The past week we’ve seen how easy it is to lose something, whether it’s property or important information. It remains crucial to have a backup plan – literally.
To ensure you have peace of mind, make a habit of backing up your data on a regular basis. Choose one day a week when things are a little less chaotic than usual, maybe a Friday and make an appointment in your diary to do a weekly backup.
Try not to overwrite your previous backup. Rather make consecutive copies in various folders on your external hard drive or on your network space and name each with the particular day’s date. If any of the documents become corrupt for some reason, you can always fall back on a previous version.
For official, university or work-related documents, your safest backup choice would be your network drive (usually the h-drive) or the departmental network drive (usually the g-drive). You have 1GB at your disposal to backup your most critical documents. At an extra cost of R10-00 per 1GB this space can also be increased. This network space is also available via the web at storage.sun.ac.za if you find yourself away from the SU network.
The departmental drive can be used for files used by more than one person and 15GB is allocated to each department. SharePoint can also be used by groups for sharing documents.
If you choose to have your data closer at hand, get yourself an external hard drive or even dvd’s (although the amount of data you can save on dvd is a bit limited). Just ensure that these devices are stored somewhere else (not also in your office) or in a safe. If confidential, US documents are kept on an external hard drive, files have to be protected with a password or encrypted. Keep in mind that if you DO lose the password, not even IT can salvage your data.
Never save important data on a flashdrive – it’s sole function is for transporting data from one device to another and is not a dependable medium for backup. If you do save data on it, make sure you have an additional backup method as well.
Regularly check that the medium on which you made your backup is still in working order and you’re able to access your documents. For the same reason use more than one backup medium, for example your network space AND an external hard drive.
Lastly cloud storage can be used, but ONLY for private information. No academic or sensitive information is to be saved on the cloud. Read more on cloud storage in our previous articles.
Die afgelope week het ons gesien hoe maklik en vinnig iets verlore kan gaan – of dit eiendom of belangrike inligting is. Daarom is dit nou, meer as ooit, krities om `n rugsteun plan te hê.
Om seker te maak jy slaap rustig saans, maak `n gewoonte daarvan om jou data op `n gereelde basis te rugsteun. Kies een dag in die week wanneer jou werksdag minder bedrywig is en skeduleer `n tyd in jou dagboek om jou weeklikse rugsteun te doen.
Probeer om nie jou vorige rugsteundokumente te oorskryf nie, maar maak eerder opvolgende kopieë in verskillende leêrs met die dag se datum op jou eksterne hardeskyf of netwerkspasie. Indien enige van die dokumente om een of ander rede korrup raak, kan jy altyd terugval op `n ouer weergawe.
Vir amptelike, universiteit en werksverwante dokumente is die veiligste rugsteunopsie jou netwerkspasie (gewoonlik die h-skyf) of die departementele netwerkspasie (gewoonlik die g-skyf). Jy het 1GB tot jou beskikking om jou mees kritiese dokumente op te rugsteun. Teen `n ekstra koste van R10-00 per 1GB kan hierdie spasie ook vergroot word. Jou netwerkspasie is ook beskikbaar via die internet by storage.sun.ac.za as jy nie op kampus is nie.
Die departementele netwerkspasie kan gebruik word vir leêrs waartoe meer as een persoon toegang moet hê en 15GB word toegeken per departement. SharePoint se Teamsites kan ook gebruik word vir die deel van dokumente deur `n groep persone.
Indien jy verkies om jou data binne bereikafstand te hê, skaf `n eksterne hardeskyf aan of selfs DVD’s (alhoewel die hoeveelheid data beperk is op DVD’s) Maak net seker dat hierdie toestelle elders (NIE in jou kantoor nie) of in `n kluis gestoor word. Indien konfidensiële, sensitiewe dokumente op `n eksterne hardeskryf gestoor word, moet dit beskerm word met `n wagwoord, geënkripteer word of weggesluit word. Onthou net dat, as jy die wagwoord verloor, selfs IT nie jou data vir jou kan terugkry nie.
