“Heartbleed” Website Security Regarding UNC-CH

April 11th, 2014 | In IT Security, News

heartbleed logo

 

Many computers that provide access to Internet content are vulnerable to an internet security exploit called “Heartbleed” including UNC networks. The bug affects software that a majority of secure websites (those that start with “https”) use to encrypt personal and sensitive information in an attempt to secure it. When exploited, the software bug allows hackers to bypass the encryption and view protected communications, such as usernames and passwords.

Continue Reading…

Windows XP – End of Support

March 13th, 2014 | In News, Uncategorized

xp-banner-smallDo you use or own one or more computers that currently run Windows XP and connect to the University Network?  

On April 8, 2014, Microsoft will end all support for Windows XP. Continuing to use a Windows XP computer after April 8 will create a security risk. If you have a Windows XP computer and have not made plans to replace or upgrade it before April 8, please contact your campus technical support staff or (919) 962-HELP immediately.  

Don’t Be Fooled on April 1st – Back It Up on March 31st!

March 11th, 2014 | In News

World Backup Day on March 31, 2014, is an independent initiative started in 2013 to raise awareness about the importance of regular backups for your technology devices.

According to research by Google, computer storage drives have failure rates between 2% and 10% [1]. Most of us have lost critical documents and irreplaceable information on our technology devices. Many people falsely think their documents are safe because they are saved on the computer’s hard drive.  The best way to avoid potential loss of personal and sensitive information is to back it up!

Why should I backup my files?

While technology increasingly enables us to create and save important information, ITS Security recommends consumers ensure these items are in a safe location in the event of theft, loss, natural disaster, damage, or a system failure. Backing up your files means making a copy of these items and placing the backup in a secure location.

What types of technology items should I consider backing up?

  • Laptop
  • Computer
  • Tablet
  • iPod
  • Phone
  • Photos and videos on social media sites

Options for backing up your devices:

The safest way to protect sensitive and confidential documents is to encrypt the documents or folder before taking a backup.

  • Cloud Backup: (for personal documents/files/photos/videos etc.)This is similar to an offsite backup; you can install an app on your computer to instantly and automatically copy your files to the cloud. This option makes multiple copies of your files at various locations around the world. The security of the data is only as strong as your password.
    • Apple iCloud
    • Iron Mountain
    • DropBox
    • Carbonite
    • Local Backup: Copy your most important files onto an external hard drive or USB flash drive. This can be disconnected and stored in a secure location such as a locked office. Use ‘Time Machine’ backup on Apple computers, and ‘Backup and Restore’ on Windows computers.
    • NAS – Network Attached Storage (for full-time Carolina faculty and staff needing to store various types of non-confidential University information) The University provides a network file share at \\storage.unc.edu. Learn more about NAS.

 

If using a Cloud backup service, your backup should work automatically. We recommend you check your storage location and your automated program (if using) periodically to ensure everything is working properly.

Technology Help at Carolina

Everyone at Carolina is welcome to contact the http://help.unc.edu/helpdesk whose professionals will either answer your question or route you to the right person for support.

Information Technology Services — Contact Information

1. Pinheiro, Weber, Barroso. “Failure Trends in a Large Disk Drive Population”. Feb 2007. Mar 2014. <http://static.googleusercontent.com/media/research.google.com/en/us/archive/disk_failures.pdf>

Spring Break 2014 – Secure Travel Computing

March 7th, 2014 | In News

Carolina provides outstanding information technology resources that you may choose to access remotely if you travel over spring break. If you use University computing resources while travelling, please remember that connecting over the Internet can carry some risks. Below are some things to think about that may reduce those risks.

Connecting to Carolina Resources

Secure & Private Connections to Carolina while Traveling

With wireless networking and public or commercial wireless (“Wi-Fi”) network services in most airports and hotels, connecting to Carolina has never been easier. However, public wireless networks have become major targets for identity thieves and other cybercriminals. 

Continue Reading…

University provides resources for people affected by data breach

January 28th, 2014 | In News, Security Incidents

People affected by the recent University data breach can turn to a variety of resources for information and help in answering their questions.

Meredith Weiss, associate vice chancellor for business services and administration, outlined the available resources during the Jan. 16 community meeting sponsored by the Employee Forum, and she encouraged people to use the resources that would be most beneficial to them.

Continue Reading…

University Continues Network Connectivity Advancements 

January 28th, 2014 | In News

Over the past several months, Information Technology Services (ITS) has made significant enhancements to the wireless coverage and security of the campus network. The following briefly describes the completed and progressing network centric initiatives. Additional information on all of these advances and other initiatives can be found on the ITS Initiatives home page.

