Skip to content

Wayne State University

Aim Higher

Jun 22 / Clare

Welcome to IT Security @ WSU!

Welcome to the Wayne State C&IT Information Security Office blog! We’ve compiled some awesome information that will help you keep yourself and the entire Wayne State community safe from cyber security threats. Use the buttons below to discover more about information security and scroll down for the latest ISO news.

 

 

 

 

Jan 23 / Kevin Hayes

Want to Join the Wayne State IT Security Team?

Are you or someone you know interested in moving into the field of Information Security? Want to collaborate with talented and motivated people? Keen on working with awesome technology and tools? Think you can handle a boss with an unhealthy David Hasselhoff obsession?

If so, I have some good news for you! Wayne State University is hiring for an IT Security Specialist position. This is a full-time entry level position in the field of Information Security. This position will be responsible for maintaining and auditing University firewall configurations, act as the first-level responder for reported threats and incidents, and will perform the initial triage and notifications for identified vulnerabilities. While no direct IT security experience is required, we are looking for individuals with great analytical skills, familiarity with general networking, and a few years of supporting an IT enterprise in some fashion.

For more information or to apply, please search https://jobs.wayne.edu for posting number 042473.

Jan 17 / Kevin Hayes

National Data Privacy Day Presentation

Next Thursday, Jan. 26 is National Data Privacy Day. Data privacy is becoming more and more crucial as our personal data is being collected, used and mined in all sorts of ways that we could not even fathom a few years ago.

Think for a second – how would YOU want organizations and companies to use information they collect about you and your family? How could disclosing personal details on Facebook and Instagram affect you in the future? What is that “free” app scanning and analyzing so you can play that hot new game? Should it be alright or acceptable for the maker of your SmartFridge to report back when you are low on milk? Questions like this need to be thought about and answered as we keep moving forward in this information age.

So mark your calendars and come on down! The Privacy Office, C&IT and University Libraries are sponsoring a web-based talk that day from 1-2 p.m. in the Simons Room on the first floor of Purdy/Kresge Library. Refreshments will be provided! Relax, step away from your daily routine and listen in on this crucial growing area of data privacy.

Speaking is Cindy Compert, Chief Technology Officer for Data Security and Privacy at IBM. Further details about the talk can be found here:
http://events.educause.edu/educause-live/webinars/2017/big-data-whats-the-big-deal

Later this spring, additional live speakers will be announced. Watch Geoff Nathan’s ProfTech blog and campus announcements like this one for details. The goal of our campaign is to raise awareness of privacy as an important issue and perhaps to gather a group of people on this campus who are interested in ongoing conversation about these issues.

Thanks and looking forward to seeing many of you there!

Jan 11 / Kevin Hayes

January 2017 Security Patches

Two posts from IT Security in a single day? Say it isn’t so! Don’t worry, this one is relatively painless.

It’s time to deal with our not-so-favorite time of the month, Microsoft Patch Tuesday. Happily, Microsoft has released *only* four patches yesterday — and one of them is a patch for Adobe Flash Player.  Told you it was relatively painless!

MS17-001 – Security Update for Microsoft Edge
MS17-002 – Security Update for Microsoft Office
MS17-003 – Security Update for Adobe Flash Player
MS17-004 – Security Update for LSASS

More information regarding the January patches can be found here:
https://technet.microsoft.com/library/security/ms17-jan

C&IT is testing and deploying these updates to our enterprise and supported desktop environments this week. It is strongly recommended that you update your computer with these important security fixes; Wayne State computers should be patched by departmental IT staff, while any personal computers will usually download and install them automatically:

https://support.microsoft.com/en-us/help/17154/windows-10-keep-your-pc-up-to-date

Stay safe and stay patched!

Jan 11 / Kevin Hayes

Ransomware Threat

Good morning all,

Happy New Year to everyone! I hope that you all had an enjoyable and relaxing break.

