Category: Information Security
When will this change happen?
Monday 10/29 through Friday 11/2
*Due to Hurricane Sandy this update will only take place Tuesday 10/30 through Friday 11/2
What is changing?
McAfee is being upgraded from an unmanaged installation to a managed installation using McAfee ePolicy Orchestrator (ePO)
If you do not have McAfee installed it will not be installed on your system this is only an upgrade to existing McAfee installations.
Why is this change happening?
- McAfee ePO allows BUMC IT to set the same antivirus policies on all Windows computers
- McAfee virus definition updates can be pushed out and updated to ensure your computer has the most recent version instead of relying on a set schedule that requires your computer to be on when it is scheduled
- Virus infections will be reported back to a central server so threats can be analyzed by BUMC IT staff
- New versions and patches to McAfee can be quickly deployed to all computers to reduce errors and improve the functionality of McAfee
- Computers which have McAfee disabled and/or who have outdated virus definitions can be identified then updated by BUMC IT staff before they are infected
What change will I see?
In the lower right corner of your computer (near the clock) you will see the following icon meaning your computer has McAfee antivirus installed.
After the upgrade, the icon will change to this.
*If you don’t see either McAfee shield above on your computer please contact the BUMC IT service desk at 617-638-5914
What computers are affected by the change?
All Windows computers that have been setup and are managed by BUMC IT will have McAfee Antivirus installed. Computers that have been setup and are managed by BUMC IT will have one of the following tags on them. If you are on a BMC computer you are not affected by this change.
If you have any questions about the change please feel free to contact the BUMC IT Service Desk at 617-638-5914
Win cash, gain experience, and earn international recognition with one short video or a poster!
The EDUCAUSE & Internet2 Higher Education Information Security Council (HEISC) is conducting a contest in search of short information security awareness videos and posters developed by college students for college students. The contest seeks creative, topical, and effective videos (two minutes or less) and posters that focus attention on information security problems and how best to handle them.
Winners will receive cash prizes, and their videos and posters will be featured on the HEISC website (www.educause.edu/security). The winning videos and posters may be used in campus security awareness campaigns.
A gold, silver, and bronze prize will be awarded in three categories—training films of two minutes or less, 30-second public service announcements (PSAs), and posters—for a total of nine cash prizes. Honorable mention prizes will also be awarded.
Cash prizes for videos
- Gold: $2,000
- Silver: $1,500
- Bronze: $1,000
Cash prizes for posters
- Gold: $1,500
- Silver: $1,000
- Bronze: $500
Deadline: March 8, 2013.
For more information, visit http://www.educause.edu/SecurityVideoContest.
BUMC IT will be in the BUSM Lobby on Monday (10/1), Wednesday (10/3) & Friday (10/5) from 11am-2pm to provide information and answer questions about information security as well as help you properly get rid of old computer hard drives. Bring your old computer hard drives or magnetic tapes, etc. and BUMC IT will ensure your data is securely destroyed.
Even more, you can bring your whole computers or laptops and BUMC IT staff will remove the hard drive for you and make sure hard drive and computer are properly disposed of.
All BUMC faculty staff and students are invited to stop by.
Avoid being a victim of phishing! If you are ever unsure whether an e-mail you receive is legitimate or if you receive an e-mail messages that is abusive or harassing in nature, you can forward it to firstname.lastname@example.org for verification. Read the following tips to protect yourself from phishing…
A new zero-day vulnerability in Java—a Poison Ivy variant—has been discovered and exploits have been found. The flaw affects all versions of Oracle’s Java 7 (version 1.7) on all supported operating systems. No patch is available at this time. Java 6 and earlier are currently unaffected (although that will possibly change soon).
If your computer is managed by IS&T using KACE or is running Blackboard, it should be running Java version 6 and is currently not affected by this issue.
Find out if your computer can be exploited: www.isjavaexploitable.com
In order for this vulnerability to be exploited, you have to visit a web page or follow a link to an infected site. If your computer has been exploited, the software can do anything with your computer that you can.
- If you are not using any programs that require Java, remove it from your system altogether. Java is one of the most heavily-exploited platforms in the world today due to its almost ubiquitous presence.
- If you have to have Java for a specific program, but don’t need it for the web pages you visit, disable Java for universal use on your browsers. (Links to instructions listed below.) It is safest to allow use of Java browser plug-ins on a case-by-case basis when prompted for permission by trusted programs.
- If you cannot disable Java in your browsers, confine your browsing to regular commercial sites which, while not immune from being infected, are typically more carefully maintained and monitored and represent a lower risk. This is not a reliable security approach, but it is better than nothing.