Moet nooit belangrike data op `n flitsgeheuestokkie bêre nie – die funksie daarvan is vir die vervoer van data tussen toestelle en dis nie `n betroubare rugsteun metode nie. As jy dit wel gebruik, sorg dat jy `n addisionele rugsteuntoestel ook gebruik.
Gaan gereeld jou rugsteuntoestelle na en maak seker jou inligting is nog veilig en toeganklik. Om hierdie rede is dit altyd goeie beleid om meer as een metode te gebruik, byvoorbeeld `n eksterne hardeskyf, sowel as jou netwerkspasie.
As `n laaste opsie kan die “cloud” gebruik word, maar SLEGS vir privaatinligting. Geen akademiese of sensitiewe informasie mag op die wolk gestoor word nie. Lees ons vorige “cloud”-berging artikels.
CBT Locker virus on campusCBT Locker ransomware op kampus
Wednesday, February 18th, 2015A growing number of incidents of the CBT Locker virus, which has more than 50 variants, has been spotted on campus. This virus is also considered ransomware and infects your PC when you visit lesser known websites and particularly if you download games and movies.
The ransomware copies all the data on your harddrive, encrypts and deletes it and you’re left with gibberish. A ransom fee is demanded, but the odds that you’ll get your data back at all, are slim.
There is no way to recover data if your PC has been attacked by one of the the Locker viruses.
• DO NOT open .ZIP attachments unless specifically requested from the sender. View the email header or send a separate email to validate the sender before opening attachments.
• Regularly back up data to your network space or an external hard drive. Data residing on user devices will be permanently lost in the event of a ransomware
• DO NOT click embedded hyperlinks in email. Although the Crypto Locker ransomware threat is normally sent as an attached .ZIP file, ransomware has been downloaded from opening malicious websites.
• Stay away from unknown, suspicious websites offering game or movie downloads and torrents and DO NOT click on any pop-ups.
• Report suspect email to sysadm@sun.ac.za.
Toenemende insidente van die CBT Locker virus, waarvan daar meer as 50 variante bestaan, word tans op kampus waargeneem. Hierdie virus word ook beskou as ransomware, en beland op jou rekenaar as jy minder bekende webwerwe besoek en byvoorbeeld speletjies of flieks aflaai.
Die ransomware kopieer alle data op jou hardeskyf, enkripteer en vee dit uit en slegs `n gebrabbel bly oor. `n Losprys word geëis as jy jou data wil terughê, maar die kans vir herwinning is skraal.
Daar is geen manier waarop die data teruggkry kan word as jou rekenaar besmet is met een van die Locker-virusse nie.
• MOENIE .ZIP aanhangsels oopmaak tensy spesifiek so versoek deur die sender nie. Kyk eers na die e-pos se hofie en stuur `n aparte e-pos om die sender te bevestig voordat jy die aanhangsel bloot oopmaak.
• Rugsteun jou data op `n gereelde basis na `n eksterne hardeskyf of jou netwerkspasie. Data op gebruikers se toestelle sal permanent verlore wees as dit besmet word deur ransomware.
• MOENIE op hiperskakels in e-posse kliek nie. Alhoewel die Crypto Locker ransomware soms deur minder van `n aangehegte .ZIP leêr gestuur word, kan dit ook afgelaai word deur skadelike webwerwe te besoek.
• Bly weg van onbekende, suspisieuse webwerwe en torrents wat speletjies of flieks aanbied en MOENIE op enige pop-ups kliek nie.
• Meld suspisieuse e-posse aan by sysadm@sun.ac.za
Outwit phishing attemptsFnuik phishing-pogings
Friday, February 13th, 2015Over the past two weeks we’ve already recorded at least three incidents where phishing e-mails were sent to SU staff. Although we try to warn users against specific e-mails and block these e-mails on server level as soon as we’re aware of them, it’s almost impossible to protect e-mail users against each and every fraudulent e-mail.
