IT Security and Privacy
News items of interest to UC Berkeley system and network security administrators.
Encryption services from IST
Pointsec for PC and Encrypting File System (EFS) are two free encryption services now offered by SNS for campus faculty and staff who must store restricted campus data on their local workstations instead of on secure, centralized file servers. May 14, 2008.
SNS announces the Aggressive IP Distribution (AID) list to help protect campus computers
IST's System and Network Security (SNS) group now offers the AID list, a service that identifies Internet IP address locations from which SNS has seen aggressive attacks being launched towards campus hosts. May 5, 2008.
Spear phishing scams targeting universities
This latest round of phishing emails claim to be sent from the university's email administrators, requesting verification of email accounts. CalMail and SNS have received reports of attempts targeting UC Berkeley. Note that the CalMail team will never ask for your password. If you receive an email you are not sure about, do not reply to it. Instead, forward it to CalMail consulting, consult@berkeley.edu, or SNS, security@berkeley.edu. February 20, 2008.
New security tools and services from SNS
IST-SNS has recently developed some new security tools and services to help the campus with system and data security needs. Offerings include a new and improved tool for finding restricted data stored on local computers, management services for Symantec Client Security software, and encryption services including key management and data recovery. February 14, 2008.
Updates to the Restricted Data Management (RDM) application
The RDM application for registering campus systems that store or host restricted data has been enhanced to include: tracking the approximate number of records for each type of restricted data; uploading encryption key data for secure storage within the application; and better tracking for internal IST staff of restricted data stored on IST hosted systems. February 14, 2008.
Introducing AppScan Enterprise to UC Berkeley
SNS has purchased IBM's AppScan Enterprise (ASE), a web-based multi-user application vulnerability testing and reporting solution, to examine all web applications collecting, storing, or utilizing restricted data for vulnerabilities to web application attack vectors. All web applications registered with IST's Restricted Data Management system will automatically be scanned with ASE. IST-Web Applications will be working with SNS to develop training and remediation services for the campus so that problems can be fixed as soon as they are identified. February 5, 2008.
Research and advisory services from Burton Group
The Office of the CIO and the campus Information Technology Architecture Committee (ITAC) are pleased to announce the availability of three research and advisory services from Burton Group, an organization that provides in-depth, vendor-independent research and advisory services focused on enterprise IT infrastructure technologies: Application Platform Strategies, Collaboration and Content Strategies, and Identity and Privacy Strategies. These services are available to all UC Berkeley employees. January 24, 2008.
Symantec Client Security software updates
The campuswide site license for the Symantec host-based security software (antivirus and firewall) has been renewed for another year. Expected changes to the software in the coming year include a new version of the Symantec Client Security suite with central management features, and a new major release of the client security software for Windows. September 20, 2007.
Unsupported software and the Minimum Security Standards
In order to protect systems from compromise due to outdated software, campus networked computers must migrate to alternative products when vendor support for software is dropped. Common software products on the campus network with discontinued vendor support include Eudora, SSH Secure Shell, AbsoluteFTP, CRT, and older versions of Microsoft Windows and Mac OS. September 20, 2007.
UC Berkeley's Connecting@Berkeley CD to focus on security
The release of the C@B CD for the 2007-08 academic year will take place in two stages: version 2007.1, a modest update to the 2007.0 CD released last year, to be released at the start of the fall 2007 semester; and version 2008 that will include major updates to the security software, to be released later during the academic year. Both versions will be available for the Windows and Macintosh platforms. August 21, 2007.
