Agenda
Posterboard 
Month 
Week 
Day 
Beginning Monday 9/17 computer systems that access the network without properly configured AntiVirus configuration will receive a web page warning with instructions on how to fix the problem. Warnings will be sent weekly until the configuration is correct. Please visit http://antivirus.uconn.edu/ for more information about available AntiVirus.
The Information Security Office's weekly security tip provides information on possible network threats and general security knowledge. Keep yourself secure by participating in our weekly series and sharing these tips with your friends!
The Information Security Office's releases videos on a regular basis that are intended to make the UConn community more security conscious.
HuskyHunt is the Information Security Office's annual security scavenger hunt for students. Weekly security riddles are given and solutions are posted around campus. The student with the most points at the end of the hunt wins! Congratulations to the winner of the Fall 2012 HuskyHunt challenge, Geri R!
secureU is a new program developed by the Information Security Office of interrelated sub-programs focused on addressing individual security initiatives. Together these sub-programs begin to form a dynamic shield to protect UConn's resources from malicious viruses, malware, and personal information theft.
secureU employs a team of student information security analysts, which are tasked with assisting in the process of finding and remediating PII (Personally Identifiable Information) found on University-owned computers.
The secureU team utilizes such software as Identity Finder in order to find and remediate sensitive data on computers, helping to prevent loss and identity theft.
The secureU team frequently goes out of their way to provide stellar customer service, and communicate to customers via phone, email, and face-to-face appointments.
The secureU student security analyst team, pictured in part.
The hardworking lady helping behind the scenes to make sure everything flows smoothly within the Information Security Office!
- UConn Joins ‘eduroam’ Group for Worldwide Internet Access | UConn Today: http://t.co/K1C6VKmz0s via @UConn
- While everyone was watching the first #StanleyCup game, a brute force attempt at your password could have guessed 1.48 billion times.
- RT @edswindelles: Attending @splunk Live in Cambridge. Coming up soon is @jasonpufahl representing the @UConnISO!
- RT @GovMalloyOffice: Gov Malloy's #NextGenCT proposal for a major expansion at @UConn & creating thousands of jobs received final approval …
- RT @r_netsec: The Risks of Microsoft Exchange Features that use Oracle Outside In - http://t.co/XYg46me3Qr
- XKCD has some pretty creative and informative comics regarding information security http://t.co/ILToHahFwH
- Hey all, this account is now under new management. I'm so excited I can't even bear it! http://t.co/h68gzHLyKR
- Protect your identity @UConn - watch our latest video to learn how http://t.co/6nqGwcuMex via @youtube
- RT @akmolloy: Link to #UConnVPC presentation that @rotoole and I are giving today at #nercomp_desktop13 http://t.co/6xokXc66bn (we miss @ed…
- @UConn @ITStatus http://t.co/VGKQmzjZEs
Welcome to the Information Security Office homepage!
The Information Security Office at the University of Connecticut is responsible for effectively managing security risks to the information technology assets at the University. The strategic objectives of the Information Security Office include: data loss prevention, the improved security of system and network services, proactive risk management, and crisis and security incident management.
Java Vulnerability
Tuesday - August 28, 2012 by mil02006
There is a new vulnerability in Java software that puts most computers running Java at risk to system compromise. The current recommendation is to disable Java. Please keep an eye on this situation and install a patched version of Java once it becomes available. See the US-CERT alert for more details:
New Information Security Policy Manual!
Tuesday - May 22, 2012 by Mick DiGrazia
The University of Connecticut recently adopted new Information Technology Security policies following a lengthy period of review. The new policies were updated in order to consolidate and clarify individual expectations for information security at the University, to adhere to a common security policy and compliance framework, and to ensure that critical security elements were addressed.
The Information Security Policy Manual provides the foundation for the University’s information security initiatives and can provide guidance to employees, students, and users of the University’s technology. It can be found here: http://policy.uconn.edu/?p=2314
“Employees should be aware of the polices and requirements and should understand their responsibilities in protecting the University’s IT resources and data,” said Jason Pufahl, director of IT security at UConn.
The Information Security Office will embark on a campaign for security awareness and implementation of security controls. However, protecting the University’s data and systems is something that all employees and students are responsible for.
“Managers should ensure that staff members are familiar with the new policies and discuss the impacts and outcomes of the policies for their specific areas,” said Pufahl.
To assist employees with better understanding how to protect data, information security awareness training is available for all UConn employees through HuskyCT: http://huskyct.uconn.edu.
For questions about the policies or the Information Security Awareness training please email security@uconn.edu.
RDP Block
Wednesday - March 21, 2012 by mil02006
The University has decided to block direct Remote Desktop Protocol (RDP) access to campus computing resources due the amount of attacks targeted at it and the recent vulnerability patched by Microsoft. University members can gain RDP access by using Virtual Private Networking (VPN) at http://vpn.uconn.edu/.
Windows Critical Remote Desktop Vulnerability
Wednesday - March 14, 2012 by Jason Pufahl
I wanted to take a moment to issue a warning to everyone running Windows with RDP enabled: a remotely exploitable vulnerability has been reported by Microsoft and its partners. We consider the potential scope and impact of this issue to be significant.
A hotfix is currently available, and all affected systems should be updated as soon as possible.
