Welcome to the University of Tennessee's resource for information technology security. The Information Security Office (ISO) is charged with the responsibility of network and systems security at the University of Tennessee.
The ISO works with members of the UT community, including system administrators, students, staff and faculty, to protect the UT network and connected hosts. The ISO cooperates with administrators at other sites, as well as law enforcement entities, in response to security incidents.
Security Overview
Introduction
System security is a cyclical process. Steps have to be taken daily to ensure the integrity of data and security of a system. The process of system hardening is not a one-time event; it is a dynamic and reiterative process. Security holes are discovered daily in operating systems and programs. A secure system today may not be secure tomorrow.
System security cannot be considered inconsequential. "Who would want to break into this system or why would they want to?" The how and where of this line of questioning can fill volumes. The "who" could be anyone whether they have legitimate access or not. The "why" is simple: free computing resources to be used by an intruder in any way they see fit. A compromised system can quickly become a liability as the compromised machine begins to affect the network or operations on other machines locally and remotely.
A system can be compromised via non-patched or insecure network applications. However, there are many more ways that a system can be compromised via a local account. Because of this fact, every aspect of the system and its maintenance must be considered when securing it. Because there is no "magic bullet" for securing a system, securing in layers while adding granularity at each level is the best approach. For example, physical security is one layer. An example of adding granularity to physical security is to use badge access to the area where a machine is located. Host security could be considered at the top layer. An example of granularity at this layer is securing the kernel.
Security in Layers
Security in layers is the preferred approach to securing a system. The template below offers a basic level of granularity. It should not be taken as an absolute; rather it is a base that should be extended upon by each system administrator:
Host
Application--Web, Mail, File sharing, shared programs (e.g. word processing)
OS--Kernel, system binaries, system network parameters, file system, file and directory security
User
Passwords, Permissions, Accounting, User programs
Physical
Console access, System in protected area (locked and/or badge access)
One single mechanism cannot be relied upon for the security of a system. It should be looked at from every angle with all the pieces and parts taken into consideration.
Physical Security
All systems analyst, support personnel, and system users need to be aware that physical security plays an equally important role in the overall protection of each system attached to the University's networks. Restrict access to each machine with a minimum requirement being establishment of a hardened screen saver password. BIOS passwords should be used for systems that handle sensitive and/or business critical information. Use of these passwords (screensaver and BIOS) by all Windows users on the campus is an excellent protection mechanism from unauthorized physical access. It should also be noted that a system that is allowed unrestricted and unmonitored access to the University population is vulnerable even if these passwords (screensaver and BIOS) are set.
A simple but invaluable rule of thumb in the reiterative process of system security is to know your machine: be familiar with its users, processes, and files.
Recent Scams
|
Recent Scam - Your illegal internet activities are being logged Supposedly from MediaDefender, claims the recipient's "illegal activities" are being logged and unless they stop downloading "copyrighted softwares" they will be faced with legal action. The recipient is encouraged to view the attached report for more details. The attachment is a virus. McAfee is not currently catching this virus although a copy of it has been sent to them for inclusion in the next DAT release. more info |
|
Recent Scam - you have receveid an postcard.check it now Supposedly from Hallmark, claims someone has sent the recipient an E-card and they need to click on a link to view the card. The link actually downloads a virus. more info |
|
Recent Scam - Federal government updates mandatory personnel forms Supposedly from "Progressive Business Publications", claims the IRS and the Department of Homeland Security (DHS) are updating mandatory personnel forms and directs the recipient to a website to purchase them. Points of note: The IRS makes forms available for free on their website (http://www.irs.gov/), and the DHS didn't exist in 1991. more info |
|
Recent Scam - Unknown Subject Supposedly from the "utk.edu technical support team", claims the recipient's account was used to send large amounts of spam which proves their system is compromised. The message advises the recipient to follow the attached instructions to protect their system. The attached file "text_2.zip" is actually a virus. McAfee is now detecting the virus. more info |
|
Recent Scam - Confirm Your School Webmail Account Details Yet another canned phishing attempt. They've gotten smarter and made it a little more modular with the generic "Your School". However, They still haven't learned that "database" is one word, or subject-verb agreement. more info |
|
Recent Scam - Confirm Your Utk.edu Webmail Account We're now into the double digits on this particular phishing scam. The recipients "are to forward the following informations" so that the "utk.edu Engineer" can preserve their account(s). Do we get pay raises now that we're Engineers? more info |