- Internet Explorer
(For Firefox on Mac OS X, it is like Windows XP (Tools > Add-ons))
While in Chrome, enter this URL: chrome://plugins/ then click Disable under Java.
Prevent laptop theft by registering your laptop with the BUPD. Find out more: http://bit.ly/xxmqzP
- If an e-mail asks for your password, it is a scam. Delete it!
A popular phishing technique asks you to reply to a message and send your password. As an example, you could receive a message claiming to be from some seemingly official (but non-existent) entity, e.g., “The BU.EDU Upgrade Team,” saying that the mail system is being upgraded and your account will be deleted unless you respond immediately and provide your password. Please keep in mind that Boston University will never ask for your login and password information.
- Don’t follow links, and never provide personal information.
You should never follow links offered to you in unsolicited mail or provide any personal or financial information, just as you wouldn’t when you receive an unsolicited phone call. This should be your guideline no matter how tempting, frightening, or persuasive the mail seems. Remember that, given an awareness of the problem of phishing, legitimate companies won’t use this method of approaching you. If you do feel compelled to respond or that you must check out something sent to you in an e-mail, don’t use a link in the e-mail message to do that. Use your browser to go to the known and trusted website (PayPal, for example) by typing in the URL/web address yourself and log in there.You can tell where a link is going by hovering over it with your mouse. Don’t click. Hover. As a general rule, if the e-mail message is lying to you about where the link wants to send you, it is a scam.
- Don’t open attachments that you weren’t expecting.
Many viruses are designed to send out spoofed e-mail messages. This message could be originating from any infected PC in the world which happens to have your address in a file (e.g., the address book) or which happens to have auto-generated your address in some fashion. Some, although not all, of these messages will come with an attachment designed to spread the virus to you. Viewing such an attachment puts your computer at risk.
- Filter out spam.
Spam is always annoying, and it can be dangerous too: spam e-mail often contains virus, spyware, or phishing exploits. You can protect yourself from many of these hazards by filtering spam.
- When in doubt…
If you are unsure whether an e-mail is real or if you receive an e-mail messages that is abusive or harassing in nature, report it to email@example.com. If possible, it is helpful to include full headers when forwarding a message. If you have questions, contact the Service Desk at (617) 638-5914.
If it’s too late…
If you responded to a suspicious e-mail message and provided your password, you should immediately change your password and scan your computer for spyware and viruses. Depending on what information you provided, you may also need to take steps to protect your credit card and bank information.
Contact the BUMC IT Service Desk if you believe you have been a victim of phishing at (617) 638-5914 or firstname.lastname@example.org.
LEARN MORE ABOUT PHISHING:
- Phishing IQ Test: http://www.sonicwall.com/furl/phishing/index.php
- Phishing Awareness: http://www.youtube.com/watch?v=H0yWWqX0L4g
- “Phishing” Internet Security PSA: http://www.youtube.com/watch?v=pPCPU5UpPG4&NR=1
Remember, Boston University will never ask for your login and password information via e-mail.
Be on the lookout for a new phishing email that is circulating through the BU community. The email appears to come from email@example.com and has the subject “Boston University IT Help Center – Please Upgrade Today!” A full transcript of this phishing message can be found below.
THIS IS A PHISHING EMAIL AND NOT FROM BOSTON UNIVERSITY.
As long as you disregard these e-mails and do not click on any of the links you should be fine. You can learn more about phishing e-mails on our website: http://www.bumc.bu.edu/it/comm-collab/e-mail/unwanted-email/phishing/.
As a reminder, BU will never ask you for personal information or your password.
Here are a few simple tips to avoid being hooked by a phisher:
- If the email asks for your password, it is a scam. Delete it.
- If the email is about a financial account you don’t have or an order that you don’t know anything about, it is almost certainly a scam.
- If you feel you must check out something sent to you in email DON’T CLICK THE LINK. It is completely possible to make a link lie to you. Instead, use your browser to go to the known and trusted website by typing in the URL/Web Address yourself.
- You can tell where a link is going to take you by hovering over it with your mouse. Don’t click. Hover. If you do this for the link above you will see yahoo pop up in a box by your pointer or in a space at the bottom of your email client or browser. General rule: if the email message is lying to you about where it wants to send you, it is a scam.
As always, forward any e-mails you are unsure about to firstname.lastname@example.org and then delete them. When forwarding an e-mail to email@example.com, it is helpful to include the full headers if possible. If in doubt, call the BUMC IT Service Desk at (617) 638-5914 or the IT Help Desk (Charles River Campus) at (617) 353-4357.
