1.Next Meeting: Wednesday, Oct 19, 2005 @ 2:00pm in FND-204
2. Overview of our campus security initiatives – Steve La introduced Maryann Rozanski, the campus Information Security Officer. Maryann gave an overview of legal issues that are pushing the campus towards a number of initiatives. She said that it is the University’s responsibility to protect personal information that it has within its files. She stated that over half of all identity theft victims are from colleges and universities. She further stated the steps that need to be taken after a breach of personal information has occurred. She then outlined the penalties assessed with each breach of privacy. Maryann told everyone that her office and Steve La’s office are working together to help minimize the amount of information that can be breached on campus. She then clarified what is actually considered confidential information.
To learn more about this important subject, please go to the CSULB Information Security Web Site
3. Major topic: Information Security – Steve started this subject by saying that users need to understand that if they are storing confidential information on their local hard drive, that information has to be encrypted. He said that one of his greatest concerns right now are USB drives because it is extremely difficult to manage or secure. His recommendation is, if you chose to use a USB drive device, make it the type that uses a built-in software or hardware encryption.
His next topic was on the subject of Microsoft patches. He said in the past users have been reluctant to reboot their machines after a level 3 security patch has been released. Therefore it has been made policy that a user’s machine will be rebooted within 60 minutes after the patch is done loading.
He then discussed software downloading. He said the new policy prohibits any downloading of software from the Internet. All exceptions must be approved by the appropriate administrator.
Steve then noted that all Windows workstations need to be upgraded to XP and all Windows servers need to be upgraded to Windows Server 2003. The majority of the machines that were compromised in the last incident were Windows 2000 machines. Microsoft is focusing their resources to enhance security in both Windows XP and Windows Server 2003. The hardware requirements for Windows XP are similar to Windows 2000 so it won’t be necessary to upgrade the desktop. He said that all machines in DAF will be upgraded to XP by Christmas 2005. The exceptions to the rule would be machines that run highly specialized software and cannot connect to the internet or do not have sensitive information on them.
Steve’s next topic was encrypting the desktop. Steve gave examples of problems we currently face when a machine is surveyed out. Specifically, how to deal with hard drives that may contain sensitive information. After running through several scenarios on how to destroy the data on the hard drive, Steve introduced the idea of full disk encryption. Data encryption not only makes the hard drive unreadable for surveyed machines but it also adds a layer of security against any compromises.
Next, several methods of destroying data on hard drives for surveyed machines were discussed. It was again mentioned that whole disk encryption would resolve this issue but would not be the end all, be all, solution.
4. Progress Report: Data Storage Update – Matt stated that the update to NetApp was completed with minimal disruption and campus internet accts are now 100mb. Employees can get a quota increase by sending a message to net-help@csulb.edu.
5. Progress Report: NAV development – SAV 10.01 is available and can be acquired either through an e-mail to Eli Shubin or through the Horn Center. Eli requested that any Technical Coordinators that have Mac users to send him a headcount of Macs so we can distribute Mac media out to the group.
6. Progress Report: Email Security development – Matt stated that the deployment of the BrightMail email security solution has been completed. BrightMail was selected because it’s low false positive reporting. Matt gave instructions on how to report false positives and that very specific instructions need to be followed when doing so. Matt also suggested an antivirus multi-tiered approach to scanning e-mail. A desktop solution should be used in addition to Brightmail to further ensure effective e-mail antivirus protection..
Matt then explained that the maximum attachment size for any e-mail is 6mb. This unfortunately cannot be adjusted per individual user. Due to the recent storage expansion, Steve will be working with the other groups (CMS, Academic Affairs) on campus to expand this e-mail attachment limit.
On another point Matt communicated that messages with attachments compressed with StuffIt cannot be examined by BrightMail. This is not a shortcoming of BrightMail, but rather a lack of information coming from the StuffIt developer. The StuffIt developers do not share the means necessary for BrightMail, or any other e-mail scanner to evaluate the contents of the attachment. Therefore, any e-mail received with a StuffIt attachment will state that the attachment could not be scanned.
7. Progress Report: Wireless Network – Steve reiterated that the entire outside of the campus was covered by WAP. He also noted that coverage maps will soon be available for all. Craig Kleen mentioned that MLSC was in process of getting coverage and that the next building on the schedule for WAP coverage would be ECS.