The responsibility lies with the e-mail user in recognising the tell-tale signs and establishing whether it’s a phishing e-mail or not. Unfortunately 99% of the time it is and if you’re ever in doubt over clicking on a link, rather don’t. Go directly to the institution’s website and log in from there or contact the company or bank to confirm whether they sent it.
The latest example of such an e-mail is an e-mail which seems to be from Discovery and (of course) promises a reward. This is also a way to entice you into clicking on the links. Also look out for bad spelling, grammar and formatting. The links may look convincing, but when you move the mouse over them, are they really Discovery’s website links? By merely noticing this, you can immediately confirm that this is indeed an attempt at phishing. More hints on recognising fraudulent e-mails can be found here.
Immediately delete the e-mail and don’t click on the links or fill in any information. If you’ve supplied your info, immediately change your password and PIN and contact the institution to inform them of the breach. You can also send an e-mail to sysadm@sun.ac.za with the subject SPAM and attach the suspect e-mail. IT system administrators will then be able to block the e-mail and protect other staff against it.
EXAMPLE OF “PHISHING” E-MAIL:
| FROM: DiscoveryCard <discoverycards@discovery.co.za> SUBJECT: DiscoveryCard: 09 Feb:- Last chance to redeem your 7000 Discovery miles Point — Attention Valued Customer, Your Discovery Card was credited with 7000 Miles (R700) as a reward for been a loyal customer last 2 weeks today ( Final notice) , but you did not claim it, we are giving you another chance. Follow the instructions below:-
Regards, Discovery Miles Team
|
Stuur ‘n e-pos aan sysadm@sun.ac.za met Subject: SPAM en heg dan die verdagte e-pos met Insert Item aan.
Binne die afgelope twee weke was ten minste reeds 3 insidente waar phishing e-posse na US-personeel gestuur is. Alhoewel ons telkens gebruikers probeer waarsku teen spesifieke e-posse en dit ook, sodra ons bewus is daarvan, blokkeer op bedienervlak, is dit bykans onmoontlik e-posgebruikers teen elke moontlike aanval te beskerm.
Die onus berus by die e-posgebruiker om uit te kyk vir die gevaartekens en self te bepaal of dit wel pespos is. Ongelukkig is dit wel 99% van die tyd en as jy enigsins twyfel of jy op `n skakel moet kliek, moet dit liewer nie doen nie. Gaan direk na die instansie se webblad en teken van daar aan of skakel eerder die maatskappy of bank self om te bevestig.
Die nuutste voorbeeld hiervan is `n e-pos wat voorkom of dit van Discovery kom en natuurlik iets belowe – hoe anders sal hulle jou dan kan vang? Kyk ook uit vir slegte spelling, grammatika en formatering. Die skakels mag oortuigend lyk, maar as jy met jou muis daaroor beweeg, is dit regtig Discovery se webadres. Bloot uit hierdie twee observasies, kan jy dadelik vasstel dat dit `n phishing-poging is. Lees meer oor hoe om hierdie tipe e-posse uit te ken hier.
Vee die e-pos dadelik uit en moenie op enige skakels kliek of enige inligting invul nie. Indien jy dit wel gedoen het, verander onmiddellik jou wagwoord en PIN-nommer en kontak die instansie self. Jy kan ook ‘n e-pos aan sysadm@sun.ac.za met die Subject: SPAM stuur en die verdagte e-pos met Insert Item aanheg. Sodoende kan IT se stelseladministrateurs die e-pos blok en ander personeel daarteen beskerm word.