Systems affected: Windows XP SP2+, Windows Server 2003 SP2+, Windows 7 all versions, and Windows 2008 R2 all versions (though those using RemoteFX have a lower severity because the remote desktop service is not running with system privileges).
Please see the following links for more information.
http://technet.microsoft.com/en-us/security/bulletin/ms12-020
http://blogs.technet.com/b/srd/archive/2012/03/13/cve-2012-0002-a-closer-look-at-ms12-020-s-critical-issue.aspx
Confidential Data Elimination Information Session
Monday - October 24, 2011 by Mick DiGrazia
Like most modern organizations, the University of Connecticut handles copious amounts of data. Some data in use at the University may be Personally Identifiable Information (PII), which is data that can be used to uniquely identify a person. In many cases, identity theft is carried out using PII, so it is important that the University protects the data in its possession.
In an email addressed to the University community on October of 2010, the President of the University of Connecticut began a “comprehensive and deliberate effort to address computer security concerns,” specifically addressing the need to protect sensitive University data. To read the President’s full message, visit http://security.uconn.edu/confidential-data-handling/president-austins-message-regarding-information-security/.
On Thursday, November 3, 2011 the UConn Information Security Office will hold an information session to detail what is being done to address this initiative and how it affects University faculty and staff. The details of the information session follow:
- Thursday, November 3, 2011
- 10:30am – 12:00pm
- Student Union Ballroom, SU330
If you would like to learn more about how the University is planning to protect PII attend the Information Session or contact the Information Security Office at security@uconn.edu.
Security Awareness Training Updated
Monday - August 15, 2011 by Mick DiGrazia
The University of Connecticut Information Security Awareness training has been updated with new content and an improved layout. The updated training is now available through HuskyCT (Blackboard), and is available for all University faculty and staff. To access the training:
- Open a web browser (i.e., Internet Explorer, Firefox)
- Open HuskyCT (Blackboard) http://huskyct.uconn.edu
- Click Login
- Enter your UConn NetID and password
- Click on the link “Information_Security – Information Security Awareness Training” located in your Course List
- Click on “UConn Information Security Awareness” to begin the video-based instruction
The Information Security Awareness training is highly encouraged for all UConn employees and is a major component of our overall strategy to improve IT security at UConn. Technology alone will not protect the University from data loss or the cyber threat that could compromise our sensitive data, intellectual property, research data, technology resources, students, staff, and faculty. To assist departments, schools, colleges, faculty, and staff in implementing local and individual protections, the University Information Security Office has partnered with SANS, a worldwide leader in Information Security training, to provide all UConn faculty and staff with on-line Information Security Training. This engaging, professional, video-based training is presented in 1 to 7 minute segments and should take between 45 to 60 minutes to complete. The entire training does not have to be viewed in a single sitting; videos can be viewed individually and paused for your convenience.
You may direct questions regarding the use of the HuskyCT system to the UITS Help Center, 860.486.4357. Send specific security questions to security@uconn.edu.
Secure File Sharing using Filelocker
Wednesday - June 1, 2011 by Jason Pufahl
UITS is pleased to announce the availability of a new web-based service which will allow all UConn Faculty, Staff, and Students the ability to share electronic files securely. The service, named Filelocker, may be accessed through a web browser at the address http://filelocker.uconn.edu. The Filelocker page contains help files as well as a “Login” link on the left side of the page. The application must be entered using a UConn NetID and password.
The features of Filelocker include:
- The ability to use a password to encrypt files in order to protect sensitive data
- Uploading electronic files to a secure storage area, storing them there for a fixed amount of time, and accessing them from anywhere with an internet connection
- Sharing files with other UConn Faculty, Staff, and Students
- Automatic email notifications of file sharing requests and file download activity
- The ability to securely share files with individuals who do not have a UConn NetID
The Filelocker implementation is a component of the Information Security Office’s larger commitment to protect the University’s most sensitive data. Other efforts include Information Security Awareness video-based training for UConn Faculty, Staff, and Student employees accessible through HuskyCT; a forthcoming overhaul of the current Network Registration (NetReg) system (http://safeconnect.uconn.edu); and an upcoming initiative to search computer hard drives, web sites, and databases for Personally Identifiable Information in order to remove or protect it.
UITS anticipates the Filelocker application to be a successful tool for UConn Faculty, Staff, and Students to securely manage electronic file sharing and welcomes your feedback and questions:
UITS Help Center
(860)486-4357, Option #3
Apple Releases Security Update 2011-003
Wednesday - June 1, 2011 by Mick DiGrazia
Apple has released a security update for OS X which improves anti-malware detection and removal. Specifically, the security update will automatically detect and remove Mac Defender, OS X malware designed to steal credit card numbers through paying for removal software.
It is recommended that all users of Apple OS X use Software Update and apply Security Update 2011-003 to their computers to enable malware protection for their Mac’s.
More information:
Web Application Development Services at UConn
Tuesday - March 1, 2011 by jmg01005
Yi Zhang
The Web Development Lab has been improving the day-to-day lives of University educators and administrators for over 10 years through the development of custom web applications. We will briefly demonstrate a few recent projects to showcase the variety and complexity of services offered by the Web Lab.
If you are interested in utilizing web technology to improve your work processes, be it through online forms, research databases, or something truly unique, this will be a valuable session to you.
Zhang – Lunch & Learn – Slides
[display_podcast]