One of our higher education brethren in California did not enjoy a nice break; Los Angeles Valley College was just hit with ransomware on their central servers which encrypted all email and shared files. This brought all operations to a standstill and unfortunately, because of a lack of security controls, the college forked out $28,000 in bitcoin in order to get back in business:

http://thevalleystar.com/valleys-pays-ransom-with-cyber-insurance/#sthash.bNmKzCdr.dpbs

Ransomware is a serious threat — thankfully there are a few easy ways you can protect yourself from downtime and financial (and reputation) loss:

  1. Ensure you have backups of critical data on removable or offline media
    Any departmental shared drives you use should be backed up on a regular basis to media that malware cannot access. This can be tape, a USB drive, or a hard drive that nobody has access to remotely. Your backups do no good if the malware can just encrypt and hold those files hostage too. And make sure to test your restore procedures every few months to make sure your backups can save you!
  2. Use Application Whitelisting
    C&IT DeskTech began using application whitelisting after the “invoice.zip” outbreak to outstanding success. By only permitting software signed by known vendors (or manual exceptions by file hash), the initial malware that could encrypt all your files CAN NOT RUN. It’s hard to get infected when the OS refuses to run unknown software!
  3. Limit Administrator Privileges
    This should be old hat right now, but it’s still important, especially for the people on this list — limit any administrative privileges to your accounts. This includes removing accounts from a computer’s local “Administrators” group, as well as using DIFFERENT accounts when YOU need to perform administrator actions. Best practice is for you to use one account for your day-to-day office work and to do a special “Run As” execution when running any administrative programs. This way, any damage caused by malware should be limited to just one computer or user profile instead of an entire network or domain.

As always, thank you for the hard work you do in keeping the university safe and secure from these electronic threats.

May 13 / Kevin Hayes

No More Updates for Windows 8.1

Alright, now that I have your attention, I can try to explain the slightly convoluted scenario that Microsoft has foisted onto us.

First of all, any vanilla Windows 8 systems are not affected.  For the time being, systems running Windows 8 will continue to receive their updates as scheduled.

However, if you are running Windows 8.1, you will be required to install “Windows 8.1 Update” in order to meet Microsoft’s new product baseline and continue to receive security updates for your operating system.  This Update (with a Capital U) is the rough equivalent of a Service Pack, and Microsoft will require this Update to be installed if you want to get any security updates published in the future.  

Home users should update their systems with this “Update” by May 13 to remain supported, while enterprise customers and systems have been given a small reprieve and have until August 12 to make the same changes.  If you do not patch by this time, the *only* patch available to you will be this lovely “Update” instead of anything more current.  From the Microsoft website:

“…the Windows 8.1 Update is a required update to keep Windows 8.1 devices current. It will need to be installed to receive new updates from Windows Update starting on May 13th. The vast majority of these customers already have Automatic Update turned on, so they don’t need to be concerned since the update will simply install in the background prior to May 13th. For customers managing updates on their devices manually who haven’t installed the Windows 8.1 Update prior to May 13th, moving forward they will only see the option to install the Windows 8.1 Update in Windows Update. No new updates will be visible to them until they install the Windows 8.1 Update.”

Any C&IT DeskTech managed systems will be taken care of during this transition process, however due to our diverse desktop deployment I wanted to make sure that all of our campus system administrators are properly aware of this interesting wrinkle.

More Information:

http://blogs.windows.com/windows/b/springboard/archive/2014/04/16/windows-8-1-update-and-wsus-availability-and-adjusted-timeline.aspx
http://blogs.technet.com/b/gladiatormsft/archive/2014/04/12/information-regarding-the-latest-update-for-windows-8-1.aspx

Apr 28 / Kevin Hayes

New Critical Vulnerabilities for Internet Explorer & Flash

Microsoft has revealed that a fresh vulnerability has been discovered for all versions of Internet Explorer.  Specifically, there is a way for malicious code to run on your computer if you use Internet Explorer (Versions 6 thru 10) and visit some bad web content.  Microsoft is actively working on a security patch which should be available in a few days.  In the interim, refrain from using Internet Explorer when browsing to unknown or unfamiliar websites.  The US Department of Homeland Security is also recommending that a different browser be used until a security patch is delivered.

