UCL Computer Security Newsletter - January 2011
The purpose of this newsletter is to keep all security reps and other
interested parties informed about what is happening around UCL regarding
computer security. Further information from the Computer Security Team is
always available at http://www.ucl.ac.uk/isd/common/cst.
1. More CST scanning
Last month, I reported that we had some holes punched in the network to
let our scan reach further across UCL and said that you may receive
reports of unlatched machines from us more often than previously. I would
like to remind all that unlatched machines are a risk to the whole of UCL
as they provide a way in - it's the old adage of "the weakest link" -
please, no comparisons with the host of that show! If machines are not
dealt with in a timely matter and we do not hear back from you that you
are dealing with them, we may be forced to block those machines at the
institutional level at least.
2. Reminder - privacy labels
All UCL machines should have on them the yellow stickers entitled "Your
Privacy" - please let us know if you need any more stock in your
3. Reminder - incident reporting
UCL policy is that CST must be told of security incidents - even if you
can sort it out yourself, we would appreciate being made aware as it helps
us correlate incidents and keeps us aware of any particular problems UCL
In particular, please note that if an incident could end up in court, then
CST should be the people to investigate as we have training in forensic
investigation. Any suspicions of inappropriate behaviour that may end up
as a disciplinary is included, as disciplinary action may end up in an
industrial tribunal which is, in effect, a court of law and thus evidence
must be forensically sound and defendable.
4. Reminder - physical security
More and more people have laptops/tablets and these are very easy to steal
or lose. If you have to leave a mobile device unattended, please secure
it - e.g. using a Kensington lock will at least slow down a thief even if
it's not a perfect solution.
5. Software Copyright caveat
Ensure that the terms and conditions of the procurement of software allow
for any adaptation that you may wish to make in the future and whether
such adaptation can be outsourced if desired. For the recent EU ruling,
Please remember to contact us using cert(at) normal ucl address, rather
than our individual email addresses.
Please note all correspondence from the UCL Computer Security Team is
digitally signed either with personal PGP keys or the CERT team key
(public keys available fromhttp://www.ucl.ac.uk/isd/common/cst/contacts).
NB There may be a hiatus or a bit of trial and error in this when we move
to Live@UCL as we have not determined exactly how we can best provide
This newsletter and previous ones are available at
http://www.ucl.ac.uk/isd/common/cst/cst-newsletters (except currently the
March 2007 one as that had sensitive information in it).
We welcome feedback on the content and organisation of documents on our