VOORBEELD VAN “PHISHING” E-POS:
|
FROM: DiscoveryCard <discoverycards@discovery.co.za> — Attention Valued Customer, Your Discovery Card was credited with 7000 Miles (R700) as a reward for been a loyal customer last 2 weeks today ( Final notice) , but you did not claim it, we are giving you another chance. Follow the instructions below:-
Regards, Discovery Miles Team
|
Phishing alert
Monday, February 2nd, 2015Please take note that there’s a new phishing attack on sun e-mail addresses. We’ve blocked it on server level, so users should not receive the suspicious e-mail.
If you receive an email claiming to be from the IT department (see example below), do not open it or click on any of the links.
This is a phishing email attempting to acquire your passwords and other information. Immediately delete the email and do not reply to it.
IT e-mails will always be in the same format with IT’s name, correct contact details, the SU logo and and English and Afrikaans version. Please read our guidelines on how to distinguish between an offical e-mail and a phishing e-mail HERE.
From: Stellenbosch University [mailto:abiederm@kent.edu]
Sent: 31 January 2015 11:13
Subject: Dear Stellenbosch University Email user
—
Dear Stellenbosch University Email user,
Due to database maintenance equipment that is happening in our Stellenbosch University mail message center. Our Stellenbosch University message center must be reset due to the large number of spam messages we receive daily in our database. The maintenance of quarantine will help us avoid this dilemma every day and with the new improved software will provides our Stellenbosch University Email users with a secure mail system and new security system to protect our users from getting their Stellenbosch University accounts being hacked.
To validate your Stellenbosch University Email mailbox, kindly CLICK LINK http://webmaintance.weebly.com. to visit the Stellenbosch University
customer secure LINK specified on this email and fill out the account validation form to validate your Stellenbosch University email powered account:
Thanks,
All rights reserved © 2007 – 2009 Stellenbosch University
Private Bag X1, Matieland, 7602, Stellenbosch, South Africa
Security threat successfully prevented through upgradesSekuriteitsbedreiging suksesvol afgeweer dmv opgraderings
Friday, December 12th, 2014The University’s systems, in particular the SUN-e-HR human resources system and selected portal applications, have been unstable over the past two weeks and inaccessible during this week. This was caused by a computer security threat which placed a high risk on our systems. However, the risk has now been averted and we can give more feedback on the initial problem.
The cause is the so-called “Poodle man-in-the-middle vulnerability” (see http://en.wikipedia.org/wiki/POODLE, https://securityblog.redhat.com/2014/10/20/can- ssl-3-0-be-fixed-an-analysis-of-the-Poodle-attack /).
Poodle is a vulnerability in computer systems that expose it to potential break-ins. This was discovered in the US in September and the first evidence of it’s existence was when Google adapted it’s Chrome and Mozilla it’s Firefox web browsers to withdraw the outdated SSL3 encryption, which posed the threat.
The direct result for the University was that Chrome and Firefox users could no longer access the SUN-e-HR system or portal applications. For example, students could not access their exam results and staff weren’t able to apply for leave.
We had no control over this. Chrome and Firefox were automatically updated by Google and Mozilla respectively.
Oracle released updates (“patches”) to address their part of the risk. In cases like these IT has no choice but to install the patches. The risk when not installing them is too great. At this stage users mostly had no access to systems already due to Chrome and Mozilla without SSL 3.
The upgrade was first tested in a development environment, and during a scheduled maintenance weekend (6/7 December) put into production. The upgrade’s installation went smoothly and has been tested as thoroughly as possible before the start of the week.
What we could not foresee, is that the Oracle upgrade would break Oracle’s own program code and configuration optimisations – this only became evident under the load when in production. Due to this, any process requiring an Oracle login, failed.
IT systems staff worked through the night and, with the assistance of Oracle, tried to locate the cause. It was first identified on Thursday, December 11 and could then be corrected within two hours.
The impact of the upgrade on staff and students was larger than expected. If the upgrade would have been postponed until after recess, the error would have only occurred a week before registration, which would have caused a bigger crisis.
