New Information Security Policy Manual!

Tuesday - May 22, 2012 by

The University of Connecticut recently adopted new Information Technology Security policies following a lengthy period of review. The new policies were updated in order to consolidate and clarify individual expectations for information security at the University, to adhere to a common security policy and compliance framework, and to ensure that critical security elements were addressed.

The Information Security Policy Manual provides the foundation for the University’s information security initiatives and can provide guidance to employees, students, and users of the University’s technology. It can be found here: http://policy.uconn.edu/?p=2314

“Employees should be aware of the polices and requirements and should understand their responsibilities in protecting the University’s IT resources and data,” said Jason Pufahl, director of IT security at UConn.

The Information Security Office will embark on a campaign for security awareness and implementation of security controls. However, protecting the University’s data and systems is something that all employees and students are responsible for.

“Managers should ensure that staff members are familiar with the new policies and discuss the impacts and outcomes of the policies for their specific areas,” said Pufahl.

To assist employees with better understanding how to protect data, information security awareness training is available for all UConn employees through HuskyCT: http://huskyct.uconn.edu.

For questions about the policies or the Information Security Awareness training please email security@uconn.edu.

Posted in Uncategorized | No Comments »

RDP Block

Wednesday - March 21, 2012 by

The University has decided to block direct Remote Desktop Protocol (RDP) access to campus computing resources due the amount of attacks targeted at it and the recent vulnerability patched by Microsoft.  University members can gain RDP access by using Virtual Private Networking (VPN) at http://vpn.uconn.edu/.

Posted in Uncategorized | No Comments »

Windows Critical Remote Desktop Vulnerability

Wednesday - March 14, 2012 by

I wanted to take a moment to issue a warning to everyone running Windows with RDP enabled: a remotely exploitable vulnerability has been reported by Microsoft and its partners. We consider the potential scope and impact of this issue to be significant.

A hotfix is currently available, and all affected systems should be updated as soon as possible.

Systems affected: Windows XP SP2+, Windows Server 2003 SP2+, Windows 7 all versions, and Windows 2008 R2 all versions (though those using RemoteFX have a lower severity because the remote desktop service is not running with system privileges).

Please see the following links for more information.

http://technet.microsoft.com/en-us/security/bulletin/ms12-020
http://blogs.technet.com/b/srd/archive/2012/03/13/cve-2012-0002-a-closer-look-at-ms12-020-s-critical-issue.aspx

Posted in Microsoft | No Comments »

Confidential Data Elimination Information Session

Monday - October 24, 2011 by

Like most modern organizations, the University of Connecticut handles copious amounts of data. Some data in use at the University may be Personally Identifiable Information (PII), which is data that can be used to uniquely identify a person. In many cases, identity theft is carried out using PII, so it is important that the University protects the data in its possession.

In an email addressed to the University community on October of 2010, the President of the University of Connecticut began a “comprehensive and deliberate effort to address computer security concerns,” specifically addressing the need to protect sensitive University data. To read the President’s full message, visit http://security.uconn.edu/confidential-data-handling/president-austins-message-regarding-information-security/.

On Thursday, November 3, 2011 the UConn Information Security Office will hold an information session to detail what is being done to address this initiative and how it affects University faculty and staff. The details of the information session follow:

  • Thursday, November 3, 2011
  • 10:30am – 12:00pm
  • Student Union Ballroom, SU330

If you would like to learn more about how the University is planning to protect PII attend the Information Session or contact the Information Security Office at security@uconn.edu.

