. This “isolation” of passwords ensures that if one were to be compromised, the other is not. Another smart step to take is to enroll in Gmail’s 2-Step Verification. This is optional, but it will make it substantially harder for someone to steal control of your College gmail account. Details on 2-Step Verification are found here:

http://support.google.com/accounts/bin/answer.py?hl=en&answer=180744

If you have used any of the aforementioned websites over the last year, and your password on those sites is even remotely similar to your College network password or College Gmail password, you are really must change your passwords. You may do by visiting our website, going to the Login page, and clicking on the “Password Reset” link.

Posted in ITS News, Security | Comments Off on Password Security and Hacked Passwords

Why we re-image after a virus infection alert

April 5th, 2013 by dshettle

The standing practice in ITS is to re-image a computer when it is infected with a virus.  This process is a headache, both for the assigned user (in possible loss of stored data, definite loss time and productivity) and ITS (time to re-image, re-install software, etc.). In many cases the individual with the infected computer asks us why we can’t just “clean” the machine instead.

Viruses and malware are extremely complex.  Cleaning utilities have tried valiantly to keep pace, but this endeavor is a losing battle: Anti-virus simply can’t keep up. Malware authors are quicker to adapt their products to circumvent cleaning tools and anti-virus.  As a result, once a machine has downloaded malware, its integrity can never again be fully trusted. Even methods like Windows “System Restore” are not effective, as malware authors have adapted to that strategy by specifically targeting “System Restore” files.

The type of data an assigned person has access to partially dictates what leeway we give.  If he or she has access to data classified as “protected” or “sensitive” by the College’s Data Classification policy, then the threshold is very low: A single detected instance of malware is sufficient to require us to re-image the computer. The College simply cannot risk the confidentiality of “protected” or “sensitive” data.  If the person does not have access to such data, then we may wait to see if malware detections persist, in which case we insist on a re-image. Also, certain viruses are excellent at circumventing any attempts at eradicating them. In these cases, we mandate a re-image.

The best way to avoid a virus-related re-image is to never come in contact with a virus in the first place. Please avoid infection by limiting your use of College-owned computers to College-related purposes. For our part, ITS actively tries to address this by keeping computers current with software updates: the best technological tool in our arsenal.  We are also continually investing in other high-tech means of making it less likely that you encounter malware.

Posted in Security | Comments Off on Why we re-image after a virus infection alert

Data Destruction Day – October 4th

September 26th, 2012 by dshettle

Human Resources and Information Technology Services are pleased to invite you to “Data Destruction Day.” On October 4th, in front of O’Kane on Linden Lane, the College’s shredding partner, ProShred, will be stationed with their paper and hard drive shredding trucks from 9am to 11am. Bring in any paper items, old hard drives, floppy drives, thumb drives, CDs, DVDs, zip drives, and ProShred will physically destroy them onsite.

Faculty & Staff, this is a great opportunity to put those filing cabinets on a weight loss program. Those bankers boxes sitting in the storage room? Those ancient zip disks hiding in the deep dark recesses of your desk? Those mysterious tapes that you don’t even have a computer that could read the format (remember the floppies?)! Bring them. Even bring things from home, with the caveat that the College isn’t responsible for its security (though you’ll get to watch it be destroyed, so don’t let the disclaimer spook you).

All materials destroyed are recycled where possible by ProShred.

Some ground rules:

  • This event is open only to Holy Cross Faculty, Students and Staff. Bring your HC ID.
  • As aforementioned, bring material from home if you’d like, but the College isn’t responsible if you lose it or it otherwise vanishes prior to destruction.
  • Electronic media is limited to hard drives, flash/thumb drives, CD’s, DVD’s, floppy disks, tapes, and zip drives. If you have an old computer, we can help you remove the hard drive that day if you bring in just the system unit (not the monitor, keyboard, etc.).
  • Get the necessary approvals before bringing stuff. Emptying that filing cabinet may seem like a good idea, but make sure none of it is needed any longer. If in doubt, ask.
  • Don’t leave anything you bring to the event unattended.
  • This is NOT an electronics recycling event, so do NOT bring T.V.s, VCRs, monitors, etc.

If you have any questions about the event, don’t hesitate to ask.