While these vulnerabilities are not new, this part is: Windows XP WILL NOT have a fix for this.  If you are still running Windows XP, your computer will be vulnerable to the end of time and there is no way to properly secure yourself.  Microsoft will not be providing any further support for Windows XP, so if you are still running it, today should be a sign that you should upgrade as soon as possible.

More information:
https://technet.microsoft.com/en-us/library/security/2963983.aspx
http://gizmodo.com/new-vulnerability-found-in-every-single-version-of-inte-1568383903
http://mashable.com/2014/04/27/microsoft-web-browser-security-bug-could-impact-millions-of-users

But wait, there’s more!  Unfortunately we are hit with a double-whammy today.  Adobe just came out with a critical patch for yet another zero-day vulnerability completely unrelated to the above IE exploit.  Thankfully, Adobe has a software patch available to address this issue.  Computers that have Flash (and whose doesn’t) need for it to be updated immediately.  You can check your current version of Flash – and update it as well – at the following site: http://helpx.adobe.com/flash-player.html

More info regarding the Adobe exploit:
http://helpx.adobe.com/security/products/flash-player/apsb14-13.html
http://www.securelist.com/en/blog/8212/New_Flash_Player_0_day_CVE_2014_0515_used_in_watering_hole_attacks

Apr 8 / Kevin Hayes

Nasty Internet-Wide Vulnerability

Last night, a new server vulnerability was disclosed on the Internet that is making shockwaves and causing large amounts of frustration and pain around the world.  Certain versions of OpenSSL, which is used to encrypt web traffic, has been discovered to have a gaping security hole which can allow a remote attacker to read the memory of a vulnerable server.  This attack can be performed remotely and without any authentication whatsoever.  More information regarding this critical vulnerability can be found at:

http://www.kb.cert.org/vuls/id/720951
http://heartbleed.com/

Wayne State C&IT because aware of this issue late last night, and immediately began an analysis to see how much of our computing environment was affected and what the potential risk would be.  Thankfully, no critical systems (Banner, Wayne Connect, Blackboard, Pipeline, WiFi, Academica) are currently at risk.

Centrally-managed servers have been addressed and/or patched at this point.  Other system administrators, including persons supporting hosted systems, have also been contacted to ensure their applications are up to date and secure.  We are running periodic scans of our computing environment to discover any systems which may need additional assistance.

We are continuing to monitor the progress of these events, and will keep the community informed of any developments.

Mar 12 / Kevin Hayes

Time to Flee Windows XP

Microsoft and the IT community have been talking about it for months (if not years), but the time is almost here where Windows XP will no longer be supported by Microsoft.  This means no new security updates or patches will ever be created – the final and last set of updates will be coming out on April 8, 2014.  At that time, no official support will be provided to problems with Windows XP, and any vulnerabilities discovered will remain unfixed until the end of time.  This is bad news, as any remaining XP systems could be easily exploited by attackers intent on stealing your data or controlling your computer.

If you have a computer that is still running Windows XP, please finalize any plans to upgrade or replace it during the next month.  Information regarding some of your options can be found here:

http://windows.microsoft.com/en-us/windows/end-support-help

Official publications regarding this situation can be found here:

https://www.us-cert.gov/ncas/alerts/TA14-069A-0

Mar 5 / Kevin Hayes

Linux GnuTLS Vulnerability

It looks like Apple is not the only big player to have issues with SSL/TLS.  The GnuTLS library is commonly used by Linux systems for secure communications, and a vulnerability (CVE-2014-0092) has been discovered with regards to certificate verification functions which may cause an attacker to view confidential information without your knowledge or authorization.  This vulnerability has been confirmed on major distributions, including Ubuntu, RHEL, Slackware and Oracle Enterprise Linux.

System administrators should patch or upgade their computer systems when possible.  This is currently classified as a medium level vulnerability, so while immediate resolution is not necessarily required, please take note and work this into your next upgrade cycle.

More information can be found at the following URLs:
http://www.securityfocus.com/bid/65919
http://www.ubuntu.com/usn/usn-2127-1/
http://rhn.redhat.com/errata/RHSA-2014-0247.html