Skip to Search
Skip to Navigation
Skip to Content

University of Connecticut University Information Technology ServicesInformation Security Office

Information Security Office - About Us

Our Mission

The mission of the Information Security Office (ISO) is to design, implement and maintain an information security program that protects the University's systems, services and data against unauthorized use, disclosure, modification, damage and loss. The ISO is committed to engaging the University community to establish an appropriate information security governance structure that enables collaboration and support for new information security initiatives.

Contact

The UITS Information Security Office can be contacted by email or phone.
UITS Information Security Office
P: 860.486.4357 (HELP)
E: security@uconn.edu

Author Archive

Windows Critical Remote Desktop Vulnerability

Wednesday, March 14th, 2012

I wanted to take a moment to issue a warning to everyone running Windows with RDP enabled: a remotely exploitable vulnerability has been reported by Microsoft and its partners. We consider the potential scope and impact of this issue to be significant.

A hotfix is currently available, and all affected systems should be updated as soon as possible.

Systems affected: Windows XP SP2+, Windows Server 2003 SP2+, Windows 7 all versions, and Windows 2008 R2 all versions (though those using RemoteFX have a lower severity because the remote desktop service is not running with system privileges).

Please see the following links for more information.

http://technet.microsoft.com/en-us/security/bulletin/ms12-020
http://blogs.technet.com/b/srd/archive/2012/03/13/cve-2012-0002-a-closer-look-at-ms12-020-s-critical-issue.aspx

Posted in Microsoft | No Comments »

Secure File Sharing using Filelocker

Wednesday, June 1st, 2011

UITS is pleased to announce the availability of a new web-based service which will allow all UConn Faculty, Staff, and Students the ability to share electronic files securely. The service, named Filelocker, may be accessed through a web browser at the address http://filelocker.uconn.edu. The Filelocker page contains help files as well as a “Login” link on the left side of the page. The application must be entered using a UConn NetID and password.

The features of Filelocker include:

- The ability to use a password to encrypt files in order to protect sensitive data

- Uploading electronic files to a secure storage area, storing them there for a fixed amount of time, and accessing them from anywhere with an internet connection

- Sharing files with other UConn Faculty, Staff, and Students

- Automatic email notifications of file sharing requests and file download activity

- The ability to securely share files with individuals who do not have a UConn NetID

The Filelocker implementation is a component of the Information Security Office’s larger commitment to protect the University’s most sensitive data. Other efforts include Information Security Awareness video-based training for UConn Faculty, Staff, and Student employees accessible through HuskyCT; a forthcoming overhaul of the current Network Registration (NetReg) system (http://safeconnect.uconn.edu); and an upcoming initiative to search computer hard drives, web sites, and databases for Personally Identifiable Information in order to remove or protect it.

UITS anticipates the Filelocker application to be a successful tool for UConn Faculty, Staff, and Students to securely manage electronic file sharing and welcomes your feedback and questions:

UITS Help Center

(860)486-4357, Option #3

helpcenter@uconn.edu

Posted in Data Loss, PII | No Comments »

The Future of Reputation: Gossip, Rumor, and Privacy on the Internet

Thursday, February 3rd, 2011

Dan Solove (http://docs.law.gwu.edu/facweb/dsolove/) is delivering a talk at Cornell this evening.  The talk will be streamed live at the URL below.

The Future of Reputation: Gossip, Rumor, and Privacy on the Internet

Thursday, February 3, 8-9:30 pm

Robert Purcell Community Center Auditorium, or go to www.ucpl.cornell.edu for a live stream

Social media offer unimagined opportunities for personal expression and communication, but there’s a downside.  A trail of our personal information is preserved and instantly available in a Google search. A permanent chronicle of our private lives—often dubious and sometimes totally false—follows us, accessible to anyone who cares to look.  Scope and amplification extend far and wide.

In a world where anyone can spill out their—and others’—most personal secrets to a world-wide audience, how should we balance privacy and free speech?  How should the law protect people when harmful gossip and rumors are spread about them on the Internet?

