As part of the initative to protect UAB's assets and inventory servers and workstations, UAB IT is making Microsoft SCCM available at no cost to all areas of campus.

Having all of the asset information on campus managed by a single system is critical to maintaining a secure computing environment. For those areas without any tools UAB IT will work with you to implement SCCM on all systems; for those areas that already have SCCM implemented, we will work with you to integrate your instance with the enterprise; and for those who have implemented a different solution, we will work with you to import information to the Campus SCCM database on a regular basis. 

A kickoff meeting for the initiative will be held at 2 p.m. Thursday, July 9, at the Finley Conference Center.

IT managers should contact UAB IT about who will represent their areas at the kickoff meeting.
Tuesday, 30 June 2015 10:58

Windows Server 2003 to reach end of life

UAB IT is actively working to migrate servers across campus that are using Microsoft Windows Server 2003, which will reach end of life after July 14, 2015, meaning it will be unsupported by Microsoft.

Servers that are not migrated could cause problems with compliance and compatibility as well as increase costs for maintaining aging hardware.

To facilitate this transition, the UAB Enterprise Information Security Office (EISO) is actively working with Windows Server 2003 system owners to ensure a plan is in-place and actively being worked to migrate or retire affected systems.

If your department has affected servers, you should hear from UAB IT staff soon. If you have questions or concerns, call (205) 975-0842 or email datasecurity@uab.edu.

You can request an exception by filling out the Exception Request Form and submitting to AskIT.
UAB and other universities have partnered with one of the premier information security training organizations, the SANS Institute, to offer a number of discounted training opportunities.

UAB departments can purchase online security training vouchers, to be used through SANS OnDemand or Sans vLive training programs, at a significant discount.

OnDemand provides student online courseware and recorded video training so that students can study and complete hands-on labs and quizzes at a convenient time. vLive is a live, online training option; classes typically meet two evenings per week for five or six weeks.

With both options, pricing can include a certification exam attempt for that particular course. Pricing for a SANS voucher is $2,330 for the course alone or $2,959 with a bundled GIAC certification exam.

UAB IT Enterprise Information Security will be placing an order with SANS on behalf of UAB on July 30.

Any organization that wants to be included in this summer's aggregate purchase should e-mail Enterprise Information Security before this date.

A wave of phishing e-mails using false messages about mailbox size has hit UAB, mainly targeting student accounts in an attempt to steal personal information.

The emails warn that recipients’ mailboxes are “almost full” or have reached “90% of your quote,” and urge recipients to click a link to re-validate their mailboxes. UAB will never direct users to a non-UAB web site for anything regarding email or concerning your password.
Phish1Phish2
UAB IT is taking steps to block this phishing attempt, but students, faculty and staff should be on alert.

If you receive an email with a hidden link like “Click Here,” do the hover test. Hover your mouse over the link and look at the lower left pane to see where the link leads.

Look at the URL of the website you are visiting. In the case of this phish you are being redirected to www.didrihsons  .lv/wp-content/wps4/  and not uab.edu.

You should only enter your UAB credentials at UAB .edu web sites.

To report suspected spam to AskIT, please follow the instructions here

Follow these additional tips to avoid being a phishing victim:

  • Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.
  • Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.
  • Verify the address. Malicious web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).
  • Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.
  • If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request.
  • Don’t open attachments. They may contain viruses or malware that can infect your computer.
  • Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.
  • Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555. Hospital employees can call the HSIS Help Desk at 205-934-8888.
Sunday, 31 May 2015 21:57

UAB students target of phone scam

Some UAB students have been targets of a phone scam in which malicious callers make threats about alleged debt, similar to scams seen at universities across the country.

According to UAB IT’s Information Security division, students need to know:

  • No law enforcement body will call them and threaten to arrest them over the phone.
  • The attackers can spoof the police station phone number so the call will look like it is coming from the police station.
  • UAB has not suffered a breach that resulted in this scam.

Tips:

  • Ask to call the “officer” back, take down their number and call the number back.
  • Ask them to meet you at the police station in question.
  • When in doubt, hang up and call the UAB Police Department at 205-934-4434.
  • Do NOT provide Social Security numbers, birth dates or any other personal information.
OpenSSL released a security advisory bulletin on Thursday, March 19, detailing multiple high and moderate severity vulnerabilities in the secure sockets layer library used in Linux and Unix based systems.

