: skip to content : Home : Uni : Students : Research : Community : News : Events
150 years of Achievement: image of university student
Faculties : A-Z Directory : Library
  • IT Security Links
    • University IT Security News
-----------

IT Security Bulletin - August 2003


IT SECURITY BULLETIN - AUGUST 2003
==============================

1. MICROSOFT VULNERABILITIES
------------------------------------------------------
Microsoft has published 31 advisories this year, and July appears to have hit a peak with
9 security advisories issued. This is more than double the average number of advisories
per month for this year.

The list of advisories from Microsoft can be accessed at:
http://www.microsoft.com/technet/treeview/default.asp?url-/technet/security/current.asp

Please ensure that Microsoft Windows computers are promptly updated because attackers
create exploits for the vulnerabilities soon after the advisories are published.

2. CISCO VULNERABILITY
------------------------------------------
Cisco announced a critical vulnerability whereby an attacker could cause a denial of service
on Cisco equipment that uses Cisco's IOS and processes IPv4 packets. This is achieved by
causing an "input queue full" indication on an interface. Under this condition, the network
equipment will halt the processing of incoming traffic on that interface.

Cisco's advisory on this issue can be found at:
http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml

The list of advisories from Cisco can be accessed at:
http://www.cisco.com/warp/public/707/advisory.html

Cisco switches such as the 2950 are also vulnerable if they have been configured with an
IPv4 address for management.

The university has placed access-list filters on the border and core routers to prevent possible
attacks originating from the Internet and student/public VLANS such as MUWIRELESS.

Cisco has issued upgraded versions of the IOS that fix this vulnerability. If you have difficulty
obtaining the upgraded IOS, please contact the HelpDesk at 8344 0888 and raise a netfault case.

If you have further queries on this issue, please contact: netquery@its.unimelb.edu.au

3. REPORTING SECURITY INCIDENTS
------------------------------------------------------------
All staff are encouraged to report IT Security incidents through their LITEs or LANADs. This
will facilitate tracking and co-ordination among the parties involved, whether these are parties
within the University or external parties.

Information on IT Security incident reporting can be found at:
http://www.infodiv.unimelb.edu.au/it-security/incguide.html

4. SOFTWARE COPYRIGHT ISSUES
----------------------------------------------------------
Regarding copyright issues within the University, there is a website that has information on this:
http://www.infodiv.unimelb.edu.au/copyright/index.html

From this website, you can find information on the personnel in charge of copyright issues,
guidelines, useful links and copyright information sources.

Of particular relevance may be the roles and responsibilities of all users and managers. The
document can be accessed at:
http://www.infodiv.unimelb.edu.au/SoftwCpyRightRoles4_1001.pdf

 

top of page

Contact Us : Disclaimer & Copyright : Privacy