Cyber Threat Smackdown

World-renowned Identity Theft expert John Sileo returns to the UMass campus on October 22nd with NEW MATERIAL to discuss cyber threats to home and work devices.

Topics include mobile security, phishing, social engineering, intellectual property, and more. Registration is required ‘ visit http://www.massachusetts.edu/isocevents/lowell
Learn how to fight back and defend yourself against these common threats!

If you are unable to attend this event in person, we will be streaming live at http://gse.uml.edu/sileo

TA14-268A: GNU Bourne Again Shell (Bash) ‘Shellshock’ Vulnerability (CVE-2014-6271,CVE-2014-7169)

The US-CERT has issued Shellshock as a critical vulnerability affecting Linux/UNIX operating systems and Apple’s MAC OS X. According to the US-CERT, if exploited, this vulnerability gives attackers the ability to remotely execute shell commands by attaching malicious code in environment variables used by the operating system.

Please read the attached link from the National Cyber Awareness System. Note this vulnerability is getting significant traction in the cyber security circles. Our Intrusion Prevention System (TippingPoint) filters have been updated as of 6:00a this morning, and we’ve been seeing increased activity throughout this morning.

Patches have been released to fix this vulnerability by major Linux vendors for affected versions. Solutions for CVE-2014-6271 do not completely resolve the vulnerability. It is advised to install existing patches and pay attention for updated patches to address CVE-2014-7169.

As of this morning, Apple has not commented on this vulnerability. Although individual workstations are not the primary target, we will keep an eye on this thread as more information becomes available. Please forward to staff who may have responsibility managing Linux-based systems.

https://www.us-certs.gov/ncas/alerts/TA14-268A

New UMass Lowell “eduroam” Secure Wireless Network

In August 2014, UMass Lowell consolidated the ‘uml-admin’ and ‘uml-student’ wireless networks to a new secure network named ‘eduroam’. This new secure wireless network has three advantages:

1. Reduces wireless interference issues across campus.

2. Allows the use of a cross-platform utility named ‘XpressConnect’ to easily configure the wireless settings and connect from your device.

3. ‘eduroam’ is a secure, world-wide wireless service developed specifically for the international research and higher education community.

eduroam allows UMass Lowell students, faculty, and staff to obtain free wireless connectivity at participating Institutions around the world, by simply opening their device and connecting to the eduroam network at that institution. This makes connecting to the Internet easy and convenient when visiting other campuses for conferences, research, or other reasons. Similarly, visitors from those participating institutions can easily get wireless access on the UMass Lowell campus by connecting to the ‘eduroam’ network here.

eduroam is currently available at 178 institutions in the US and thousands of institutions in world-wide. Within the UMass system, the President’s office and UMass Amherst are members of the eduroam community. More info on eduroam can be found here. Maps are available of participating institutions in the United States and at international locations.

Additional information and connection instructions can be found on the wireless access page here: Note:

‘ The ‘uml-admin’ wireless network will remain available in academic and administrative locations until January 2015

‘ The ‘UMassLowell’ guest wireless network is available for guests and visitors to UMass Lowell

‘ Students with game consoles can also use the ‘UMassLowell’ wireless network to obtain special network access for those devices

If you have any questions, please contact the IT Help Center at 978-934-4357 (x44357), via help@uml.edu, or via the web at http://helpdesk.uml.edu.

UMass Lowell DNS Migration

What are we doing
UMass Lowell Information Technology is redesigning our DNS infrastructure. Currently, internal DNS services are run on our Microsoft Active Directory domain controllers and external DNS services are run from our Infoblox appliances.

Background
UMass Lowell has used the Infoblox network infrastructure appliances for over five years. The Infoblox product and architecture is the best in the business, with a rock solid reputation for reliability and security that Microsoft simply cannot match. We are migrating our DNS services in order to provide a more robust, scalable, and standardized DNS architecture for our growing campus needs.

What DNS changes are being made?
All internal DNS services will be moved from our Active Directory domain controllers (129.63.1.27, 129.63.1.28, and 129.63.199) to new Infoblox appliances.

Information Technology will update all DHCP scopes reflect the new internal DNS server IP addresses of: 129.63.1.1 and 129.63.251.230. During this process, we will also be pruning our external DNS records so that only public-facing IP addresses (129.63.X.X) are resolvable from the internet.

Which records are being pruned
A (host) records with a Private Addresses (10.x.x.x)
SRV (service) records for VoIP phones

Call to Action: Check your Servers and Devices between June 27th 2014 and July 31, 2014.

‘ For servers and desktops configured with static IP addresses, you will need to set the DNS server addresses to the new IP addresses: 129.63.1.1 and 129.63.251.230. Do not make this change before June 27, and please ensure it is complete prior to July 31. Ensure you remove all instances of using 129.63.1.27, 28, or 199 as DNS server prior to the July 31 date.

‘ Devices like VoIP phones, Wi-Fi hotspots, PXE boot machines, Internet Connected Devices, etc. that have hard-coded DNS Resolver settings will need to be updated.

