Texas A&M AgriLife IT Security
Texas A&M AgriLife IT SecurityLatest IT news & tips to keep your computer safe

Archives for October 2017

October 2017 Security Considerations

by

CYBERSECURITY AWARENESS MONTH

Happy National Cybersecurity Awareness Month!  October is the National Cybersecurity Awareness Month and is about the only cybersecurity treat we get in an arena of tricks.  The education push during October is a joint effort between Department of Homeland Security and all sorts of partners including US-CERT.  This is all part of the National Cybersecurity Alliance that Texas A&M Information Technology is a Champion organization to “… represent those dedicated to promoting a safer, more secure and more trusted Internet.”

This is a month to recognize the vital role cybersecurity and cybersecurity efforts play in all of our lives and also a time to educate and protect our own privacy more.  There are three actions you should consider:

  1. The National Cybersecurity Alliance StaySafeOnline resource page might be is a good link to send to all your customers.
  2. The National Cybersecurity alliance is also endorsing a 15-day Privacy Challenge starting October 15th that will give you a Privacy Nugget email each day.  Surprisingly, the Nuggets come from a company based in Edmonton, Canada that you have to give your name and email address to; however, the topics covered include both personal privacy tips and true information resource manager type tips.  To save you time here is the StaySafeOnline direct link 15-Day Privacy Challenge
  3. The National Cybersecurity Alliance also has built a great ManageYourPrivacy reference page to educate how to check your privacy settings in eCommerce sites, email, location services, browsers, and much much more including your FitBit and Xbox!

Hover over those links to make sure they are secure and really taking you where you hoped to go.

REMINDER: TAMU also has the half-day Dev/Ops Security Mashup event on Thursday, October 26. See the full agenda and RSVP for lunch at https://goweb.tamu.edu/devops-security-mashup/.

BACKUPS

In the ransomware age backups are a key part of cybersecurity protections!  Just ask anyone who finally paid the ransom because they could not find a recent or decent backup! As an example, many times information managers set up backups with a periodic full every two weeks and then a daily incremental.  However, they never test the restore and forgot to consider the more file modifications you have the longer it takes to index and restore.  Most that have done restorations know backup time has very little to do with restoration time.   This is why it is important you test your backups applying the entire cycle of incrementals to a full backup, make an entry in your backup log of testing, and adjust as appropriate.

It is also extremely important that you check those daily incrementals daily.  Certainly, no one wants to find out an incremental failed on day 5 of a 14-day backup cycle during a restoration.

REMINDER:  For anyone that has rebuilt RAID-5 the same unexpected elongation of time occurs with a backup as well.  It isn’t easy to either spread data across multiple disks or deal with a backup that must mimic user file modification behavior.  Consider that in any timeline when building a Recovery Time Objective (RTO).

PATCH TUESDAY

Microsoft celebrated National Cybersecurity Awareness Month as well with only 28 Critical fixes and breaking WINDOWS 10 for some users.  You may want to test the WIN10 updates.  However, Adobe in the most merciful celebration ever … released NO — ZERO — NADA Flash Security updates.  (Once they realized Flash was sunsetting in 2020 they must have discovered they closed all the holes. 🙂 )

Microsoft Office has an IMPORTANT patch for a reported and exploited vulnerability in Word’s automation component, CVE-2017-11826 —  IMPORTANT is just plain wrong, open the exploit document and the bad actor has your privileges.

There is both a DNS advisory of interest and an advisory with more-than-likely low applicability on TPM.  Many do not use TPM firmware to generate keys after Windows 8 but reading the advisory and applicability to HP, Lenovo, and Fujitsu systems using TPM firmware by Infineon it is pretty frightening to think of fixing if this was deployed to hundreds or more systems where you had relied on TPM to generate keys for either AD Certificates or Bitlocker.  10.19.17 UPDATE:  Microsoft updated the Advisory to include affected Surface and ACER hardware.

Security recommends applying all Critical and Important updates and the Advisory link is below:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012

Thank you for all your security efforts!