|
|
|
|
|
UC DAVIS: Offices of the Chancellor and Provost August 26, 2003 DEANS, DIRECTORS, DEPARTMENT CHAIRS, AND CAMPUS/UCDMC ADMINISTRATIVE OFFICERSMEMBERS OF THE ACADEMIC SENATE AND ACADEMIC FEDERATION Subject: Network and Desktop Security: Protection of Personal Information Recent national media reports have described the harmful effects of the latest Internet-based virus attacks, specifically, the 'LovSan' or 'MS Blaster' worms. UC Davis computers were among those attacked at businesses and public institutions around the nation, including Stanford University and University of California, Berkeley. These attacks reinforce the need for all of us to be vigilant and take proactive measures to protect our computers and data. While major campus computing systems are routinely administered and closely monitored, administrative practices vary among the many desktop computers used by students, staff, and faculty members. Personal Information May Be at Risk Upon inspection, some of those compromised computers were found to contain the names and Social Security numbers of UC Davis students, staff, and faculty. Based on the symptoms of the attacks and a thorough review of the compromised machines, we have no reason to believe that the personal information was acquired by the attackers, or indeed that the attackers even made an attempt to acquire it. It is my understanding that the originators of such attacks are often seeking computers to store unlicensed commercial software or as an attack platform against other computers. Immediate Action Is Needed Risk Assessment. As a result, I ask each dean, vice chancellor, and vice provost to take aggressive action within their respective units to identify departmental computing systems and applications that house personal information (personal name along with Social Security number, California driver identification number, or financial account information). You may find it useful to centrally identify and maintain information about these systems for control purposes. Recommended Actions. At a minimum, personal information should be removed from all computers on which it is not required. If the personal information cannot be removed from the computing system, departments must develop a plan specifically outlining how the information and systems will be kept secure. Measures to protect the information could include removing several digits from the personal identifiers, moving the files to removable media and storing this media in a secure location apart from the computer, or encrypting the personal information. Campus Resources The campus provides several resources to help you secure your computing systems. Resources to conduct risk and security assessments and enhance computer security are provided through the campus security web pages (http://security.ucdavis.edu). These pages also provide links to important security alerts that are gleaned from internal analysis, higher education institutions, and leading security sources. The campus security pages also provide technical handouts for security improvements from the recent IT Security Symposium. Furthermore, the campus is moving forward to acquire and implement a central firewall system. This system will enable departments to define and manage security rules that will further isolate departmental servers and desktop computers from hostile network traffic. In addition to the above resources, Information and Educational Technology (IET) currently disinfects all email processed by the central campus email servers. IET also provides a campuswide license for an antivirus program for all campus unit email servers and attractive licensing fees for antivirus programs for the computers used by students, staff, and faculty members. Additionally, IET provides department assistance to troubleshoot and diagnose computer virus infections and other exploits, restore compromised computers, implement preventive measures, and guide managers in the development of a strong security program. We can reasonably anticipate that the future will reveal new virus attacks and computer vulnerabilities. Our continued vigilance and prompt action is critical if we are to maintain the integrity, availability, and security of our computing systems. I look forward to your support and active participation in meeting that goal. If you have any questions about security measures you're planning to implement, please contact Robert Ono, the Campus IT Security Coordinator, at raono@ucdavis.edu Virginia S. Hinshaw Provost and Executive Vice Chancellor 03-097
 Office of the Chancellor | Contact Information | Current Issues | Speaking Out | Staff and Organization | Philosophy of Purpose | Principles of Community | Administrative Resources Modified: 12/14/2006 12:24:35 PM Comments: |