Ellen Keohane and David Shettler
Information Technology Services
508-793-2477

Posted in Announce, ITS News, Security | Comments Off on Data Destruction Day – October 4th

New Security Software: Lumension

July 31st, 2012 by dshettle

As a part of the ongoing effort to improve the College’s data security, and as mentioned in my previous email, we are deploying patch management software (Lumension) this week to all College workstations and laptops. The process is automated and will require no action on your part.

Windows users can expect a new icon in their task tray. Mac users will not see any visible changes once the software is deployed, but may experience a firewall popup during the deployment which you should allow.

If you have any questions, please don’t hesitate to ask myself or the helpdesk at extension 3548.

Posted in Security | Comments Off on New Security Software: Lumension

Fun videos about phishing

July 24th, 2012 by dshettle

On Guard Online is a great resource, created by the FTC and several other government agencies, for learning about how to keep yourself safe on the Internet. They have a particularly good page about phishing with examples and games, as well as videos. Below are a few of their videos.

[pageview iframe width=”420″ height=”315″ url=”http://www.youtube.com/embed/e_TALggP0xQ” frameborder=”0″ allowfullscreen]

[pageview width=”420″ height=”315″ url=”http://www.youtube.com/embed/tR64APeWACg” frameborder=”0″ allowfullscreen]

[pageview width=”420″ height=”315″ url=”http://www.youtube.com/embed/yfdXrhOoNrQ” frameborder=”0″ allowfullscreen]

Posted in Security | Comments Off on Fun videos about phishing

Linkedin & eHarmony passwords compromised

June 7th, 2012 by dshettle

Millions of Linkedin and eHarmony passwords have been compromised per various news reports circulating on the Internet and via other media.  Hackers have managed to decipher hundreds of thousands of these passwords and are progressing through them at a rapid pace.

ITS highly recommends changing your password on these services if you utilize them.  In addition, and more importantly, if your Holy Cross network password, passwords you use for third-party College systems, online banking, Facebook or other passwords resemble the ones you utilize for Linkedin or eHarmony, it is extremely important that you change those as well.

Please also be on the alert that scammers are utilizing these breaches to trick you into providing them with your personal information.  There are reports of phishing emails, purporting to be from Linkedin, telling you to change your password, and sending you to a non-Linkedin website to do so.   Instead of clicking links in emails, visit the sites directly by typing in the URL manually.

Posted in Security | Comments Off on Linkedin & eHarmony passwords compromised

Software Updates and Patch Management

May 15th, 2012 by dshettle

The number one cause of computer infections on campus is un-patched software.  Bugs are discovered in software on a regular basis, and some of the bugs can lead to software crashes, which can in turn lead to access of areas of memory on a computer where access shouldn’t be granted.  Hackers use these bugs to inject code into memory, which in turn runs and installs more bad code on the computer.  The end effect is often a computer that is controlled by the attacker, either directly or indirectly.

Often, these bugs are known to the software vendors before they are known to the hackers, or at least prior to the hackers managing to use the bugs to widely infect computers.  Software vendors then issue fixes for these bugs, rendering them inert.  Hackers thrive when we do not apply the fixes our software vendors provide.  Either it would interrupt our work, so we delay the installation for days, weeks, even months, or we’ve disabled or never enabled automatic updates in the first place, and are thus unaware that the vendor has issued fixes.  Software commonly targeted includes the Windows operating system, Java, Adobe products, Firefox, and others.

Hackers have written “Exploit Packs” to take advantage of these holes.  An Exploit Pack is a program that contains dozens, sometimes dozens of dozens of exploits, each designed to attack a single bug in a piece of software.  The program cycles through the exploits, looking for one that’ll succeed, not unlike cycling through a large keyring, looking for the one key that’ll open a door.  These exploit packs are then installed on websites, all around the internet.  Some of them manage to find their way onto legitimate websites, possibly through third party advertising networks, or otherwise.  Two recent outbreaks on campus were distributed like this, the Zeroaccess and Flashback malware, both most frequently delivered via exploit packs targeting known bugs in software.  These exploit packs rely heavily on un-patched software.

