CRITICAL MICROSOFT PATCH RELEASED! Remote code execution vulnerability!
All Bigfix managed systems will see a pop up asking them to reboot. If you are managed by BigFix then please reboot as soon as possible and if you are not then please update all of your windows machines as soon as possible. Below are links to pages that talk about the new vulnerabilities in full detail. University wide patching started in the late afternoon on November 12.
The Internet exposes your computer to dangers from every corner of the globe. Learn what you can do to protect yourself and Stanford from these threats and to safeguard all of our information resources.
Latest Security Announcements
POODLE SSLV3 Vulnerability: Our Position
Endpoint encryption initiative links
- August 5, 2014 letter regarding encrypting employee laptop and desktop computers
- Recommended backup service: CrashPlan PROe (provided by IT Services)
- Stanford Device Enrollment questionnaire (aka Device Identification Application) and screenshots
- Stanford Whole Disk Encryption (SWDE) service
- Self encryption instructions
- Request Temporary Security Exception
- February 13, 2014 Endpoint Compliance memo
- Properties Retrieved by BigFix
New SUNet password rules
- New SUNet password strength rules are now in effect
- 506 users still running Windows XP after its end-of-life date
- Computers on campus still running Windows XP
See the General Security Announcements page for more details.
If you've just come from watching our security awareness video, you can find follow-up information on the welcome page.
Attackers scan computers accessible to the Internet approximately one million times/day in order to break into them. As an open research and education organization connected to the Internet, Stanford's network is accessible to almost anyone, including attackers.
If your computer is not properly secured or has weak passwords, attackers can:
- Delete, change, and/or steal your data
- Install spyware to monitor your keypresses, emails, IMs, or anything else (sometimes even microphone and camera)
- Use your computer as part of a 'botnet' to recruit other compromised computers and perform mischief like sending spam or attacking other computers (making you look like the attacker)
- Steal enough information to impersonate you for fun or profit (i.e., identity theft)
The front line defenses include:
- Strong passwords
- Proper security configuration(s) on your computer
- All security updates for your computer
The steps below will help you have a safe and happy computing experience at Stanford.
The Three A's of Computer Security
- Time-Sensitive Security Alerts
- General Security Announcements
- Communications from Senior University Management
- Computer Security FAQ
- Computer Security Myths
- Phishing: How hackers use social engineering to get your data
- About harassing emails
- Security training
- Advanced: Formal Stanford Policies
- Advanced: Other Security Policies
- Set a strong password
- Keep your computer up to date: BigFix
- Securing your desktop
- Securing your smart phone and tablet
- Essential Stanford Software (antivirus, patch management, and so on)
- Endpoint Compliance Requirements
- Third Party Security Requirements
- International Travel: ISO Recommendations
- Secure email
- Requirements for Email servers and clients at Stanford
- Qualys Network and Web Application Vulnerability Scanner
- Splunk Operational Intelligence
- Computer equipment transfer and disposal guidelines
- More services from University IT