The security vulnerabilities have been addressed in the most recent version of OpenSSL and should be available from the standard update channels for Linux distributions at this time. UAB IT encourages all Linux and Unix systems administrators take steps to update their systems during their planned update windows in upcoming weeks. 

More information is available at:

https://openssl.org/  and

http://www.cyberciti.biz/faq/howto-openssl-security-update-cve20150291-cve20150204-cve20150290-cve20150207-cve20150286/
Locking your computer when you leave your desk is just one of the ways to help keep your data secure, according to the March issue of the IT Risk Bulletin, a joint effort of UAB, the University of Alabama, UAB Health System and the University of Alabama-Huntsville.

In fact, “control-alt-delete before your leave your seat” is a reminder for employees to lock their PCs when they leave their desks. Mac users can lock their screens by pressing control-shift-eject at the same time.

Among other rules for security:

• Do not treat your work computer like your home computer.

• Do not use social networking sites like Facebook without proper privacy settings.

• Do not download shareware or freeware — free software — from suspicious Web sites.

• Do not allow your browser to remember passwords to secure sites like online banking or PayPal.

For more security tips and to see past issues of the bulletin, click here.

Wednesday, 18 February 2015 11:13

Keep your mobile phone secure

Since most people have their cell phones just about permanently attached these days, it’s easy to forget that we need to keep them secure.

The February edition of the IT Risk Bulletin, a joint effort of UAB, the University of Alabama, UAB Health System and the University of Alabama-Huntsville, provides dos and don’ts for phone and mobile device security.

Dos

• Enable security access.

• ONLY give your number out to people you know and trust.

• Use caller ID to block names and numbers of individuals you do not want to contact you.

• Delete emails that contain confidential or internal use information from your phone.

Don’ts

• Do NOT store confidential information on the phone, such as PIN numbers and credit card numbers.

• Do NOT take pictures or videos of anyone with your phone, or allow them to be taken of you, without permission.

• Never reply to text messages from people you don’t know and avoid in-person meetings with someone you know only through text messaging.

For more dos and don'ts and to see past issues of the bulletin, click here.

Monday, 26 January 2015 19:08

Phishing attempt hits UAB e-mail accounts

An e-mail sent to UAB accounts with the subject line “Your Email Account” appears to be a phishing attempt designed to steal personal information. The body of the e-mail includes the words "Security info replacement."

UAB IT is taking steps to prevent the further dissemination of e-mails from this sender, but reminds UAB employees remain vigilant to potential phishing scams.


The email asks users to click a link and enter their account information. UAB IT will never ask for account information in an e-mail.

spam
To report suspected spam to AskIT, please follow the instructions here

Follow these additional tips to avoid being a phishing victim:

• Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.

• Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.

• Verify the address. Malicious Web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).

• Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.

• If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request. 

• Don’t open attachments. They may contain viruses or malware that can infect your computer.

• Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.

• Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555.  Hospital employees can call the HSIS Help Desk at 205-934-8888.




Logging onto a public WiFi network might be convenient, but it can also be dangerous. Learn tips to protect yourself in to the latest issue of the IT Risk Bulletin.

The January issue of the bulletin, a joint effort of the of UAB, the University of Alabama, UAB Health System and the University of Alabama-Huntsville, provides dos and don'ts for joining a WiFi network.

Among the tips:

Dos
  • Before joining a network, ask an employee the official name of the business' WiFi. Be sure you are connected to the right WiFi spot and not a rogue location.
  • Select a secure WiFi network that requries a password to connect. A secure connection is indicated by an icon that looks like a lock.
  • Stay up-to-date with your antivirus software, applications and your system's security patches, especially before traveling.

Don'ts
  • Do NOT conenct to an unknown WiFi network.
  • Do NOT pay bills, access bank accounts or make purchases over public WiFi.
  • In Windows 7, do NOT select anything other than Public Network when setting a network location. Public Network blocks file and print sharing and turns off network discovery. This can be disabled in Mac OS X.

For more dos and don'ts and to see past issues of the bulletin, click here.