Language:
SEARCH
  • Recent Posts

  • Categories

  • Archives

Security

Time for backups

Friday, February 27th, 2015

The past week we’ve seen how easy it is to lose something, whether it’s property or important information. It remains crucial to have a backup plan – literally.

To ensure you have peace of mind, make a habit of backing up your data on a regular basis. Choose one day a week when things are a little less chaotic than usual, maybe a Friday and make an appointment in your diary to do a weekly backup.

Try not to overwrite your previous backup. Rather make consecutive copies in various folders on your external hard drive or on your network space and name each with the particular day’s date. If any of the documents become corrupt for some reason, you can always fall back on a previous version.

For official, university or work-related documents, your safest backup choice would be your network drive (usually the h-drive) or the departmental network drive (usually the g-drive). You have 1GB at your disposal to backup your most critical documents. At an extra cost of R10-00 per 1GB this space can also be increased. This network space is also available via the web at storage.sun.ac.za if you find yourself away from the SU network.

The departmental drive can be used for files used by more than one person and 15GB is allocated to each department. SharePoint can also be used by groups for sharing documents.

If you choose to have your data closer at hand, get yourself an external hard drive or even dvd’s (although the amount of data you can save on dvd is a bit limited). Just ensure that these devices are stored somewhere else (not also in your office) or in a safe. If confidential, US documents are kept on an external hard drive, files have to be protected with a password or encrypted. Keep in mind that if you DO lose the password, not even IT can salvage your data.

Never save important data on a flashdrive – it’s sole function is for transporting data from one device to another and is not a dependable medium for backup. If you do save data on it, make sure you have an additional backup method as well.

Regularly check that the medium on which you made your backup is still in working order and you’re able to access your documents. For the same reason use more than one backup medium, for example your network space AND an external hard drive.

Lastly cloud storage can be used, but ONLY for private information. No academic or sensitive information is to be saved on the cloud. Read more on cloud storage in our previous articles.

CBT Locker virus on campus

Wednesday, February 18th, 2015

A growing number of incidents of the CBT Locker virus, which has more than 50 variants, has been spotted on campus. This virus is also considered ransomware and infects your PC when you visit lesser known websites and particularly if you download games and movies.

The ransomware copies all the data on your harddrive, encrypts and deletes it and you’re left with gibberish. A ransom fee is demanded, but the odds that you’ll get your data back at all, are slim.

There is no way to recover data if your PC has been attacked by one of the the Locker viruses.

• DO NOT open .ZIP attachments unless specifically requested from the sender. View the email header or send a separate email to validate the sender before opening attachments.
• Regularly back up data to your network space or an external hard drive. Data residing on user devices will be permanently lost in the event of a ransomware
• DO NOT click embedded hyperlinks in email. Although the Crypto Locker ransomware threat is normally sent as an attached .ZIP file, ransomware has been downloaded from opening malicious websites.
• Stay away from unknown, suspicious websites offering game or movie downloads and torrents and DO NOT click on any pop-ups.
• Report suspect email to sysadm@sun.ac.za.

Outwit phishing attempts

Friday, February 13th, 2015

Over the past two weeks we’ve already recorded at least three incidents where phishing e-mails were sent to SU staff. Although we try to warn users against specific e-mails and block these e-mails on server level as soon as we’re aware of them, it’s almost impossible to protect e-mail users against each and every fraudulent e-mail.

The responsibility lies with the e-mail user in recognising the tell-tale signs and establishing whether it’s a phishing e-mail or not. Unfortunately 99% of the time it is and if you’re ever in doubt over clicking on a link, rather don’t. Go directly to the institution’s website and log in from there or contact the company or bank to confirm whether they sent it.

The latest example of such an e-mail is an e-mail which seems to be from Discovery and (of course) promises a reward. This is also a way to entice you into clicking on the links. Also look out for bad spelling, grammar and formatting. The links may look convincing, but when you move the mouse over them, are they really Discovery’s website links? By merely noticing this, you can immediately confirm that this is indeed an attempt at phishing. More hints on recognising fraudulent e-mails can be found here.

Immediately delete the e-mail and don’t click on the links or fill in any information. If you’ve supplied your info, immediately change your password and PIN and contact the institution to inform them of the breach. You can also send an e-mail to  sysadm@sun.ac.za with the subject SPAM and attach the suspect e-mail. IT system administrators will then be able to block the e-mail and protect other staff against it.

