Security for the campus network is maintained by the CIS Network Security Team. We are part of the Network Group within Computing and Information Services. Our main responsibilities include maintaining the campus firewall, incident investigations, and providing information and notification on viruses, attacks, and vulnerabilities.

The best way to contact us is by email at firewall@tamu.edu. During the year 2007, we received and processed 14,313 messages. Of those, 2,775 were firewall requests. In case of an after-hours security incident, please contact Help Desk Central at (979) 845-8300.

---

May 15, 2008
SSH Attacks on the Rise

There has been an increase in brute force SSH attacks on machines on campus. This is also being reported by SANS in their Handler's Diary. If you have port 22 open through the campus firewall for any of your machines, this would be a good time to review the security settings on the server.

---

07 May 2008
New phishing scam on campus

If you receive e-mail asking you to "CONFIRM YOUR TAMU.EDU EMAIL ACCOUNT IMMEDIATELY!!!", please delete it. As a reminder, we will never ask you to e-mail us your password.

Update 6:00pm
Another phish has been reported, "*****Help Maintainance*****".

As a reminder, please never send sensitive information over e-mail. Thank you for reporting these scams to us.

---

Possible Change to Default Campus Firewall Rules

---

Past TAMU Security Announcements

---

TAMU Security Topics

• TAMU site license for anti-virus software.
• Campus Firewalls
• TAMU Security Policy
• TAMU Information Security Forum
• Network Scanning Guidelines
• Network Vulnerability Scanning

• Current known viruses on the TAMU campus
• Patches and Fixes for the most common vulnerabilities
• Security Announcement Archive

• Risk Analysis
• How to Secure your machine on the TAMU Campus
• SSH Scanning Example

Incident Detection and Security Tools

• CERT Tech Tips for Internet Security Issues
• Intruder Detection Checklist
• Recovering from a Root Compromise
• TAMU Incident Response Guidelines

TAMU Security Tools and Utilities

• Firewall.tamu.edu - View current firewall settings for hosts you own
• NetSQUID - Information on boxes deployed in residence halls to automatically isolate virus and worm infected machines. This is also now available for campus administrators.

The following tools were developed by the CIS Network Group to help provide security for campus administrators:

• Drawbridge firewall package - A powerful bridging IP packet filter
• Tiger - A set of scripts that will scan a Unix system searching for security problems
• Netlog - A set of Intrusion Detection monitoring programs

The CIS Network Security Team currently provides a scanning tool which allows you to scan your host to check for http vulnerabilities. In the future, we plan to expand this to also allow you to scan for vulnerabilities in other protocols (ftp, ssh, etc..). Any scan from the CIS Network Security Team will originate from scan.tamu.edu or net.tamu.edu.

• Campus Administrators
  The tool and more information can be found here:
  Vulnerability Scans

• ResNet Machines
  Scans can only be performed on your hosts for http vulnerabilities. The reason for this is that only http is able to be opened through the firewall for ResNet hosts. The tool and more information can be found here:
  ResNet Port 80 Scans

Industry Security Sites and Organizations

CERT Coordination Center Symantic Security Response SANS Incidents.org Security Focus(Bugtraq Mailing List) Common Vulnerabilities and Exposures

SANS Institute SANS Top 20 Vulnerabilities CERIAS NTBugtraq Mailing List USENIX SAGE