Posts by Ian Burke

 
 
 

Cyber Security Awareness Month

Categories: LIS Staff Interest, Middlebury Community Interest, Post for MiddNotes, Post for MiddPoints

Come listen to experts from across the State speak on new technologies and security topics that impact all of us in our daily lives. Learn how you can fall victim to identity theft. Hear how Google Glass could be the next great technology wave and the next great technology threat. This full day event in Middlebury’s McCullough Social Space will run from 9:00 AM to 4:00 PM on October 9th. For more information please visit http://go.middlebury.edu/CSAM.

Open RoadShow on Information Security

Categories: LIS Staff Interest, Middlebury Community Interest, Post for MiddNotes, Post for MiddPoints

LIS Information Security and the LIS Security Team will be hosting a lunch time RoadShow on information security and basic ways to protect yourself while working on Internet connected computers. This discussion is open to the full College community. Please join us Aug. 28th at noon in Davis Family Library room 145. For more information please visit: http://www.middlebury.edu/offices/technology/infosec/education/CBT/RoadShow

Phishing on campus!

Categories: Helpdesk Alert, LIS Staff Interest, Middlebury Community Interest, Phishing, Post for MiddNotes, Post for MiddPoints

Over the last week Middlebury experienced a dramatic increase in the number of successful phishing attacks that resulted in Middlebury user accounts being compromised. A phishing attack is the effort of maliciously using email or a web site to try to unwittingly gain information about another individual. These recent attacks resulted in two distinct outcomes. The first was that many of these accounts were leveraged to generate large amounts of spam. The second result from these compromised accounts is that the attackers attempted to connect to the Middlebury network with the exposed user’s credentials.

This past week many individuals across our campus received an email that looked similar to the one below:

————————————–

Message with “Middlebury” as the display name

 

Dear Member,

You Have 1 New Message

Click here to read

Sincerely,
Middlebury Webmail Service

————————————

The link in this message redirected people to copy of the Middlebury CAS Logon page. Two important things to know about email from Middlebury IT Services. First, Library and Information Services will never ask for your user credentials in an email. Second, if you find yourself on any web page that is asking for credentials, always verify the address in your web browser’s address bar, to ensure that the web page is where you really want to be. Just because a web page has the Middlebury logo does not mean it is always a Middlebury web site.

To protect against phishing remember the following rules:

  1. Never click on any links in a suspicious email.
  2. If you ever receive an unsolicited email  and you do not recognize the sender delete the message.
  3. If you receive an email that requests your credentials or asks you to click a link which takes you to a web site that requests your credentials, do not click the link but rather go to the web site through the institution home page, Middlebury.edu for example.
  4. If you suspect an email is fraudulent delete the message.
  5. If you ever have questions regarding phishing or the content of an email call the Helpdesk.

The Helpdesk will help you determine if the email is legitimate. Please do NOT click on any links in a suspect email message.

If you suspect that you may have recently provided your Middlebury credentials to a fraudulent web site or email address, you should immediately reset your password at go/activate and then contact the Helpdesk.

If you become aware that your Middlebury account has been disabled, you must contact the Helpdesk to resolve.

More information is available at the Middlebury College Information Security web site at go/infoSec or contact the InfoSec office at infosec@middlebury.edu.

 

Ian Burke

Network Security Administrator

Middlebury College

infosec@middlebury.edu

Sophos Update Issue – False Positive – SHH\Updater-B

Categories: LIS Staff Interest, Middlebury Community Interest, Post for MiddNotes, Post for MiddPoints

On 9-19-12 around 5:40PM Sophos pushed an updated signature file which triggered a false positive virus detections identified as SHH\Updater-B. This signature may have fired on a number of different update files including Flash, Google, and most notably Sophos itself. Sophos has corrected this problem. For additional information please see the security website at http://Go/InfoSec.

Java 7 Update 6 Vulnerability

Categories: LIS Staff Interest, Middlebury Community Interest, Post for MiddNotes, Post for MiddPoints

You may have recently heard or read about a new wide-spread exploit concerning Java in mainstream media outlets. LIS is aware of this risk. The major systems used by the College that depend upon Java (e.g. Banner, Hyperion, Nolij, Famis) use an earlier version of Java and are not vulnerable to this exploit. This vulnerability impacts Java 7 update 6 and possibly other versions of Java 7; Java 6 and below are not vulnerable to this exploit.

Java is used for many different applications and you should be thoughtful about your actions before patching, upgrading or removing your version of Java. While Oracle has released a patch for the current vulnerability it has also opened up a new loophole to a known older vulnerability.

Our advice at this time is to NOT update or patch your Java client to version 7. If your Java client has already been updated or patched to version 7, please remove Java completely from your Mac or Windows computer, and then visit http://java.com/en/download/manual_v6.jsp to reinstall version 6. If you are not sure what version of Java you are running  you may visit this URL to verify, http://www.java.com/en/download/installed.jsp.

LIS continues to remain vigilant in safeguarding our critical systems. If you have questions or concerns regarding this post, please contact infosec@middlebury.edu.

Sophos Deployment

Categories: Anti-virus, LIS Staff Interest, Middlebury Community Interest, Post for MiddNotes, software, Sophos

Last month we began the campus rollout of Sophos Anti-virus, which is replacing the Symantec package we have been using for the past several years. We have deployed this anti-virus solution to many Windows based systems across campus. At this point we will continue the deployment to all faculty and staff Windows and Macintosh computers.

For Windows systems this will be delivered across our network using the same mechanism that manages our Windows workstations. To facilitate this deployment we need to ask that all Windows systems be turned off on Friday nights and powered back up on Monday mornings for the next several weekends. The install packages will be pushed across the network when the system is powered back on Monday morning starting March 19th.

