• Skip to content
  • Skip to primary sidebar
  • Texas A&M Forest Service
  • Texas A&M Veterinary Medical Diagnostics Laboratory
  • Texas A&M AgriLife Extension Service
  • Texas A&M AgriLife Research
  • Texas A&M College of Agrculture and Life Sciences
Texas A&M AgriLife IT Security
Texas A&M AgriLife IT SecurityLatest IT news & tips to keep your computer safe

Archives for October 2017

October 2017 Security Considerations

October 12, 2017 by SecurityTeam

CYBERSECURITY AWARENESS MONTH

Happy National Cybersecurity Awareness Month!  October is the National Cybersecurity Awareness Month and is about the only cybersecurity treat we get in an arena of tricks.  The education push during October is a joint effort between Department of Homeland Security and all sorts of partners including US-CERT.  This is all part of the National Cybersecurity Alliance that Texas A&M Information Technology is a Champion organization to “… represent those dedicated to promoting a safer, more secure and more trusted Internet.”

This is a month to recognize the vital role cybersecurity and cybersecurity efforts play in all of our lives and also a time to educate and protect our own privacy more.  There are three actions you should consider:

  1. The National Cybersecurity Alliance StaySafeOnline resource page might be is a good link to send to all your customers.
  2. The National Cybersecurity alliance is also endorsing a 15-day Privacy Challenge starting October 15th that will give you a Privacy Nugget email each day.  Surprisingly, the Nuggets come from a company based in Edmonton, Canada that you have to give your name and email address to; however, the topics covered include both personal privacy tips and true information resource manager type tips.  To save you time here is the StaySafeOnline direct link 15-Day Privacy Challenge
  3. The National Cybersecurity Alliance also has built a great ManageYourPrivacy reference page to educate how to check your privacy settings in eCommerce sites, email, location services, browsers, and much much more including your FitBit and Xbox!

Hover over those links to make sure they are secure and really taking you where you hoped to go.

REMINDER: TAMU also has the half-day Dev/Ops Security Mashup event on Thursday, October 26. See the full agenda and RSVP for lunch at https://goweb.tamu.edu/devops-security-mashup/.

BACKUPS

In the ransomware age backups are a key part of cybersecurity protections!  Just ask anyone who finally paid the ransom because they could not find a recent or decent backup! As an example, many times information managers set up backups with a periodic full every two weeks and then a daily incremental.  However, they never test the restore and forgot to consider the more file modifications you have the longer it takes to index and restore.  Most that have done restorations know backup time has very little to do with restoration time.   This is why it is important you test your backups applying the entire cycle of incrementals to a full backup, make an entry in your backup log of testing, and adjust as appropriate.

It is also extremely important that you check those daily incrementals daily.  Certainly, no one wants to find out an incremental failed on day 5 of a 14-day backup cycle during a restoration.

REMINDER:  For anyone that has rebuilt RAID-5 the same unexpected elongation of time occurs with a backup as well.  It isn’t easy to either spread data across multiple disks or deal with a backup that must mimic user file modification behavior.  Consider that in any timeline when building a Recovery Time Objective (RTO).

PATCH TUESDAY

Microsoft celebrated National Cybersecurity Awareness Month as well with only 28 Critical fixes and breaking WINDOWS 10 for some users.  You may want to test the WIN10 updates.  However, Adobe in the most merciful celebration ever … released NO — ZERO — NADA Flash Security updates.  (Once they realized Flash was sunsetting in 2020 they must have discovered they closed all the holes. 🙂 )

Microsoft Office has an IMPORTANT patch for a reported and exploited vulnerability in Word’s automation component, CVE-2017-11826 —  IMPORTANT is just plain wrong, open the exploit document and the bad actor has your privileges.

There is both a DNS advisory of interest and an advisory with more-than-likely low applicability on TPM.  Many do not use TPM firmware to generate keys after Windows 8 but reading the advisory and applicability to HP, Lenovo, and Fujitsu systems using TPM firmware by Infineon it is pretty frightening to think of fixing if this was deployed to hundreds or more systems where you had relied on TPM to generate keys for either AD Certificates or Bitlocker.  10.19.17 UPDATE:  Microsoft updated the Advisory to include affected Surface and ACER hardware.

Security recommends applying all Critical and Important updates and the Advisory link is below:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012

Thank you for all your security efforts!

Filed Under: Uncategorized

Recent Posts

  • January 2018 Security Considerations
  • December 2017 Security Considerations
  • November 2017 Security Considerations
  • October 2017 Security Considerations
  • September 2017 Security Considerations

Archives

  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • February 2017
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • January 2016
  • December 2015
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • May 2015
  • April 2015
  • March 2015
  • February 2015
  • January 2015
  • December 2014
  • November 2014
  • October 2014
  • September 2014
  • August 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • March 2014
  • February 2014
  • January 2014
  • December 2013
  • November 2013
  • October 2013
  • September 2013
  • August 2013
  • July 2013
  • June 2013
  • May 2013
  • April 2013
  • March 2013
  • February 2013
  • January 2013
  • December 2012
  • November 2012
  • October 2012
  • September 2012
  • August 2012
  • July 2012
  • June 2012
  • May 2012
  • April 2012
  • March 2012
  • February 2012
  • January 2012
  • December 2011
  • November 2011
  • October 2011
  • September 2011
  • August 2011
  • July 2011
  • June 2011
  • May 2011
  • April 2011
  • March 2011
  • February 2011
  • January 2011
  • December 2010
  • November 2010
  • October 2010
  • September 2010
  • August 2010
  • July 2010
  • June 2010
  • May 2010
  • April 2010
  • March 2010
  • February 2010
  • January 2010
  • December 2009
  • November 2009
  • October 2009
  • September 2009
  • August 2009
  • July 2009
  • June 2009
  • May 2009

Pages

  • June Microsoft patches – detail – Internet Explorer
Texas A&M AgriLife Extension Service
Texas A&M University System Member
  • Compact with Texans
  • Privacy and Security
  • Accessibility Policy
  • State Link Policy
  • Statewide Search
  • Veterans Benefits
  • Military Families
  • Risk, Fraud & Misconduct Hotline
  • Texas Homeland Security
  • Texas Veteran's Portal
  • Equal Opportunity
  • Open Records/Public Information