AC&N Security Alerts

AC&N General Security Recommendations:

Download and apply software updates and/or patches from the vendor's web site(s). Vendors do not send patches via email; these types of communications are usually generated by viruses or criminals. Some of these viruses are just annoying, but others may install software on your system without your knowledge. Some software can send every keystroke, including passwords, account numbers and the answers to security questions, back to the criminals. Other software can cause systems to crash or participate, without your knowledge, in a Denial of Service (DoS) attack against another web site.

Do not download and/or install attachment files that you receive via email unless you are expecting it, even if it appears to come from someone you know and trust. You can always call that person and ask them if they did, indeed, send you an email with a file attached.

If you have subscribed to an email service that sends notices of new updates available from a specific vendor or security service, those emails would be legitimate.
Install, configure and update antivirus software and regularly update the definition files. Antivirus software can only protect a system against what it "knows" about; updated definitions are the way this "knowledge" is kept current. For active members of the CSM community who have installed, or wish to install, CSM Symantec Antivirus (http://www.mines.edu/academic/computer/antivirus/) it will automatically configure itself to update upon install, then check for and apply those updates (if necessary) whenever the system is connected to the Internet. Labs, faculty machines, staff machines, and student machines managed by AC&N are updated by AC&N personnel.
Beware of Spoofing - Remember that CSM, including AC&N, or any other legitimate holders of personally identifiable information, Social Security numbers, credit and bank account numbers, or birth date will never request that you reveal such information via the Internet, an email or telephone. Such requests are generated by criminals with the objective of stealing the information and an individual's identity.
Check AC&N's security-related FAQ links regularly.

Antivirus and Security Related Links:

BreakTheChain.org - Stopping junk e-mail and Internet misinformation (http://breakthechain.org/)

CERT - CERT Coordination Center (http://www.cert.org/)

CVE - Common Vulnerabilities and Exposures (http://cve.mitre.org/)

Internet Storm Center - Tracking the Internet Threat Level and Diary from Today's Handler (http://isc.incidents.org/)

National Vulnerability Database - National Institute of Standards and Technology (http://nvd.nist.gov/)

SANS - Software and Network Security (http://www.sans.org/) Top 20 Vulnerabilities

Security Focus (http://www.securityfocus.com/)

Symantec - Antivirus Software and Virus Removal Tools (http://www.symantec.com/index.jsp)

McAfee- Antivirus Software and Virus Removal Tools (http://us.mcafee.com/virusInfo/default.asp?WWW_URL=www.mcafee.com/anti-virus/default.asp)

MSRC - Microsoft Security Response Center

Operating System and Software Update Links:

Adobe - Update site (http://www.adobe.com/downloads/updates/?ogn=EN_US-gntray_dl_updates)

Apple - OS X automatically checks weekly for software updates, but even if you don't have an Apple OS, patch Quicktime and I-tunes. (http://www.apple.com/softwareupdate/)

Microsoft - Manual or automatic updating of Operating System and other Microsoft Software, like Office (http://update.microsoft.com)

Linux - Redhat updates (http://www.redhat.com/security/updates/)

Academic Computing & Networking: Services