It is not possible to schedule upgrades of this magnitude in recess time due to the interdependence of systems and the amount of people needed for installation and testing – from system administrators to users.
Today’s computer systems are significantly more complex than a decade ago. The result is that errors are inevitable.
We can only, to the best of our abilities, try and manage incidents like these. We learn from our mistakes – and the most important part is to communicate. IT will also implement an alternative backup plan for the future.
Thank you for your understanding and support.
Die Universiteit se stelsels, en spesifiek die SUN-e-HR menslike hulpbronstelsel asook die portaal, was die afgelope week of twee onstabiel en die grootste deel van hierdie week buite aksie weens ‘n rekenaar sekuriteitsbedreiging – wat ‘n groot risiko op ons stelsels geplaas het. Die risiko is nou afgeweer en ons gee graag meer agtergrond:
Die oorsaak is die sogenaamde “Poodle man-in-the-middle vulnerability” (sien http://en.wikipedia.org/wiki/POODLE, https://securityblog.redhat.com/2014/10/20/can-ssl-3-0-be-fixed-an-analysis-of-the-poodle-attack/ ).
Dit is ‘n leemte in rekenaarstelsels wat dit blootstel aan inbrake. Dis in September 2014 in die VSA ontdek en van die eerste gevolge was dat Google hul Chrome webblaaiers en Mozille hul Firefox aangepas het om die verouderde SSL3 enkripsie, wat groot leemtes het, te onttrek .
Die direkte gevolg vir die Universiteit was dat Chrome en Firefox gebruikers nie meer die SUN-e–HR stelsel of portaal sou kon gebruik nie. Studente kon byvoorbeeld nie by hulle punte kom nie, en personeel nie verlof insleutel nie. Ons het geen beheer hieroor gehad nie. Chrome en Firefox is outomaties deur Google en Mozilla onderskeidelik aangepas.
Oracle het opgraderings (“patches”) vrygestel wat hulle deel van die risiko aanspreek. IT het in sulke gevalle nie ‘n keuse nie – ons moet dit installeer. Die risikos is te groot om dit nie te installeer. Gebruikers het op daardie stadium grootliks nie meer toegang tot die stelsels gehad nie (weens Chrome en Mozilla sonder SSL 3).
Die opgradering is eers op die ontwikkelingsomgewing getoets en daarna tydens ‘n geskeduleerde onderhoudsnaweek (6/7 Desember) op produksie uitgevoer. Die opgradering se installasie het goed verloop en is so deeglik as moontlik getoets voor die begin van die week.
Wat ons nie kon voorsien, is dat die Oracle opgradering Oracle se eie program kode en opstelling optimisasies sou breek – wat eers onder produksielas sigbaar geword het.
Die simptome was dat enige proses wat die Oracle login gebruik, gefaal het. IT se stelselpersoneel het nagte deurgewerk en met die hulp van Oracle die oorsaak probeer opspoor. Dit is eers op Donderdag 11 Desember geïdentifiseer en kon daarna binne 2 ure reggestel word.
Die impak van die opgradering was groter as verwag, op personeel, sowel as op studente. Sou die opgradering egter uitgestel word tot na die resestyd, sou die fout ‘n week voor registrasie sigbaar geword het en was dit ‘n veel groter krisis. Dit is egter nie meer moontlik om sulke werk in die resestyd te doen omdat die interafhanklikheid van stelsels ‘n groot span mense kort vir die installasie en toets; vanaf stelseladministrateurs tot gebruikers.
Vandag se rekenaarstelsels is aansienlik meer kompleks as ‘n dekade gelede. Die gevolg is dat foute onvermydelik voorkom.
Ons kan net na die beste van ons vermoëns rondom dit bestuur. Ons leer uit ons foute – en kommunikasie is kardinaal. IT gaan egter ook ‘n beter noodplan vir sulke gevalle ontwikkel.
Dankie vir die begrip en ondersteuning.