UCL Computer Security Newsletter - February 2007
The purpose of this newsletter is to keep all security reps and other
interested parties informed about what is happening around UCL
regarding computer security. Further information from the Computer
Security Team is always available at http://www.ucl.ac.uk/cert.
1. CST staffing
As previously emailed, Jon Macfarlane has joined CST.
3. Solaris telnet vulnerability
Apologies for the email to all on this, but we felt it was of
sufficient importance to inform all reps straight away. We would
encourage all system owners to work towards eliminating the use of
telnet and moving towards ssh as a matter of course.
4. Institutional Firewall
It is UCL policy that all departments will be protected by the
institutional firewall. We are over half way there going by network
prefixes alone. Since we've, in the main, been dealing with the /24
first, we can confidently say that we are well over half way there
with respect to hosts/people protected.
We will shortly be publishing a schedule for the remaining parts of
the UCL network to be transitioned - the schedule will be sent to
security reps to allow them to contact us with any exceptions to the
default deny inbound rules.
Please note all correspondence from the UCL Computer Security Team is
digitally signed either with personal PGP keys or the CERT team key
(public keys available from http://www.ucl.ac.uk/cert/contacts.html).
This newsletter and previous ones are available at
We welcome feedback on the content and organisation of documents on
our web page.