Transcript of Phishing Scam:
From: Boston University IT Help Center [firstname.lastname@example.org]
Due to congestion in our webmail database, we will be shutting down some unused accounts.
You will need to confirm your account as soon as possible so we can upgrade your account before the deadline.
To Upgrade your account, kindly CLICK THE UNIVERSITY LINK BELOW and fill out the form.
After following the instructions on the sheet, your account will not be interrupted and will continue as normal.
Thank you for attending to this request.
We apologize for any inconvenience.
Please do not respond to a recent message that appears to come from the IT Help Center (email@example.com) with the Subject “IMPORTANT NOTICE.” Although this message contains BU logos and a sender address that make it seem legitimate, it is a phishing message. To learn more, especially if you did already respond to the message or click on the link it provides, please contact the Service Desk at 617-638-5914 or refer to the page on Spoofed Messages and Phishing.
As always, if you are unsure whether an e-mail is real or if you receive an e-mail message that is abusive or harassing in nature, report it to firstname.lastname@example.org. If possible, it is helpful to include full headers when forwarding a message.
(View the original post from IS&T here)
Action Required for all Microsoft Windows Users:
- If you are running Microsoft Windows and you do not have it set to Automatically Update, you should run Windows Update immediately. See instructions at www.bu.edu/tech/desktop/virus-protection-security/safe-computing/autoupdate/ and confirm that you have the correct patches using the instructions below on this page.
- If you do have Automatic Updates turned on, you should have received the patch last Tuesday and you are all set – no further action is required toward installing it. You can confirm that you are updating automatically by following the instructions at www.bu.edu/tech/desktop/virus-protection-security/safe-computing/autoupdate/.
- If you use Microsoft Windows Remote Desktop (RDP) to connect to a BU computer from outside of BU, you will need to connect to the VPN prior to connecting via RDP – login at http://vpn.bu.edu.
- If you have set up your system to allow remote access, or if you run a server, see the additional instructions below.
On Tuesday, March 13, Microsoft announced that a critical vulnerability had been discovered in all versions of Windows from XP and up. This vulnerability affects the Remote Desktop (RDP) feature of Windows. RDP allows a remote user to connect to the computer and the vulnerability may allow even an unauthorized person to do so.
An exploit has already been released that will cause a Blue Screen of Death on Windows 7 and a Denial of Service on Windows XP. It is expected that another exploit will soon be released that will allow an attacker to have complete control of the computer. After that, the next expected step is that a self-replicating worm will be released that will automatically jump from host to host, granting the attacker access to the system and taking any other action the attacker may wish.
Microsoft has released a patch for this vulnerability. See below for details on installing it.
What IS&T and the IT Partners are doing:
- IS&T and the IT Partners have been working to install this patch on the servers at BU.
- Due to the serious nature of this vulnerability, IS&T will be blocking RDP access at the BU firewall within the next few days. This block is necessary because it is common for people to disable the automatic update functionality. It can reasonably be expected that many systems will remain unpatched for an extended period of time. If we take no action to block access to RDP through the firewall, exploit code could significantly impact the stable operation of computers at BU or otherwise compromise BU operations or protected information. (For reference, as of Monday (3/19) there were over 3000 computers at BU that had RDP up and operating.)
If you never use RDP…:
- If you do not need to use RDP, you can disable it. Instructions are provided below.
- If you do need to use RDP, please follow the security best practices published by IS&T:
Best practices include moving RDP away from its standard port to some other port protected by the BU Edge Firewall.
If you are running a server:
- Patch information can be found here: http://technet.microsoft.com/en-us/security/bulletin/ms12-020
- If the system cannot be immediately patched, please see this page for an alternative “fix it” option:http://blogs.technet.com/b/srd/archive/2012/03/13/cve-2012-0002-a-closer-look-at-ms12-020-s-critical-issue.aspx
Confirm that you have the correct patches:
1. Go to Start -> All Programs -> Windows Update -> View Update History and confirm that KB2667402 and KB2621440 are installed
- Go to Start -> Microsoft Update -> Review your update history
- Confirm that KB2621440 is installed
How to disable RDP if you don’t use it:
- Go to Control Panel, click System And Security, and then click System.
- On the System page, click Remote Settings in the left pane. This opens the System Properties dialog box to theRemote tab.
- To disable Remote Desktop, select Don’t Allow Connections To This Computer,
- Also uncheck the Allow Remote Assistance box as shown below and then click OK
- Click System in Control Panel.
- On the Remote tab, clear the Allow users to connect remotely to your computer check box, and then click OK.