If you should need your system over the weekend and you are off campus there will be no impact to this update. It will resume on Monday as scheduled. If you need your computer and are connected to the campus network (other than through the VPN) you will receive the update when you power your computer on.

For the deployment of Sophos to Macintosh computers we will be leveraging a utility called Casper. Casper will allow us to seamlessly remove Symantec and install Sophos. To ensure that Sophos will be successfully installed on your Macintosh system, please install Casper prior to March 16th. For instructions on obtaining Casper please see the Casper installation page at http://go/getcasper. Please note that Casper is licensed for Middlebury-owned systems only.

For information on Sophos please see the FAQ at http://go/sophos. This will answer many questions you may have and should address any issues you may encounter. Prior to the date your system is scheduled for the Sophos install please do the following:

  • Complete any software installs you may have pending, including any Windows Updates.
  • For Macintosh computers, confirm that you have the Self Service application installed in the Application Utility
  • Disable any additional firewalls you may have added beyond the operating system specific firewall. Please note, this is not referring to anti-virus such as Symantec but rather products such as SonicWall.
  • Shut down your system the Friday before the install so that it receives the scheduled install when it powers up on Monday morning.
  • Shut down your system on Monday night (after the scheduled install has occurred).

For faculty and staff who wish to install Sophos on one of their own personal systems, Middlebury is licensed for one copy per employee for home use. To download a copy for your home system please visit the Sophos FAQ at http://go/sophos .

For additional information please see http://go/sophos

 

 

Sophos deployment continues

Categories: Anti-virus, LIS Staff Interest, Middlebury Community Interest, Post for MiddNotes, Post for MiddPoints, software, Sophos

Last week we began the campus rollout of Sophos Anti-virus; which is replacing the Symantec package we have been using for the past several years. Last week we deployed Sophos to systems which are currently running Windows 7.  This week we will be deploying Sophos to Staff systems have yet to be upgraded. This will be delivered across our network using the same mechanism that manages our Windows workstations. To facilitate this deployment we need to ask that all Windows systems be turned off on Friday nights and powered back up on Monday mornings for the next several weekends. The install packages will be pushed across the network according to the following schedule:

  • February 19th: Windows7 systems
  • February 26th: Remaining  Staff workstations
  • March 4th: Remaining Faculty workstations and computers that have not been addressed in prior groups.

If you should need your system over the weekend and you are off campus there will be no impact to this update. It will resume on Monday as scheduled. If you need your computer and are connected to the campus network (other than through the VPN) you will receive the update when you power your computer on.

For information on Sophos please see the FAQ at http://go/sophos. This will answer many questions you may have and should address any issues you may encounter. Prior to the date your system is scheduled for the Sophos install please do the following:

  • Complete any software installs you may have pending, including any Windows Updates.
  • Disable any additional firewalls you may have added beyond the Windows Firewall. Please note, this is not referring to Anti-virus such as Symantec but rather products such as SonicWall.
  • Shut down your system the Friday before the install so that receives the scheduled install when it powers up on Monday morning.
  • Shut down your system on Monday night (after the scheduled install has occurred).

For additional information please see http://go/sophos

Sophos Anti-Virus for Windows Campus Roll-out

Categories: Anti-virus, LIS Staff Interest, Middlebury Community Interest, Post for MiddNotes, Post for MiddPoints, software, Sophos

Next week will begin the campus wide release of Sophos Anti-virus for Windows. This will be delivered across our network using the same mechanism that manages our Windows workstations. To facilitate this deployment we need to ask that all Windows systems be turned off on Friday nights and powered back up on Monday mornings for the next several weekends. The install packages will be pushed across the network according to the following schedule:

  • February 19th: Windows7 systems
  • February 26th: Remaining  Staff workstations
  • March 4th: Remaining Faculty workstations and computers that have not been addressed in prior groups.

For information on Sophos please see the FAQ at http://go/sophos. This will answer many questions you may have and will address many issues you may encounter. Prior to the date your system is scheduled for the Sophos install please do the following:

  • Complete any software installs you may have pending, including any Windows.
  • Disable any additional firewalls you may have added beyond the Windows Firewall. Please note, this is not referring to Anti-virus such as Symantec but rather products such as SonicWall.
  • Shut your system down the Friday before the install so that it powers up the Monday morning of the scheduled install. If you power your system up over the weekend the install will start at that time.
  • Shut your system down the Monday night after the install.

For additional information please see http://go/sophos

 

LIS Replacing Symantec Anti-Virus with Sophos

Categories: LIS Staff Interest, Middlebury Community Interest, Post for MiddNotes, Post for MiddPoints

Dear Middlebury Colleagues:

LIS is in the process of transitioning away from the Symantec anti-virus solution. We will start using Sophos Endpoint Protection to protect ourselves against viruses and malware. This is a product that has wide acceptance in Europe and is rapidly growing in  higher education and medium-sized businesses in the United States.

Sophos will initially mirror much of what Symantec offered with more thorough coverage of malware, web threats and other malicious content. We will also be offering Sophos to those students that are interested. Sophos Endpoint protection also offers an additional collection of features, such as data classification, device control, mobile device management, and patch monitoring, and we may start using those new features in the future.

Over the next month LIS will be testing installation with subsets of the campus, with a plan to then begin a campus-wide deployment in February. As we move forward additional information will be provided to the campus community. Please feel free to contact LIS Security (iburke@middlebury.edu/ x5368) with any questions.

For additional information see: http://sites.middlebury.edu/lis/2012/01/17/sophos-project-timeline/

Sincerely,
Ian Burke
LIS Network Security Administrator
x5386
iburke@middlebury.edu