Posted in Uncategorized | No Comments »

Security Awareness Training Updated

Monday - August 15, 2011 by

The University of Connecticut Information Security Awareness training has been updated with new content and an improved layout. The updated training is now available through HuskyCT (Blackboard), and is available for all University faculty and staff. To access the training:

  1. Open a web browser (i.e., Internet Explorer, Firefox)
  2. Open HuskyCT (Blackboard) http://huskyct.uconn.edu
  3. Click Login
  4. Enter your UConn NetID and password
  5. Click on the link “Information_Security – Information Security Awareness Training” located in your Course List
  6. Click on “UConn Information Security Awareness” to begin the video-based instruction

The Information Security Awareness training is highly encouraged for all UConn employees and is a major component of our overall strategy to improve IT security at UConn. Technology alone will not protect the University from data loss or the cyber threat that could compromise our sensitive data, intellectual property, research data, technology resources, students, staff, and faculty.  To assist departments, schools, colleges, faculty, and staff in implementing local and individual protections, the University Information Security Office has partnered with SANS, a worldwide leader in Information Security training, to provide all UConn faculty and staff with on-line Information Security Training. This engaging, professional, video-based training is presented in 1 to 7 minute segments and should take between 45 to 60 minutes to complete. The entire training does not have to be viewed in a single sitting; videos can be viewed individually and paused for your convenience.

You may direct questions regarding the use of the HuskyCT system to the UITS Help Center, 860.486.4357. Send specific security questions to security@uconn.edu.

Posted in Security Awareness | No Comments »

Apple Releases Security Update 2011-003

Wednesday - June 1, 2011 by

Apple has released a security update for OS X which improves anti-malware detection and removal. Specifically, the security update will automatically detect and remove Mac Defender, OS X malware designed to steal credit card numbers through paying for removal software.

It is recommended that all users of Apple OS X use Software Update and apply Security Update 2011-003 to their computers to  enable malware protection for their Mac’s.

More information:

Apple Support Article

SANS Internet Storm Center

Tags: ,
Posted in Advisory | No Comments »

Web Application Development Services at UConn

Tuesday - March 1, 2011 by

Yi Zhang

The Web Development Lab has been improving the day-to-day lives of University educators and administrators for over 10 years through the development of custom web applications. We will briefly demonstrate a few recent projects to showcase the variety and complexity of services offered by the Web Lab.

If you are interested in utilizing web technology to improve your work processes, be it through online forms, research databases, or something truly unique, this will be a valuable session to you.

Zhang – Lunch & Learn – Slides

Posted in Uncategorized | No Comments »

Security Policy Review

Friday - February 18, 2011 by

The Information Security Office is currently in the process of redeveloping the University’s Information Security policies.  We have posted these policies on the Information Security website and are asking the University Community to review and provide feedback.

The goals of the Security Policy Review have been to:

  1. Reduce the total number of Information Security policies (currently there are 29; there are 12 new Information Security Policies)
  2. Use common information security frameworks and regulations (ISO 27001, HIPAA, FERPA etc.) as a framework for University policies
  3. Make the information security policy more relevant and practical to how University faculty and staff conduct their business

What you can do to help:

  1. Click on the following link for the Information Security Office Request for Comments page: http://security.uconn.edu/?page_id=256
  2. Review each of the policies and\or supporting documentation (notated with “Draft” in the title)
  3. Post comments for improvements on the web page using the “Leave a comment” feature

Comments for the policies will be closed on March 18, at which point the policies will undergo a final revision using the feedback collected. The policies will then move forward to replace current information security policy.

If you have questions or feedback on this process please email security@uconn.edu

Posted in Policy and Procedures | No Comments »

New Windows 0-day SMB vulnerability

Wednesday - February 16, 2011 by

A new vulnerability has been discovered exploiting SMB component of Windows. The attack involves sending of malformed Browser Election requests leading the heap overflow within the mrxsmb.dll driver. The vulnerability is known to be able to cause DoS and fully control of vulnerable machines. Proof of concept code for DoS had been released. There are reports that this exploit only work on local network segment (this hasn’t been verified).

The general practice of block port 138, 139 and 445 should be observed especially with this 0-day.

More information on this exploit:

http://www.vupen.com/english/advisories/2011/0394

Source: http://isc.sans.edu/diary.html?storyid=10423&rss

Posted in Microsoft | No Comments »

« Older Entries

Footer Links

© University of Connecticut
Text Only Options

Top of page

Text Only Options

Open the original version of this page.

Usablenet Assistive is a UsableNet product. Usablenet Assistive Main Page.