[Plantsci] FW: Recent Crackdown on IT Security

Rogers-Caron, Joy E - (jerogers) jerogers at email.arizona.edu
Wed Jan 28 07:43:20 MST 2015 

On behalf of Matt Rahr, CALS CCT:

From: Hodsacad [mailto:hodsacad-bounces at list.cals.arizona.edu] On Behalf Of Rahr, Matt - (rahr)
Sent: Tuesday, January 27, 2015 7:33 PM
To: hodsacad at list.cals.arizona.edu<mailto:hodsacad at list.cals.arizona.edu>; expstations at list.cals.arizona.edu<mailto:expstations at list.cals.arizona.edu>; Antin, Parker B - (pba); Burgess, Shane C - (shaneburgess); Ratje, Jeffrey M - (jmratje); Silvertooth, Jeffrey C - (silverto); Winzerling, Joy J - (jwinzerl)
Subject: [Hodsacad] Recent Crackdown on IT Security

Hello Everyone,

The University's Information Security Office (ISO) is responsible for securing our UA network and IT infrastructure. While they do not directly administer servers and firewalls, they rely on network monitoring and logging tools to analyze large amounts of network traffic, looking for nefarious activity.

Last week, our office (CCT) received several requests from the ISO to contact specific members in CALS and request they change their UA NetID password. In a few instances, the ISO disabled the account immediately, locking the user out of email, VPN, and anything else a UA NetID is required for access. The ISO was worried these users' passwords had been stolen or given unknowingly through phishing emails, etc and was allowing unauthorized access to the University network and the user's personal information.

I was concerned with this practice because one of our users had her account immediately disabled while traveling out of the country, and I was suspicious the account was erroneously flagged. As you can imagine, it is difficult to contact someone abroad who cannot access their email. Plus, changing/resetting a NetID password can be a hassle. I brought this to the attention of the ISO and after clarification, learned that there was very strong evidence that this particular user's NetID was compromised (her traffic was being routed through a Chinese network proxy). In general, the ISO office will take a second/third look at each case before auto-disabling a UA NetID account. I'm told they have "95%+ confirmation" before disabling.

Please pass on these tips to your faculty and staff:

1)      If your faculty or staff find themselves unable to log into VPN, OWA, desktop/phone email client, and/or UAccess, have them call the 24/7 help desk (520-621-HELP) and ask them to check the status of their UA NetID. If the account has been disabled, 24/7 will unlock the account through verbal verification steps.

2)      If your faculty or staff will be traveling out of state, please have them close their email clients at home and work. This will not trigger an automatic disabling, but it may put them on the ISO's radar, as it may appear that the user is logging in from two different places at the same/near time.

The ISO plans to aggressively tackle compromised UA NetIDs, and I expect we'll be dealing with flagged users on a regular basis. However, if you have faculty or staff that do travel a lot and need to be whitelisted, this may be possible with the Information Security Office. Please email them at ISO-UAIS at email.arizona.edu<mailto:ISO-UAIS at email.arizona.edu> and cc lab at cals.arizona.edu<mailto:lab at cals.arizona.edu>.

Upcoming Seminar
Andy Honaman (IT Manager, SNRE), Tod Gregoire (CCT) and I will be hosting a demo on UA NetID+. NetID+ requires users to use a second method of authentication (called two-factor authentication) before accessing an online resource. This prevents anyone but you from accessing applications and services secured with NetID+, even if they know your password.

The ISO and UITS have announced that NetID+ will be required for certain online resources, such as VPN and Outlook Web Access (OWA) sometime this year. We want to make sure you and your faculty and staff know your options. I'm already enrolled in NetID+ and it's pretty easy, way easier than dealing with your NetID being compromised or your account being flagged/disabled. If you want to learn more about it, check out https://webauth.arizona.edu/netid-plus/pages/faq/ and https://webauth.arizona.edu/netid-plus/pages/tutorials

The demo will be in Marley 230 sometime in February, and probably another one in March. I'll post the dates and the tips above in the CALS Bulletin once I get the dates nailed down.

Thanks,
Matt

Matt Rahr
Director, CALS Communications and Cyber Technologies (CCT)
Email, Network & IT Security - lab at cals.arizona.edu<mailto:lab at cals.arizona.edu>
Programming & Web Development - webdev at cals.arizona.edu<mailto:webdev at cals.arizona.edu>
Video Production & Classroom Tech - video at cals.arizona.edu<mailto:video at cals.arizona.edu>
More Information Online -  http://cct.cals.arizona.edu<http://cct.cals.arizona.edu/>
520-626-0329

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://list.cals.arizona.edu/pipermail/plantsci/attachments/20150128/f3ee94c2/attachment.htm>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ATT00001.txt
URL: <https://list.cals.arizona.edu/pipermail/plantsci/attachments/20150128/f3ee94c2/attachment.txt>

More information about the Plantsci mailing list