IT Security and Privacy
News items of interest to UC Berkeley system and network security administrators.
Symantec security software now available to staff retirees
The UC Berkeley Retirement Center and Information Services and Technology are pleased to announce that Symantec security software is now available for staff retirees subscribed to CalMail through the Retirement Center. Retirees can download the latest versions of Symantec and other useful software from Software Central. November 18, 2009.
Campus Guidelines for Kiosk Workstations
The Campus Guidelines for Kiosk Workstations are a limited set of basic guidelines departments should follow if they provide workstations that are available for use by the general public. The guidelines focus primarily on configuring kiosk machines to minimize the chance that users will inadvertently leave themselves logged in when they leave a public workstation, and educating kiosk users so that they don't inadvertently leave themselves logged in to a public workstation. October 27, 2009.
NAV for Macintosh 11.0.3 available to campus users of Mac OS 10.6 (Snow Leopard)
As you may be aware, the latest Mac OS release, 10.6 "Snow Leopard", is not compatible with the campus site-licensed antivirus software, Symantec AntiVirus (SAV) for Macintosh 10.2.1. To cover the antivirus needs of Mac OS 10.6 users, Symantec has made the recently released 10.6–compatible Norton software, Norton AntiVirus (NAV) for Macintosh 11.0.3, available to UC Berkeley until the updated version of SAV for Macintosh is released. This software is now available for download on Software Central, under "Early Adopters" in the Symantec AntiVirus section. September 18, 2009.
Proventsure replaced by IdentityFinder
The campus license for the Proventsure software suite, the tool campus users currently use to identify restricted data stored on campus computer systems, will expire July 31, 2009. IdentityFinder is the replacement tool that is now available free of charge to the campus community. July 22, 2009.
Before sourcing your technology...
A variety of technology support services such as email, blogging, webhosting, collaborative tools, and data management are available from outside organizations and companies. These services may offer great utility, the latest technology, low cost, and other very attractive benefits, but there are risks. This article discusses the importance of a departmental or campus review before sourcing any technological service. April 7, 2009.
Finding restricted data on campus computer systems
Over the last two years, System and Network Security (SNS) has tested and distributed various restricted data search tools to the campus. Earlier solutions offered some success, but limitations have motivated us to continue to look for better solutions. Our current scanning program offers several restricted data identification tools, ranging from self-assessment software to service-based clients reporting to a central management console. March 30, 2009.
Annual credit-card compliance process
In order to conduct credit-card transactions, merchants must meet the security standards set by the Payment Card Industry (PCI) Security Standards Council. Every year, the UC Berkeley Controller's office must submit an attestation confirming that campus merchants have implemented their credit-card acceptance solutions in a manner that adheres to the Payment Card Industry Data Security Standard (PCI DSS) Requirements and Security Assessment Procedures. This article explains how the certification process works. March 5, 2009.
Security alert update: Internet Explorer 0-Day exploit
Microsoft has released Security Update for Internet Explorer (960714) to address the vulnerability in all currently supported versions of Internet Explorer. The patch is available from the campus WSUS service. December 17, 2008.
Security alert: Internet Explorer 0-Day exploit
A new Internet Explorer (IE) exploit is being used to compromise Windows systems. At this time, the only preventative option available is to use a browser other than IE such as Firefox, Opera, or Safari. Microsoft has announced it will release an out-of-cycle patch for this bug tomorrow, December 17. System and Network Security strongly encourages everyone who uses IE to be sure to apply this patch as soon as it becomes available. December 16, 2008.
New departmental security contact registration application
The campus Departmental Security Contact Policy requires each department to appoint a security contact who can be notified in the event of a computer or network security incident. SNS has available a new web-based application that allows these security contacts to view, update, and maintain their own list of IP addresses and contact information. August 29, 2008.
