The departmental response to the request for commitments to purchase licenses of PGP Whole Disk Encryption software for laptops and desktops was outstanding, so K-State will purchase 1,000 licenses rather than 500 at an even better price of $32 per license. At the deadline, departments committed to purchasing 849 licenses for Windows and 118 for Mac OS for a total of 967 licenses. Continue reading “K-State to purchase 1,000 licenses of PGP encryption software”
Author: Harvard Townsend (harv@ksu.edu)
Chief Information Security Officer
SMTP block starts Dec. 20 on residence hall and campus wireless networks
On Saturday, Dec. 20, K-State will start blocking the SMTP e-mail protocol on the residence-hall networks and the campus wireless network. This is necessary in order to intercept the large numbers of spam e-mails sent by compromised computers on those network segments and to help keep K-State off spam block lists. Continue reading “SMTP block starts Dec. 20 on residence hall and campus wireless networks”
SMTP to be blocked on residence-hall networks and campus wireless
In recent months, K-State has experienced a rash of compromised campus computers used by hackers to send tens or hundreds of thousands of spam messages to the Internet. Besides the embarrassment of having K-State labeled as a source of spam, some of these instances have resulted in K-State being placed on spam block lists where all e-mail from K-State is blocked. To remedy this problem, K-State intends to start blocking the protocol used to deliver e-mail off-campus on three selected portions of the network that typically have the largest percentage of compromised computers — the campus wireless network, and both the wired and wireless networks in the residence halls. This will only affect computers on these three segments of the campus network. All other network segments, including the guest wireless network (SSID=k-state.guest), will be unaffected.
This will take effect during the break between the fall and spring semesters. All students living in the residence halls will be notified about the change before they leave at the end of the fall semester. Continue reading “SMTP to be blocked on residence-hall networks and campus wireless”
Reminder to departments: PGP encryption purchase commitments due Dec. 5
The impending bulk purchase of PGP Whole Disk Encryption software for K-State laptop and desktop computers was announced in last week’s InfoTech Tuesday. K-Staters are reminded that this Friday, Dec. 5, is the deadline for reserving licenses for your department at $38 each. Campus departments interesting in purchasing licenses must send the following information to Harvard Townsend (harv@k-state.edu) via e-mail by 5 p.m. Friday: Continue reading “Reminder to departments: PGP encryption purchase commitments due Dec. 5”
SIRT selects PGP for laptop encryption; purchase commitments needed
After an extensive evaluation, K-State’s Security Incident Response Team (SIRT) has selected PGP Whole Disk Encryption (PGP WDE) as the recommended product for protecting data on laptops. Given the propensity for laptops to get stolen (another faculty laptop was stolen out of a K-State lab this week), whole disk encryption is a critical tool for protecting data stored on laptops. Also, a draft data classification policy being reviewed by IRMC this fall will require whole disk encryption on K-State laptops that store confidential data. Continue reading “SIRT selects PGP for laptop encryption; purchase commitments needed”
“Antivirus XP 2008” scareware a lucrative “business”
A recent article in the New York Times reported that the people responsible for the “Antivirus XP 2008” scam and it’s successor “Antivirus XP 2009” can theoretically make as much as $5 million a year. This type of scam, often referred to as “scareware,” tries to trick the user into buying fake antivirus software by scaring them with false reports of infections. A naive user panics when the warnings pop up on their computer and hands over $49.95, thinking they will get software to disinfect their computer. Instead, all they get is a smaller bank account, a computer that is very difficult to repair, and a lesson learned the hard way.
Continue reading ““Antivirus XP 2008” scareware a lucrative “business””
Trend Micro meeting Friday Nov. 14
The next quarterly meeting about K-State’s use of Trend Micro security software will be held on Friday, November 14, 9:00-10:30 A.M. in Hale 114. Shea McGrew will facilitate the discussion on the following topics:
- Patching OfficeScan (the latest patches, how to determine your patch/build level, how to stay on top of new patch releases)
- Features and configuration of Control Manager 5.0, including departmental access to the central Control Manager
- Features in the upcoming release of OfficeScan 10.0
- Technical support contacts
- Renewing the Trend Micro contract that expires in March 2009, plus discussion about Mac support
- General Q&A
Network security analyst hired
Starting Nov. 10, K-State’s central IT security team will double in size when Josh McCune joins Harvard Townsend, chief information security officer, as a network security analyst to assist with all aspects of K-State’s information and technology security program. Continue reading “Network security analyst hired”
NIST publishes server security guidelines
The National Institute of Standards and Technology (NIST) recently finalized a publication that provides an excellent overview of server security. The “Guide to General Server Security” (SP800-123) is intended to “assist organizations in installing, configuring, and maintaining secure servers.” Topics include: Continue reading “NIST publishes server security guidelines”
K-State computers hacked via instant messaging
On Oct. 14, 10 K-State computers had their network access blocked because they were compromised and all talking to the same botnet controller. Most if not all the computers had some relationship to one particular department and they were communicating with the botnet controller using the instant messaging (IM) protocol used by Windows Live Messenger (also known as Windows Messenger or MSN Messenger).
It appears that one computer was compromised and had malicious software installed on it that automatically sent instant messages to everyone in that person’s MSN Messenger contact/buddy list. These malicious instant messages consisted of “he he :)” and a link to a website. Since the recipients thought the instant message was from a colleague, they trusted it and clicked on the link, which in turn infected their computer.
Continue reading “K-State computers hacked via instant messaging”