Continue Reading…

University ensures that people affected by data breach have correct credit monitoring codes

January 17th, 2014 | In News, Security Incidents

People who were affected by a recent University data breach are being notified about how they can pursue a one-year subscription to a credit monitoring service offered by the University at its expense. Each person is assigned a unique code that provides access to this credit monitoring service.

However, the letters mailed to people on Jan. 10 on behalf of the University from Rust Consulting included an incorrect code. Rust is mailing people the correct code at its expense; those letters will be mailed beginning at the end of the day today (Jan. 17), and recipients should have them next week.

But people do not have to wait for their new code to sign up for credit monitoring. They can call the toll-free number 1-877-432-7463, and a representative will be able to provide them with the correct code. People simply have to give the representative their name and the last four digits of the incorrect code to get the correct one. (For people who call on the Martin Luther King Jr. holiday, Jan. 20, representatives will be available to assist them.)

Anyone who uses an incorrect code to sign up for credit monitoring at https://www.myidmanager.com/promo_code.html will be given the 1-877-432-7463 toll-free number to obtain the correct code.

“I am very sorry that people who have been affected by this data breach have to go through an additional step to be able to take advantage of the free one-year subscription to credit monitoring, and we have stressed to Rust Consulting that getting people accurate, timely information is our top priority,” said Kevin Seitz, interim vice chancellor for Finance and Administration.

Rust Consulting has assured University officials that they understand the urgency and will mail people their correct access codes as quickly as possible. In the letters, the company is apologizing both to the people affected and to the University: “We sincerely regret the error and any inconvenience it has caused for you as well as the University of North Carolina at Chapel Hill. Rust Consulting is working diligently to ensure that you can receive free credit monitoring if you so choose.”

Early feedback overall has been positive from people who have tried to use the incorrect code and were directed to call the toll-free number to get their correct code.

Meredith Weiss, associate vice chancellor for business services in Finance and Administration, received an email from one employee stating, “I called the toll-free number that popped up on the website, and a very nice lady gave me the correct code, which worked fine.”

University investigates data breach, notifies affected people

December 10th, 2013 | In IT Security, News
Update 12/23/13: The University is offering people affected by this incident the option of a one-year subscription to a credit monitoring service that monitors activity at all three credit bureaus, at the University’s expense. The University is notifying these people directly by mail in early January 2014 about how they can pursue this option. Click here for more information on UNC’s website.

Carolina officials are investigating a data breach that risked unauthorized online access to personal information concerning some current and former employees, vendors and students. It is believed that more than 6,000 people are affected.

On Nov. 11, an information technology manager in the Division of Finance and Administration was informed that some electronic files managed by the Division of Facilities Services inadvertently became accessible on the Internet. The files contained names and Social Security or Employee Tax Identification numbers, and in some cases, addresses and dates of birth.

Continue Reading…

New Onyen Management System

November 26th, 2013 | In News

ITS has rolled out a new Onyen management system. The interface to the new system adds functionality for first-time Onyen creation and on-going password management. All other functions on the Onyen Services page (onyen.unc.edu) remain unchanged.  

The new, easy-to-use interface for managing passwords requires all users to select five security questions and identify at least one emergency contact the first time a password is changed. Both of these functions were previously optional. By requiring security questions, ITS now offers users the convenience of resetting a forgotten password online without contacting 962-HELP for assistance.

This new interface will enable you to:

  • Change your password
  • Reset a lost or forgotten password
  • Check password status
  • Create/update security questions
  • Add/update emergency contact information
  • Add/update Alert Carolina contact number

You will continue to be reminded via email when it’s time to change your password. For questions about using the new Onyen password management application, call 962-HELP or visit help.unc.edu and search for “Onyen Password.”

Important Changes to ConnectCarolina Access for Faculty and Staff

November 11th, 2013 | In Enterprise Applications, Enterprise News, News

As part of an effort to increase the security and reliability of Carolina’s information technology resources, ITS is implementing changes to faculty and staff connections to the ConnectCarolina application. The University’s data systems are under constant attack, with millions of unwanted connection attempts each month. ConnectCarolina, the administrative system for student services (and in 2014, HR/Payroll and Finance), contains sensitive data and it’s important to protect this data from these attacks by using secure methods to access ConnectCarolina. These changes will go into effect on the evening of Dec. 18.

Continue Reading…