 

EXAMPLE OF “PHISHING” E-MAIL:

FROM: DiscoveryCard <discoverycards@discovery.co.za>
SUBJECT: DiscoveryCard: 09 Feb:- Last chance to redeem your 7000 Discovery miles Point

Attention Valued Customer,

Your Discovery Card was credited with 7000 Miles (R700) as a reward for been a loyal customer last  2 weeks today ( Final notice) , but you did not claim it, we are giving you another chance. Follow the instructions below:-

  1. Click this link http://www.discovery.co.za/portal/individual/login 
  2. Then enter your www.discovery.co.zaUsername and Password and click login
  3. Update your Discovery Credit Card  details and click update after you have completed it( Note:-Do not fail to enter the full details correctly, because the system will credit the R700 on the card details entered).

Regards,

Discovery Miles Team

 

 

Stuur ‘n e-pos aan sysadm@sun.ac.za met Subject: SPAM en heg dan die verdagte e-pos met Insert Item aan.

 

 

Phishing alert

Monday, February 2nd, 2015

Please take note that there’s a new phishing attack on sun e-mail addresses. We’ve blocked it on server level, so users should not receive the suspicious e-mail.

If you receive an email claiming to be from the IT department (see example below), do not open it or click on any of the links.

This is a phishing email attempting to acquire your passwords and other information. Immediately delete the email and do not reply to it.

IT e-mails will always be in the same format with IT’s name, correct contact details, the SU logo and and English and Afrikaans version. Please read our guidelines on how to distinguish between an offical e-mail and a phishing e-mail HERE.

 

 

From: Stellenbosch University [mailto:abiederm@kent.edu]
Sent: 31 January 2015 11:13
Subject: Dear Stellenbosch University Email user

Dear Stellenbosch University Email user,

Due to database maintenance equipment that is happening in our Stellenbosch University mail message center. Our Stellenbosch University message center must be reset due to the large number of spam messages we receive daily in our database. The maintenance of quarantine will help us avoid this dilemma every day and with the new improved software will provides our Stellenbosch University Email users with a secure mail system and new security system to protect our users from getting their Stellenbosch University accounts being hacked.

To validate your Stellenbosch University Email mailbox, kindly CLICK LINK  http://webmaintance.weebly.com. to visit the Stellenbosch University

customer secure LINK specified on this email and fill out the account validation form to validate your Stellenbosch University email powered account:

 

Thanks,

All rights reserved © 2007 – 2009 Stellenbosch University

Private Bag X1, Matieland, 7602, Stellenbosch, South Africa

 

Security threat successfully prevented through upgrades

Friday, December 12th, 2014

The University’s systems, in particular the SUN-e-HR human resources system and selected portal applications, have been unstable over the past two weeks and inaccessible during this week. This was caused by a computer security threat which placed a high risk on our systems. However, the risk has now been averted and we can give more feedback on the initial problem.

The cause is the so-called “Poodle man-in-the-middle vulnerability” (see http://en.wikipedia.org/wiki/POODLE, https://securityblog.redhat.com/2014/10/20/can- ssl-3-0-be-fixed-an-analysis-of-the-Poodle-attack /).

Poodle is a vulnerability in computer systems that expose it to potential break-ins. This was discovered in the US in September and the first evidence of it’s existence was when Google adapted it’s Chrome and Mozilla it’s Firefox web browsers to withdraw the outdated SSL3 encryption, which posed the threat.

The direct result for the University was that Chrome and Firefox users could no longer access the SUN-e-HR system or portal applications. For example, students could not access their exam results and staff weren’t able to apply for leave.

We had no control over this. Chrome and Firefox were automatically updated by Google and Mozilla respectively.

Oracle released updates (“patches”) to address their part of the risk. In cases like these IT has no choice but to install the patches.  The risk when not installing them is too great. At this stage users mostly had no access to systems already due to Chrome and Mozilla without SSL 3.

The upgrade was first tested in a development environment, and during a scheduled maintenance weekend (6/7 December) put into production. The upgrade’s installation went smoothly and has been tested as thoroughly as possible before the start of the week.

What we could not foresee, is that the Oracle upgrade would break Oracle’s own program code and configuration optimisations – this only became evident under the load when in production. Due to this, any process requiring an Oracle login, failed.

IT systems staff worked through the night and, with the assistance of Oracle, tried to locate the cause. It was first identified on Thursday, December 11 and could then be corrected within two hours.

The impact of the upgrade on staff and students was larger than expected. If the upgrade would have been postponed until after recess, the error would have only occurred a week before registration, which would have caused a bigger crisis.

It is not possible to schedule upgrades of this magnitude in recess time due to the interdependence of systems and the amount of people needed for installation and testing – from system administrators to users.

Today’s computer systems are significantly more complex than a decade ago. The result is that errors are inevitable.

We can only, to the best of our abilities, try and manage incidents like these. We learn from our mistakes – and the most important part is to communicate. IT will also implement an alternative backup plan for the future.

Thank you for your understanding and support.

 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.