Tags:
Posted in Uncategorized | No Comments »

Records Retention

Tuesday, January 4th, 2011

The CT State Library has approved the S6 – Information Systems Records Retention requirements document.  It’s available at:

http://www.cslib.org/publicrecords/retstate.htm

(Unfortunately the Audio portion of that presentation didn’t get recorded, so I am not bothering to post it).

Tags: ,
Posted in Lunch and Learn, Policy and Procedures, Security Awareness | No Comments »

Researcher Demoted After SSN Data Exposed

Monday, October 25th, 2010

The following article illustrates how seriously data breaches are being taken by some Universities.  The article doesn’t provide any specific details into what factored into the decision, or any IRB compliance issues.  The extreme risk off unintended data exposure across all of higher-ed will make this an interesting issue to follow.  I’ll post updates as I see them.

Chapel Hill Researcher Fights Demotion After Security Breach

An update to this:

Arguments Regarding Responsibility of Data Breach

Tags: ,
Posted in Data Loss | No Comments »

UITS Applying Out of Band Patch

Monday, August 2nd, 2010

Malware leveraging the current .lnk vulnerability is actively attempting to exploit Windows clients and servers.   The Internet Storm Center recommends patching immediately (http://isc.sans.edu/diary.html?storyid=9313).

UITS will be patching all Windows Servers starting at 2:30 PM EST.  (http://itstatus.uconn.edu).

Please review post Friday’s post for additional information.

We recommend you patch your systems as soon as possible.

Posted in Microsoft | No Comments »

July 20th Lunch & Learn Content

Monday, August 2nd, 2010

The content from Jason Pufahl’s presentation of the Information Security Master Plan.

Presentation Materials

Information Security Master Plan

Master Plan Presentation – Slides

Posted in Lunch and Learn | No Comments »

Microsoft – Out of Band Patch Being Released on 8/2

Friday, July 30th, 2010

Microsoft will release a patch on 8/2, to address the current .lnk vulnerability.  Please review the following sites for additional information:

July 16th – Microsoft Advisory

July 30th – Microsoft Advanced Patch Notification

CVE Notification (contains additional references)

We recommend applying this patch as soon as possible after it’s released.

Tags:
Posted in Microsoft | No Comments »

Lunch And Learn Series

Monday, July 19th, 2010

UITS has been presenting technical information sessions in the form of “Lunch & Learns” for the past year.  These sessions have proven to be informative and well-attended, but have lacked a few amenities (most notably the ability to conveniently eat lunch).  Going forward, we are expanding the scope of topics and opening them to a larger audience.  Please join us on the 3rd Tuesday of the month (except for October 12) in the Student Union Ballroom Room 331.

Here is a link for the Lunch and Learn sessions with a current list of topics and presenters, as well as a link to the UConn Events Calendar.   The topics are still evolving, and we hope to have that list completed soon.  If you have a topic you wish to present, or have an idea for topics, please contact Jason Pufahl.

This first session, “The Information Security Master Plan and Risk Matrix”  is described below.  It will be held 12:00Noon-1:00PM, Tuesday, July 20th in the Student Union Ballroom Room 331.

The Information Security Office will present the initial draft of the Information Security Master Plan and Associated Risk Matrix.  This will be an opportunity to see where the Security Office sees the most significant threats and outline the current proposed approaches for addressing these threats.  I will keep the presentation to 30 minutes so that there will be ample time for discussion, questions and feedback.  This will also be an opportunity to offer input into the current strategies and overall plan.

Please share this with anyone you think may be interested, and we hope to see you there.

Tags:
Posted in Lunch and Learn | No Comments »

Google Article on Google Apps Security

Friday, June 18th, 2010

Google recently posted a white paper regarding the Google Apps security model along with some other interesting information pertinent if schools are exploring using Google Apps for their school.

Official Google Enterprise Blog: Security First: Protecting your data with Google Apps.

Tags: , ,
Posted in Uncategorized | No Comments »