The Importance of Backups

This month’s issue of OUCH! from SANS focuses on backups. Specifically, what backups are, how they work and how to create the best backup strategy.

Unfortunately, too many people fail to realize how important backups can be. Backups provide peace of mind as well as business continuity. Think about how you would feel if a hard drive crashed and you lost thousands of your family’s photos, or all of your work files.

With a backup, either by using local storage media such as an external hard drive, or by using a cloud-based service, you can rest assured that everything can be recovered.

Read (and download) the issue here (PDF).

Learn more about backup options at MIT, including CrashPlan.

Sophos AV Ends Support for Mac OS X 10.6 and 10.7

Sophos Anti-Virus is ending support for Mac OS X 10.6 (Snow Leopard) and 10.7 (Lion) on October 31, 2015. Computers running those operating systems will stop receiving Sophos updates after that date. Information regarding this change can be found at:

https://www.sophos.com/en-us/support/knowledgebase/122477.aspx

Apple stopped releasing security updates for both OS X 10.6 (in February 2014) and 10.7 (in September 2014), so continuing to run computers with those operating systems on the network is not recommended. IS&T strongly encourages you to upgrade those machines to the latest Mac OS if possible to ensure that they are protected.

As always, MIT users who need help or have questions, can contact the IS&T Help Desk at 617.253.1101 or helpdesk@mit.edu, or submit a request online.

MIT Certificates Expire on July 31

If you haven’t done so already, be sure to renew your MIT personal web certificates and at the same time update your password (if the password is over a year old). Pick a strong password so that it’s less likely to be compromised.

Renewal of personal web certificates is not automatic, so plan to renew to ensure continued access to MIT’s secure applications, including Atlas, Benefits, SAPweb, WebSIS and software downloads.

This year, signing up for Duo Authentication (see above article) is added as an option, but next year when certificates expire it will be required, including for students.

The Cyber Generation Gap

The May issue of OUCH!, led by Guest Editor Brian Honan, is focussed on securing the cyber generation gap. Many of us have family members that may not be technically savvy and are intimidated by security.  This newsletter explains how you can help those family members and any children that may be visiting them.

Feel free to share OUCH! with anyone you want, including family, friends or as part of your security awareness program.

Download the issue here (.pdf)

Mac iOS Security Guide

The new Mac iOS Security Guide was released in April of 2015. As the introduction of the guide states: “Apple designed the iOS platform with security at its core. When we set out to create the best possible mobile platform, we drew from decades of experience to build an entirely new architecture.”

Many of the security features are built in by default.

“iOS and iOS devices provide advanced security features, and yet they’re also easy to use. Many of these features are enabled by default, so IT departments don’t need to perform extensive configurations. And key security features like device encryption are not configurable, so users can’t disable them by mistake. Other features, such as Touch ID, enhance the user experience by making it simpler and more intuitive to secure the device.”

Topics covered in the guide are: system security, encryption and data protection, app security, network security, Apple Pay, internet services, device controls and privacy controls.

Download or view the guide (.pdf)

Tip of the Week: Passphrases

The April issue of OUCH! is led by guest editor Guy Bruneau, and covers passphrases.  Specifically, what passphrases are, why they are better than passwords and how to use them securely.  As always, you are encouraged to download and share OUCH! with others.

Download the issue here (.pdf)

For managing all your passwords, use a password vault, like LastPass. Here are some best practices for using LastPass at MIT.

Security Training By SANS

SANS (sans.org) offers all kinds of training for professionals who are involved in cybersecurity. There are various ways to access their quality training material: by attending a live conference, accessing your training on demand (online) or hosting a training session in your community.

Courses include a range of topics including: hacker tools and techniques, forensic analysis, intrusion detection, network penetration testing, incident response and many more.

Find a training by course, location or date: http://www.sans.org/find-training/

Find or host a training in your community: http://www.sans.org/community/

On demand training: http://www.sans.org/ondemand/