UAH responded to a security incident last month where an individual attempted to gain unauthorized access to a University system which contained student homework and instructor class information. UAH’s cybersecurity monitoring solutions captured the attempt, prevented it from succeeding, and notified the UAH Office of Information Technology, providing samples of user logs to allow the investigation to pinpoint the user responsible.
Per the Appropriate Use of IT Resources Policy, students, faculty, and staff are not authorized to “conduct any activities that could negatively impact the security of UAH network.” Further, investigative activities such as “network mapping, port scanning, vulnerability scanning, or any other security testing of systems or networks which the user does not own or administer, are prohibited without prior written approval from UAH Chief Information Security Officer (CISO).” The only exception to this rule would be networks or systems that do not connect to the UAH network and are set up expressly for these types of activities. If you are at all unsure if you have authorization to perform these activities on a system, please contact the UAH CISO for guidance.
Security tools cannot determine intent when attempts are made to bypass security control mechanisms. The UAH Incident Response team takes such attempts very seriously and we must treat them as potential insider threats even if the motives behind the attempt are educational and even if the attacker did not intend to take advantage of any discovered weaknesses.
UAH has designated personnel who conduct cybersecurity activities as part of regular security control review processes, and unless you are approved in writing to conduct such activities.
We ask that you refrain from any activity that attempts to disable, bypass, circumvent, or compromise UAH security solutions or make any attempt to elevate any user privileges in an unauthorized manner. Any attempt to do so in violation of the Appropriate Use of IT Resources Policy will be construed as an attempted security breach and appropriate actions will be taken to protect UAH assets.
Thank you for reading.
- Jeremy Shelley, CISSP, CISM
UAH Chief Information Security Officer
#BeCyberSmart
