Union computer burglary gets equipment, not personal data
by B. Edwards, Computing and Network Services
published July 25, 2006
About $25,000 of computers and equipment was stolen the evening of
Wednesday, July 19, from the K-State ID Center in the K-State Student
Union. Police are searching for two white males in their early 20s,
according to a
July
20 news release
from K-State's Media Relations. Anyone with information about the crime
is asked to call Detective Donald Stubbings, K-State Police Department,
785-532-6412.
The two subjects, described as wearing blue jumpsuits with "Fox Business
Systems" logos, gained access to the ID Center by showing the on-duty
Union manager what may have been a forged document and saying they were
hired to do repairs on the center's computers. Several computers,
monitors, cameras, and printers were later found missing from the center.
No personal data was lost because it's stored on a
secured server, said Craig Johnson, manager of the ID Center.
"Although we have a very secure database, we added enhancements Thursday
and Friday to ensure a higher level of security, including a firewall and
IP lockouts on the specific workstations stolen," he said.
Incidents like this are an example of social engineering, where
human characteristics such as vulnerability, trust, and expectations are
targeted. K-Staters should remember to be just as careful with
protecting hardware as they are with data on their computers, said
Rebecca Gould, director of the Information Technology Assistance Center.
For more about social engineering and how to protect yourself, see US-CERT's
Avoiding Social Engineering and Phishing Attacks
and the SANS InfoSec Reading Room - Social Engineering.
IT Data Center maintenance planned July 29
by J. Alloway, Computing and Network Services
published July 25, 2006
An emergency-power-off wiring problem in the K-State IT Data Center
(basement of Hale Library) is scheduled to be corrected
7 p.m.-midnight Saturday, July 29. The
maintenance will require turning off electrical power to the data
center. Although emergency battery-backup power will be on,
a potential loss of power would cause all servers to be offline,
including e-mail, Web, mainframe, Axio, etc. Questions and concerns
should be sent to Jay Alloway, 532-4906,
jay@k-state.edu.
Trend Micro software available for system administrators
by H. Townsend, SIRT chair
published July 25, 2006
The Trend Micro antivirus
software that is replacing Symantec AntiVirus for protecting Windows
computers at K-State
(see the April 25 overview) is now available for system administrators, via the
antivirus.k-state.edu
website. Access to Trend Micro for individuals will be available in early August.
To gain access to the password-protected site, system administrators
must meet the following criteria:
- Join the ANTIVIRUS-L mailing list.
- Be confirmed as a K-State system administrator.
- Complete the online training course.
For more information, see K-State's
antivirus
system administrator site or contact Royce Gilbert,
royce@k-state.edu, 532-0547.
Three IT job openings in Housing
by R. Satterlee, Housing and Dining Services
published July 25, 2006
Housing and Dining Services has three full-time, unclassified job openings
-- help desk coordinator, computer information specialist, and web team
coordinator -- on its Information Technology team. Screening begins
Aug. 7 and continues until the positions are filled. See
housing.k-state.edu/recruit/it
for details and links to position
descriptions. Questions should be sent to Rob Satterlee, 785-532-6972,
satterl@k-state.edu.
Security tip: SIRT recommends at least 3 passwords
by H. Townsend, interim K-State IT security officer
published July 25, 2006
Your eID and password give you access to many important and
confidential resources and information at K-State. It is thus critically
important that you diligently protect your eID's password. Do not share it
with anyone. You also should not use this same password for
other accounts on systems outside K-State, since that increases the risk
of a hacker discovering your eID password.
Let's assume, for example,
that you use the same password for your K-State eID and for a personal account
on an Internet website where you register to download a game. If the
server hosting the game's website is compromised, the hacker may be
able to steal your password and therefore have your eID password as
well. If you used a different password for the game site, there's no
risk to the K-State resources protected by your eID password.
So how many passwords is enough?
SIRT recommends
at least three:
- Your K-State eID password.
- A strong, hard-to-guess password for your financial accounts,
like online banking or accounts that store personal
and/or credit card information (e.g., eBay, Amazon.com, PayPal).
- One for other low security websites that have neither privacy nor
financial implications, like sites where you register to download free
software.
This IT security best practice is, in fact, in the process of being
codified in a revision to the security policy in
chapter 3430 of
K-State's PPM that will
prohibit the use of your K-State eID password on systems outside
K-State. The Information Resources Management Council (IRMC) is
reviewing the revision to PPM 3430 and is expected to vote on it in
September. However, you should not wait until it becomes policy to put
this good idea into practice to protect sensitive K-State information as
well as your personal and financial information.
IT by the numbers: Telecommuting would save $$$ and time
by R. Gould, Information Technology Assistance Center
published July 25, 2006
About $3.9 billion (and time equal to 470,000 jobs) would be saved per year if
employees would telecommute, according to the report from the 2005/2006
National Technology Readiness Survey (NTRS). Of the 25 percent of respondents who
indicated that telecommuting policies were in place, only 11 percent reported
they are taking advantage of working from home. Read more in
Most
With Option to Telecommute Prefer to Drive, a July 13 news
release on govtech.net.
|
