UCL Computer Security Newsletter - October 2008
The purpose of this newsletter is to keep all security reps and other
interested parties informed about what is happening around UCL
regarding computer security. Further information from the Computer
Security Team is always available at http://www.ucl.ac.uk/cert .
0. CST changes
Rod Gliven has now left UCL and Marion Rosenberg has returned. There has been a slight change to telephone numbers - all contact details on our website.
1. User Guide to the Information Security Policy
These are the glossy versions of the leaflet which forms part of the UCL Information Security Policy. If you need any more of these small leaflets, please let us know as we have new stock.
Information and guidance documents are available on our website at http://www.ucl.ac.uk/cert/encryption.html
3. Blocking dangerous extensions
We will shortly be blocking incoming .exe attachments as well as .exe within zip files. Managers of departmental mail servers are strongly advised to block these files on their own servers if they do not already do so.
4. Web vulnerability scanning software
CST now have the full version of Cenzic Hailstorm ARC Enterprise available to scan any web servers for vulnerabilities. The software features a web interface which allows reps or system administrators to log in and run scans of their own servers as well as view the results of the scans. If you would like to make use of this software, please email email@example.com with a list of web servers you would like scanned. We will set you up an account which has rights to scan these servers. We can help with the interpretation of the results and with fixing any problems found.
Please note all correspondence from the UCL Computer Security Team is digitally signed either with personal PGP keys or the CERT team key (public keys available from http://www.ucl.ac.uk/cert/contacts.html ).
This newsletter and previous ones are available at http:// www.ucl.ac.uk/cert/cst-newsletters/index.html (except currently the March 2007 one as that had sensitive information in it).
We welcome feedback on the content and organisation of documents on our web page.