Notices
NSC-050201: General Security Information
The following information should be distributed to department staff and
technical support. IT Security staff continue to see recurring problems on
campus computers related to the following issues:
1. Passwords
Everyone needs to change passwords often, and use a LONG mixed (letters
numbers and special characters) value. Passwords greater than 15 characters
have a significantly lower chance of being cracked than a short password.
It's a recommended practice in areas where there have been compromised
computers to have everyone who has used the machine change their passwords,
including support staff. Stolen passwords have been recovered from
compromised computers!
Passwords for accounts with elevated privileges (Administrator, Root,
etc) need to be changed even more frequently, and should be an especially
long mixed value. (Note: If you log on to a Windows workstation with your
Hawk ID and it has "Administrator" privileges, this includes you!) Don't
forget to change other passwords with elevated privileges, such as embedded
"service" accounts (i.e., database
administrator account passwords).
2. Patching/Computer Management
We still see attacks on machines based on (lack of) patches that came out
last year or even earlier, as well as exploits based on brand new patches.
Machines, particularly Windows, must be kept up to date to the best of your
ability. Remember that new machines, or newly re-imaged machines, must be
brought up to date with patches before you connect them to the university
network.
A new service for the automated management of university owned
(Windows-based) equipment is available. This (SMS) service has been
successfully deployed by many units, and is available for managing
departmental as well as lab and research oriented Windows machines. See
http://spa.its.uiowa.edu/ecm/ for more information, or talk to your
College/Unit's IT Director.
3. Internet Explorer (IE) browser - We continue to see new (and old)
exploits involving the IE browser. Last summer we distributed
recommendations made by Microsoft for IE browser security. Those
recommendations still hold -- set your Internet Zone security setting to
"High" and add local (http://*.uiowa.edu) and other trusted sites
(http://*.windowsupdate.microsoft.com) into the "Trusted Sites" zone with
security setting at "Medium". Detailed instructions are at
http://www.microsoft.com/security/incident/settings.mspx You can also
discuss alternatives for web browsing with your local IT support.
4. Firewalls, Anti-Virus, and Anti-Spyware
If you set up and manage your own machine, and your operating system has a
builtin firewall, use it. Allow the communications/programs that you need
in, and block everything else. If your system doesn't have a builtin
firewall, consider adding one. On Windows workstations, the operating
system should be XP installed at Service Pack 2 or later, with the firewall
turned on. On Mac OS X, the operating system should be at
V10.2 or later, with the firewall turned on.
Install and use the UI licensed Symantec Anti-Virus software on every
machine possible, and be sure it's configured to update every day. Turn on
the "PopUp Blocker" support in your IE browser, and consider installing a
free anti-spyware program if you do a lot of Internet surfing. More
information is available at http://helpdesk.its.uiowa.edu
5. E-Mail scams - We continue to see "phishing" scams getting into the
campus e-mail systems. Never click on a link sent to you in an
unsolicited email, for any reason. Chances are if you click on the
link, it will either infect your computer with a virus or worm, or it will
lure you to give out personal information that can be used to steal your
identity.
For more information, see the article "Campus computer security still a big
concern", http://cio.uiowa.edu/ITsecurity/fyi2004Oct.shtml published in part
in the FYI October 2004.