‘ If you are running a departmental DNS server, does it perform recursion directly to the Internet root servers? If not, verify that your forwarders have been updated to the new IP addresses. Hint: It they should not generally be using recursion directly to the Internet.

Unaffected systems
Systems you do not have to worry about are.

1. Notebooks and Desktops, or anything else that automatically gets its IP address from DHCP.
2. VDI workstations (these are all configured for DHCP)
3. Devices that do not communicate with anything outside of their local subnet.

Please help us remedy clients, servers, and devices that resolve against DNS 129.63.1.27, 129.63.1.28, or 129.63.1.199 By July 31, 2014

If you have any questions, please contact Kevin Smith at 978.934.4769 or via email at Kevin_Smith@uml.edu

Microsoft Security Alert: Internet Explorer Browser

A very serious security vulnerability has been identified with Microsoft Internet Explorer browsers that could severely impact systems. The vulnerability was classified as a zero-day exploit as there are presently no available patches to address the security flaw. Microsoft is aware of the vulnerability and has released a security advisory to track this issue. Threat actors are actively using this exploit. This is a significant zero-day exploit as the vulnerable versions represent about a quarter of the total browser market. All versions of Microsoft Internet Explorer appear to be vulnerable. UMass Lowell Information Technology (IT) is monitoring the network for signs of this particular exploit. In the meantime, we strongly urge everyone to use other Internet browsers if possible. Examples of browsers to use are Mozilla Firefox, Apple Safari and Google Chrome. If you do not have a secondary Internet browser on your system, please contact the Help Desk and they will assist you in downloading an additional browser.

What else can we do to protect ourselves?

UMass Lowell IT recommends all users refrain from using Internet Explorer at home or at work until an approved patch has been applied. UMass Lowell IT will see that the patch is applied for all Windows systems on Active Directory. You should take the necessary steps to apply the approved patch one it becomes available on all other personally owned Widows devices.

Don’t be lured by Phishing

This particular vulnerability is exploited by visiting nefarious and fraudulent web sites. Remember never, ever click on any link or open any attachment that is sent to you via email unless you know the individual or entity and were expecting the message and the attachment or link.

What if I have a question?

Contact the Help Desk at 978-934-HELP.

If you have additional security concerns, please email itsecurity@uml.edu

Security Notice: Heartbleed Bug Poses OpenSSL Vulnerability

WHEN April 7, 2014, ongoing
WHAT On Monday, April 7, 2014, the OpenSSL Project announced a serious vulnerability in OpenSSL, called Heartbleed, that can expose data on systems running OpenSSL.
OpenSSL is one of the most popular data encryption tools for Web traffic, and as a result, the effects of this vulnerability are wide-ranging.
OpenSSL has released a fix for Heartbleed, included in version 1.0.1g. Server administrators using OpenSSL should update their version immediately either through OpenSSL or their applicable vendor.
WHO IS Server Administrators, General Public
AFFECTED
NEXT STEPSWe recommend that Campus Server Administrators:
1.Update OpenSSL through OpenSSL or your vendor.
A list of vendors and their current status is available through US-CERT:
OpenSSL updates are available through their source page:
2. Generate a new private key for a new SSL certificate.
3. Install a new SSL certificate with the new key.
4. (As applicable) Notify users when service(s) is/are no longer vulnerable.
We recommend that students, faculty, and staff:
1.Do not change any passwords to UMass Central IT services until you receive notice later this week that all IT services have been patched. If you have already changed your password, you will need to change it again after UMass IT confirms that all services have been patched.
For any non-UMass IT services:
1.Do not change your passwords or transmit data to secure Web sites or services that you normally use until you have received an official announcement from them regarding a security update.
2.After you’ve confirmed that the site or service has installed a security update, change your passwords.
3.For at least the next week, monitor your sensitive online accounts (banking, email) for suspicious activity.
RELATED OpenSSL Security Advisory:
OpenSSL Updates:
Codenomicon Summary:
US-CERT Vulnerability Note:

Windows XP Support Discontinued – Security Issue

As of April 8, 2014 Microsoft will discontinue all support for its 12-year-old Windows XP operating system, including security updates (http://windows.microsoft.com/en-us/windows/lifecycle). This poses an information security risk.
By June 30, 2014, all computers on campus running Windows XP need to be updated or removed from the campus network.
IT has identified 225 computers running Windows XP, but there are likely more.
Of greatest concern are the computers that require Windows XP due to hardware compatibility or legacy application dependencies that need to be connected to the internet. If they do need internet connectivity, departments need to work with IT to develop alternate security measures to mitigate any security risk.
The remaining outdated XP computers need to be upgraded to Windows 7 or swapped out with ‘reclaimed’ machines running Windows 7.
If you have a computer in your department running Windows XP, please contact the IT Help Center at 978-934-4357. Or go tohttp://helpdesk.uml.edu, and login with your UMass Lowell credentials. Select “IT Issue”, then select “Windows XP Upgrade.”

