UCL Computer Security Newsletter - March 2008
The purpose of this newsletter is to keep all security reps and other
interested parties informed about what is happening around UCL
regarding computer security. Further information from the Computer
Security Team is always available at http://www.ucl.ac.uk/cert.
1. New Intrusion Detection Server
The recent deployment of a Snort IDS server means that CST are now more
able to detect malicious traffic entering and leaving the UCL network.
This can help in identifying infected or compromised machines on our
network as well as attacks that come from outside. Early results show a
large number of machines apparently infected with spyware programs, and
a few possible trojan infections. Reps may receive emails from CST in
the future relating to these.
2. Recent phishing attacks
Unfortunately, a handful of users replied to the recent phishing emails
with their UCL passwords and their accounts were subsequently used to
send spam. The spam has now been stopped and several defensive actions
3. New page on CST website
A new "Current Alerts" page has been added at
This is to provide information on any current threats that may affect
UCL as a whole, e.g. the recent phishing attacks.
4. Virtual firewalling for departments
In the near future, the IS Network Group will be in the position to
offer virtual firewalls to individual departments. A virtual firewall
can provide a department with an additional level of protection, by
restricting connections from other parts of the UCL network. If you
think your department may be interested in this, please contact CST.
Please note all correspondence from the UCL Computer Security Team is
digitally signed either with personal PGP keys or the CERT team key
(public keys available from http://www.ucl.ac.uk/cert/contacts.html).
This newsletter and previous ones are available at
We welcome feedback on the content and organisation of documents on
our web page.