UCL Computer Security Newsletter - March 2009
The purpose of this newsletter is to keep all security reps and other
interested parties informed about what is happening around UCL
regarding computer security. Further information from the Computer
Security Team is always available at http://www.ucl.ac.uk/cert .
Apologies for lack of a February newsletter.
1. Handling Computer Accounts and Electronic Data of Leavers
The example form in these guidelines (at http://www.ucl.ac.uk/cert/swg/policy/Guidelines7.html ) has been amended slightly so that it may be more useful to departments. Please consider these guidelines when members of staff leave.
2. Policy documents in general (repeat request)
Please ensure you use the correct link for the information security policy and the individual supporting policies such as the Computing Regulations which should be given as
http://www.ucl.ac.uk/cert/swg/public/Regulations.html (shown when you hover over the main page) and not as
http://www.ucl.ac.uk/cert/swg/public/Regulations_ISC_200809.html which is what appears in the URL bar once you click.
This is so that policies can change without having to change referring pages, but it is always clear which version you are getting.
Ensure, too, if you have written local variations, that these keep in line and refer correctly to the originals.
3. Scheduled Nessus scans
CST now have the capability to schedule Nessus vulnerability scans to run at daily, weekly or monthly intervals, and automatically email the report to a list of email addresses. The software is also now fully licensed and receives plugins for new vulnerabilities as soon as they are released. If you would like to receive regular reports for any machines on your network, please email cert(at)ucl.ac.uk with the IP
addresses of the machines and the email addresses to which the reports should be sent.
Please note all correspondence from the UCL Computer Security Team is digitally signed either with personal PGP keys or the CERT team key (public keys available from http://www.ucl.ac.uk/cert/contacts.html ).
This newsletter and previous ones are available at http://www.ucl.ac.uk/cert/cst-newsletters/index.html (except currently the March 2007 one as that had sensitive information in it).
We welcome feedback on the content and organisation of documents on our web page.