Alerts

ITS Security has learned that some end-users may have received e-mails purporting to be from the UNC-Chapel Hill Webmail Team.

The e-mail asks an end-user to reply to the e-mail with their account password. The UNC-Chapel Hill Webmail team did not initiate these e-mails. End-users should be informed that the UNC-Chapel Hill Webmail team will never ask for an end-user's password.

ITS Security is currently working with the ITS Messaging group to prevent responses to this mail and to filter any additional instances of this phishing scam.

If you are aware of anyone who has revealed their password as a part of this phishing scam, please contact the help desk at 919-962-HELP and ask that a Remedy ticket be sent to ITS Security.

In the vast majority of cases, messages that solicit private or confidential information are not authentic and are designed to trick the recipient into revealing confidential information. See http://phishing.org/ for more information regarding phishing.

SOM Information Privacy and Security News

VPN Access Will Be Required for Off Campus Access to Campus Computing Resources

Over the past few months, the campus has seen a marked increase in attacks on computers that can be controlled via remote desktop tools.  Additionally, vendors have identified new risks to networked printers.

Two new efforts in this area will prevent off-campus connections to on-campus computers using remote desktop tools and prevent off-campus printing to on-campus printers.  These changes will take effect on March 30th. After that time, individuals wishing to connect to these types of services from off-campus will be required to first connect to the campus network via VPN.

A Virtual Private Network (VPN) provides an encrypted connection (secure tunnel) from outside networks or Internet Service Providers (ISPs) to the UNC-Chapel Hill internal network. UNC has installed a Cisco VPN concentrator that allows authorized users to access UNC network resources from off-campus using an ISP dial-in, DSL or cable modem service with ONYEN authentication. You can work securely, just as if you were physically on campus.

If on or after March 30th you are unable to connect to your campus computer from off-campus or are unable to print to your campus printer from off-campus then it is likely you need to use the campus VPN software.  This software will let you create a secure connection to the campus network using your Onyen and Onyen-password. A help page (http://help.unc.edu/CCM3_035705) has been created that will provide detailed information regarding VPN use and link to download the necessary software.

• The VPN client software can be downloaded at https://shareware.unc.edu/software.html#v

Please remember that data security here at the University is a partnership.  While we continue to look for ways to reduce our vulnerability to outside attacks from hackers, we rely on all of you as well.  We appreciate your continued efforts of not clicking on links in phishing emails, not sharing your passwords, and keeping your antivirus up to date.  The use of VPN is just another important step to reduce outside threats to the university.

SOM PGP Encryption Project

PGP Whole Disk Encryption is in full swing.  The deadline of July 2012 is approaching.  All laptops storing sensitive data are required by UNC Information Security Policy to be encrypted.  Please bring your laptop to the OIS Helpdesk for encryption.  More information on encryption can be foung on the encryption FAQ page.

Global Information Security News...Stay Secure

Stay up to date on the latest security news bulletins from SANS, SecurityFocus, CERT, ZDNet, and Symantec.

• SANS Internet Storm Center
• SecurityFocus News
• CERT
• ZDNet
• Symantec Threat Explorer