April 2007 Summary and Trends
The total number of events reported to the STEAM-CIRT increased just over 41% from last month, even though the total number of actual IT incidents fell by 18%. The number of classified incidents is much lower than in April of 2006. Compared to March 2007, the number of tickets remained relatively stable. The increase in reported events is attributed to a reclassification of a number of copyright infringements and DMCA notices as IT Incidents.
Starting in April, the STEAM-CIRT added a new classification and several new incident labels associated with copyright violations. The purpose of these new categories are to better track and identify potential copyright infringement and other violations associated with copyright. The IT Statistics section of this report reflects the addition of the new categories as well. A new copyright violation handling procedure will be added to the STEAM Handbook shortly. Until then, as always, security contacts can contact the STEAM-CIRT for any questions regarding handling of copyright violations.
On 5/8/07 Microsoft released MS07-029 to address a critical remote code execution vulnerability discovered in April in their RPC-based DNS management. STEAM-CIRT advises anyone using Microsoft DNS servers to install all critical security patches from the software vendor after appropriate testing. The newest version of Microsoft Security Baseline Analyzer will be able to determine if you have the patch for this vulnerability.
Also, as was noted on the STEAM mailing list, the Center for Internet Security (CIS) benchmark and scoring tools are now available for use on campus. The STEAM-CIRT recommends system administrators review these benchmarks to determine whether their current security configuration templates match best practices wherever possible. To read more about the tools, please visit:
To read the SecurePurdue news story about the benchmarks, please visit:
Posted by William Harshbarger on August 22, 2007, in Handlers Log.