Skip to site navigation

UCL Computer Security Newsletter - January 2006

The purpose of this newsletter is to keep all security reps and other
interested parties informed about what is happening around UCL
regarding computer security. Further information from the Computer
Security Team is always available at http://www.ucl.ac.uk/cert.

1. Updates

Microsoft - emergency patches as of email on 6th January and more on
the usual patch Tuesday.

Apple - Quicktime vulnerability.

Oracle has released new security patches -
http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html

2. Institutional Firewall

It is UCL policy that all departments will be protected by the
institutional firewall. We have started contacting departments with
a schedule for placing them behind the Institutional Firewall.

3. UCL IT security mini-conference/CERT awareness day

Is this a good idea - would you attend? Ideas/requests?

4. Seasonal Competition - winner and answers

We have a winner! First correct answer out of the hat was Debs
Pollard of Information Systems.

Questions/answers follow:

Q1 UCL currently has site licences for which anti-virus products?
A1 F-Secure and Sophos

Q2 Where would you find the UCL Information Security Policy (please
give URL)?
A2 http://www.ucl.ac.uk/cert/swg/policy.html

Q3 What form do we require to be completed if there is a pressing
business need to access stored information?
A3 Form M02

Q4 What specific algorithm do we (CST) recommend for secure deletion
of particularly sensitive data?
A4 The Gutmann Method

Q5 What are the default settings for the Institutional Firewall?
A5 All outbound traffic is allowed but all inbound traffic is denied.
Rules are provided to create exceptions so for example e-mail is
allowed in and ports that worms use to go out are blocked.

Q6 What is MBSA?
A6 Microsoft Baseline Security Analyser

Q7 What does MBSA do?
A7 MBSA analyses a Windows box and reports on security weaknesses.
It checks settings on updatings, passwords and other secuity issues. It looks
for the presence of antivirus software, firewall and so forth. It makes
recommendations on how to tighten up a machine.

Q8 Where would you find PGP details for CST?
A8 http://www.ucl.ac.uk/cert/contacts.html has PGP public key
fingerprints and links to download the keys for CST staff.

Q9 According to Simon's document on dealing with Windows intrusions,
what is the first step in recovering from a compromise?
A9 Unplug the machine from the network.

Q10 What is the only safe way of recovering from a system-level
compromise such as a rootkit?
A10 Rebuilding the entire system afresh is the only really safe way
to recover.

5. General

Please note all correspondence from the UCL Computer Security Team is
digitally signed either with personal PGP keys or the CERT team key
(public keys available from http://www.ucl.ac.uk/cert/contacts.html).

This newsletter and previous ones are available at http://
www.ucl.ac.uk/cert/cst-newsletters/index.html.

We welcome feedback on the content and organisation of documents on
our web page.