In order to address this, the College is rolling out centralized software update management, or patch management.  This enables ITS to ensure that all College computers are kept updated, and makes it substantially more difficult for College computers to get infected.  Just as physical plant doesn’t require you to fix the leak in your ceiling, ITS won’t burden you with fixing the holes in your computers’ software any longer.  We will ensure that critical security updates are applied in a timely manner, and in a manner that is the least disruptive to our work schedules.  Every deployment will be postpone-able for up to 10 hours so that you are able to choose the most convenient time for your system to be rebooted. To the extent possible, patches will be bundled together, so instead of having to deal with the updates for Java, Adobe Reader, Adobe Flash, Firefox, and your operating system updates separately, we will be packaging them all together and deploying them at once, minimizing the time it takes to get updated, and minimizing the number of reboots updating requires.  Most update bundles will only require 1 reboot following the deployment.  Some deployments, in particular initially while your system is getting “caught-up”, will require more reboots.

The software works by having an agent on your computer.  The agent tells the server what patches your system is missing, and the server can then schedule the deployment of the patches.  The server automatically calculates the best way to bundle all the patches required, and knows which patches can have their reboots suppressed, and which cannot.  The server determines the best order to apply the patches in, and then sends the patches to the workstation and applies them.  Following the application, the agent tells you that updates have been applied, and that a reboot is required.  You can choose to reboot then, or tell the agent to remind you later.  You will be given up to 10 hours to reboot.  We have agents for Windows, Mac, and Linux.

In labs and classrooms, these updates will be scheduled to occur at night.  Machines will be woken up if powered off and updated, so that during the day, systems will remain available.  On faculty and staff workstations, these updates will be scheduled as needed, and deployed during the day.  As aforementioned, you will be given the option to delay the required reboots so as not to impact you at an inopportune time.

We will be rolling this out gradually over the coming months, and you’ll receive an email showing you what to expect when we roll it out to you.  If you have any questions, or would like to be in the group of early adopters, don’t hesitate to contact me, David Shettler via email, or at x.3073.

Posted in Security | Comments Off on Software Updates and Patch Management

Phishing Persists

May 14th, 2012 by dshettle

The sophistication of phishing varies greatly.  Our latest example is below.

There is nothing real about this.  The email itself has a strange sender, there are issues with grammar, spelling, and punctuation.  The link points to an unfamiliar URL.   The email isn’t signed by an individual, just a title.  Lastly, the content of the message doesn’t quite jive with what the College is doing, though it is coincidentally close.

The email, however, is clearly targeted at us in education.  This is somewhere between “spear phishing”, where an organization is specifically targeted, and normal phishing.  Unfortunately, it happens to coincide with the recent announcements of our migration to Google mail for faculty and staff, which makes to a tad more believable.  If you click on the link, you are sent to a website that solicits a _lot_ of information:

Here the images are blurry, and the red flags are:

  • It is not on a Holy Cross domain name.
  • It is an insecure URL (no https).
  • It is asking for your username and password.
  • You arrived here from a shady email, not a trusted source.

If you fill this form out, the attackers empty your email account, and begin using your email account to spam others with similar messages.

If you happen to fall victim to this attack, please contact the Helpdesk at x. 3548.

Posted in Security | Comments Off on Phishing Persists

Apple iOS software update 5.1.1 should not be overlooked

May 8th, 2012 by dshettle

Apple has released an update to iOS which fixes various security flaws including one particularly dangerous one affecting Safari on iPhones and iPads. ITS strongly recommends users apply the 5.1.1 update as soon as possible.

The major concern with this particular security advisory is that one of the vulnerabilities listed may allow for “remote code execution”, the security industry’s way of saying “bad things like viruses”.  This may open up the iPhone and the iPad to issues similar to those that Mac computers encountered recently with the Flashback virus: what is often called “Drive-by” infection.  Drive-by infection is so named because the victim need not fall for any tricks, as is common versus a Trojan horse.  Instead, all a victim has to do is visit the wrong place on the web, at the wrong time.

While iPads and iPhones have yet to be a major target for malware, it is this type of hole, combined with the prevalence of the devices, that can lead to an outbreak, and for that reason we strongly recommend upgrading to the latest version.

You can update your device by launching “Settings”, choosing “General”, selecting “Software Update”, and following the on-screen instructions from there.

You can read more about the issue in the following articles:

Posted in Security | Comments Off on Apple iOS software update 5.1.1 should not be overlooked

« Older Entries