Playstation 3 network issue resolved

After significant research and testing, the IT Network group has fixed the issue which caused some older model PlayStation 3 game consoles from seeing the wired and wireless network. All residential students using PS3’s should now be able to connect to the wired and wireless network.
‘ Click here for information on connecting a game console to the wireless network
‘ Click here for information on using a game console in a LAN party
Details (for those who are interested): The affected older model PS3’s use a single set of circuitry for both wired and wireless network connections. It appears that these network interfaces are not following all of the industry standards in terms of wireless signals, specifically the quantity of ‘management’ signals which pass over modern Enterprise-grade wireless networks (such as the one in use at UMass Lowell, although we have found other organizations that have had similar issues). We discovered that the network circuitry (wired and wireless) on these PS3 systems was essentially shutting down as a result of what it interpreted as bad wireless information or too much wireless data. This behavior is highly unusual ‘ no other devices have ever had a problem ‘seeing’ our networks. We disabled a specific management-communication function on our wireless network and this appears to have resolved the issue. Caveat: we may need to re-enable this function at some future time, which may cause the issue again. If this happens, we will communicate the change.
If you have any questions, please contact the University Help Desk or Resident Technical Services (ResTec) in the following manner:
Phone: 978-934-4357
In person:
Lydon Library, first floor, 8:30a ‘ 5:00p (M-F)
O’Leary Library, first floor, 10:00a ‘ 4:00p (M-F)
University Crossing, Mezzanine Level, 8:30a ‘ 5:00p (M-F)
For students in residence halls: ResTec@uml.eduor 978-934-5027, 4:00p-10:00p, (Su-Th)
Regards,
Steve Hall, Director of Networking Services

Faculty & Students embrace lecture capture at UMass Lowell

You’re a college student at the University of Massachusetts Lowell. You just sat through a lecture and know you missed some valuable points. No worries. The session was recorded through Echo360, a lecture capturing tool. In fact, lecture capture at the UMASS Lowell campus continues to expand and has become a mainstream resource for students and faculty.
What started as a resource in one lecture hall to facilitate student achievement in Calculus 1, during the Spring of 2005, has developed into an infrastructure currently installed in over 50% of the classrooms on campus. This semester, 80 classrooms are equipped with the Echo360 lecture capture appliances, and are used by over 100 faculty in 130+ course offerings. Additionally, 75 faculty have installed Personal Capture (PCAP), a software based recording tool, on their personal computers, to facilitate learning module recordings without the need of classroom technology.
Over the past nine years, growth of the system was achieved by including faculty in the process of expansion. Departmental meetings were attended by IT staff to highlight the benefits of the technology for both students and faculty. As more hardware was deployed on campus, yearly student surveys were conducted to determine student usage, satisfaction, and how use of the resource affected their performance in recorded courses. Survey results indicated high student usage, satisfaction, and the desire for expansion. The Executive Team at UMASS Lowell expanded funding for the project and growth has continued each year. ‘College Deans were excited about the system,’ says Michael Lucas, Director of Instructional Technology Services at UML. ‘They acted as project champions during the funding request process to the Executive Team.’
Grant funding was secured from the lecture capture provider, Echo360, and a seed grant project was created to help faculty use recording tools in their course delivery. Grant topics included ‘flipped classrooms’, assessment of student performance, student usage characteristics, and developing blended offerings. 12 grant winners from UMASS Lowell shared their experience during an Echo360 grant recipient luncheon at the conclusion of the funding period. ‘Faculty were once hesitant in adopting lecture capture,’ says Randy Tyndall, Instructional Technologist. ‘Now they are actively contacting our office to schedule their course recordings and many have begun creating their own laptop recordings for a flipped classroom approach.’
Senior UML students now have had the opportunity to use this resource for their entire college career and are comfortable with the system. Usage numbers continue to grow as more faculty use this as a staple in their course delivery. For the past four academic years, usage numbers have increased by at least 10% per year. Fall 2013 statistics indicate an increase of nearly 45% from Fall 2012 (45,000 views in Fall 2012 compared to 67,000 in Fall 2013).
The UMASS President’s office, along with each of the UMASS campuses, has collaborated on a system-wide licensing agreement with Echo360. This new agreement allows for discounted pricing for each campus, lower hardware costs, and a unified capture platform across the system. Future steps may include a centralized storage and distribution infrastructure, which will increase potential savings.
By the Numbers ‘ 2013 Academic Year at a Glance
103,000 student views
220 full course recordings
140 faculty
4000 views per week
570 views per day
Peak usage: Between 9pm and Midnight
10,500 student views between the hours of Midnight and 6am
Check out Echo360
To explore the Echo360 lecture experience, visit the UMass Lowell Lecture Capture web page. Also feel free to contact Michael Lucas for additional information.

Issues with vLabs

UMass Lowell Information Technology has identified an issue in the vLabs virtual computer lab environment where a client may disconnect and the session will be terminated without warning. In consultation with both VMware and Microsoft, we are currently working on a solution and will be rolling out a fix to remedy the issue over the next 24 to 48 hours. In the meantime, it is advisable to frequently save your work to a USB flash drive when using vLabs.

Thank you for your patience as we work to remedy the issue and stabilize the environment. If you have any questions or concerns please don’t hesitate to contact the UMass Lowell Help Center athelp@uml.edu