Well, the students are back. For us security officers, it’s a love-hate relationship – you love ‘em because they’re young and enthusiastic and they help pay your salary, but you hate ‘em because they bring all kinds of malware to campus. So it’s no surprise that as soon as the semester began I started getting reports of malware spreading via USB flash drives, the first of which was reported by IT support staff who helped students in the residence halls.
To date, we have submitted to Trend Micro three different examples of malware found on USB flash drives at K-State, and in all cases Trend had a solution within 2-3 hours. However, much damage can occur in the time it takes that solution to be distributed to all computers on campus, so something more needs to be done.
September’s edition of the monthly IT security roundtable discussions sponsored by SIRT is scheduled 9-10:30 a.m. Friday, Sept. 11, in Union 213. Topics are:
Mac OS X 10.6 and Windows 7 issues
Why you should delay deployment but start testing now
Application compatibility is more than an antivirus issue
Why antivirus protection is important, even for Macs
When will supported antivirus products be available for each OS?
To protect sensitive university data from unauthorized disclosure when the media that stores the data is disposed of or reused, K-State’s new Media Sanitization and Disposal Policy is now in effect and has been published in the university’s PPM.
“Media sanitization” is a process by which all data are permanently removed from storage media in a manner that prevents their recovery. This applies to anything that can store data — computer hard drives, CDs and DVDs, backup tapes, USB flash drives, and even paper. We can employ the most strict security controls to protect data while in our possession, but it is all for not if the data remain on a computer hard drive when that system is disposed of, recycled, or reused.
Apple aficionados are excited about last Friday’s release of Mac OS X 10.6, aka “Snow Leopard”. Unfortunately, security software vendors haven’t matched that enthusiasm, so the likes of Symantec and Trend Micro do not yet support MacOS 10.6 with their antivirus products.
K-State’s new System Development and Maintenance Security Policy helps ensure that security is considered at all stages of an information systems’ life cycle. Too often, security is an afterthought when a new application is implemented, or a change to an existing system introduces a new security vulnerability and thereby places university data at risk.
This policy targets anyone involved in the acquisition, implementation, or maintenance of an enterprise information system or “systems that require special attention to security due to the risk of harm resulting from loss, misuse, or unauthorized access to or modification of the information therein.” An example of the latter would be a departmental or college system that contains confidential student or personnel data.
Thousands of new faculty, staff, and students have arrived and a new semester has begun, so it is time to remind everyone of their personal responsibility in protecting themselves online and keeping K-State information and technology safe. To quote IT security experts, “the Internet is a bad neighborhood,”* and based on the number of security incidents at K-State thus far in 2009, it’s getting worse. You can still function safely online, though, if you take the time to learn about security and “think before you click.” Here are five things you need to know about IT security at K-State:
Never give your password to anyone in an e-mail message. K-State has been plagued by more than 200 instances of e-mail scams over the last year that try to trick people into replying with their eID password (yes, that’s nearly one per day). In fact, thus far in 2009, nearly 300 K-Staters have had their eID password stolen this way. If you remember this one simple rule, you can prevent becoming a victim of these scams: K-State IT support staff will never ask for your password in an e-mail, nor will any legitimate business or organization. If you get such an e-mail, just delete it.
In the past month, nearly 200 K-State computers were compromised when people were tricked into opening a malicious e-mail attachment. Since January, nearly 300 K-Staters have given their eID password to hackers in response to spear phishing e-mail scams.
One of the best tools for learning how to distinguish a legitimate e-mail from a malicious one is the Phishing and Spam IQ Quiz produced by Sonicwall. The quiz displays 10 different e-mails and has you decide whether each is legitimate or a phishing scam. At the end, it compares your answers to the correct ones and provides an explanation for each e-mail message.
Over the past month, K-State was hit by three different attacks using scam e-mails that contained malicious attachments. In the first round, which started July 13, more than 100 K-Staters were tricked into opening the attachments, resulting in at least 113 infected campus computers.
The compromised computers were turned into spam e-mail servers that sent thousands of the same malicious e-mails to people all over campus and the world. In fact, the malware used address books from local e-mail clients on the infected computers to harvest the e-mail addresses it used, which explains why so many people got so many copies at K-State.
Thousands of people at K-State received malicious e-mails over the last month claiming to be shipping instructions from Amazon.com, an eCard greeting from Hallmark, or Jessica wanting to meet you. This attack was particularly effective, resulting in well over 100 compromised computers around campus. To learn characteristics of this attack, why it was so effective compared to others, and what you can do to prevent becoming a victim in the future, attend the next IT security roundtable discussion, 9-10:30 a.m. Friday, Aug. 14, in Room 213 in the K-State Student Union.
For many years, K-State has provided antivirus protection for Mac users with Symantec Antivirus (SAV) for Macs corporate edition (SAV). The bad news is that our license for SAV expires Oct. 27, and given the current budget challenges, there are no funds to renew. The good news is that Trend Micro now has a Mac antivirus client that is included in our site license, so it is already paid for with full support until March 2012 for all faculty, staff, and student office and home Mac computers.
SIRT, K-State’s Security Incident Response Team, is in the process of testing a beta release of a Trend Micro Security for Mac (TMSM) version 1.5. In fact, engineers from Trend Micro are on campus this week (July 27-28) to help install, configure, and test TMSM on servers and Mac computers around campus. Unlike SAV, TMSM is a manageable product and includes more security features, such as support for Web Reputation Services. Continue reading “Update on Mac antivirus protection at K-State”→
