Computer networks are constantly under threat from malicious individuals and computer programs like viruses and worms. The attackers seek to access IT resources and sensitive or personal information for their own, increasingly criminal, purposes. We are obliged by legislation and our own governance to protect against this.
IT security protects the campus network from unauthorised access, data loss, identity theft, damage to computers or network services, and computer viruses.
Systems and services offered
We operate a number of systems to keep the campus network and IT facilities secure:
- Campus firewall
- Email spam filtering
- Anti-virus software
We also offer the following services:
- Threat monitoring
- Incident reporting and response
- Help and advice on other security matters
Threats to the campus network are constantly changing. To stay secure:
- Read the Top 10 Security Measures guide PDF (hyperlink to as yet not created PDF)
- Be aware of phishing attacks
- Familiarise yourself with the UWTSD Acceptable Use Policy (pdf)
- Report any security incidents or suspicious behaviour
Information about the campus firewall and what to do if you require access to a network service that is not currently allowed through the firewall.
What is the campus firewall?
The campus firewall is a piece of network equipment that sits between the campus network and the internet ensuring that legitimate network traffic is allowed to pass through and that malicious traffic is blocked. The campus network is constantly being scanned and probed for weaknesses that would allow an attacker to gain unauthorised access to University IT resources. The firewall prevents this.
What network traffic is allowed?
The firewall operates from a set of rules that define what network traffic and services should be allowed through and which should be blocked. The basic principle is that all network traffic should be blocked unless it is specifically required for the academic or business needs of the University. All of the common network services used by the University, such as web and email access, have already been considered and allowed through the firewall.
What if the network service I need is not currently supported?
If you require access to a network service for academic or business use that is not currently allowed through the firewall, you must submit a request to Information Services explaining the change you require and the benefits to the University of allowing the service through the firewall.
How do I submit a firewall change request?
A Service Desk call will need to be logged with a request to allow specific traffic through the firewall. As much detail is needed in the call for us to be able to understand the requirement and determine if the change can be made.
How does the change request process work?
Once you have completed submission of a Service Desk call, Information Services will consider your request, the risks to the campus network from allowing the additional network traffic and the benefits to the requestor and the University. Usually we will provide a reply in 2-3 days, although we do reserve the right to take longer (up to 7 days) if the request is complex, requires significant research to understand the network traffic involved or presents potentially significant security risks to the campus network.
What is phishing?
Phishing is the name given to the practice of sending emails purporting to come from a genuine company or organisation operating on the Internet. The email attempts to trick the recipient into entering confidential information, such as credit card or bank details. The links contained within the message are false, and often re-direct the user to a fake web site.
Many fake emails can look very convincing, complete with company logos and links that seem to take you through to the company website, although this too will be a fake.
Several universities in the UK, including ourselves, have recently been targeted with "phishing scam" emails. These take the form of apparently knowledgeable emails, which appear to come from a University or Service Desk support team and ask for username and password information.
How to spot and avoid a phishing scam
The following are all common phishing scams:
- An email asks you to enter personal information, such as usernames, passwords, bank account details or National Insurance number into a form in the email.
- An email purporting to be from an organisation with which you have an account starts 'Dear valued customer' instead of mentioning you by name.
- The email content is of a frightening or threatening nature, such as 'Your account will be suspended unless you enter your username and password'.
- An email asks you to click on a link and enter personal information into a form on the website to which that link takes you.
- Another ploy is to send you a bogus order confirmation for an order you haven't placed, and ask you to re-enter your credit card details if you wish to cancel the order.
There are often clues which may help you spot that the email is fake:
- The reply address of the email is different from the sender's address. Don't look at just the display name -- look at the underlying address or email link target itself.
- The sending email address can be faked, so even if it looks valid that doesn't mean that the email itself is valid. Because replies to a valid address couldn't be picked up by the scammers, they will instead include a different address in the body of the email and ask you to send your details there.
- The reply address (and others) may be on a publicly available webmail service, such as hotmail.com or gmail.com. Anyone can set up such email accounts, but a legitimate company would have no reason to do so -- they've already paid for their own domain name and email facilities.
- The address of a faked website may appear to be similar to what you'd expect it to be, but the domain name is not the official one registered by the organisation. For example, Barclay's Bank's primary registered domain is barclays.co.uk, but a phishing email might link to an address such as barclays.biginternetbanks.com -- the scammers would have registered biginternetbanks.com and configured it to host their own subdomains and fake sites.
- The quality of written English is often not high.
The advice for avoiding these phishing scams is very simple:
- Delete any emails exhibiting suspicious characteristics.
- If you are at all in doubt that it might have been a genuine email, phone or otherwise contact the organisation to ask them if they have sent you this email. However, do not do this by replying to the suspicious email.
What do I do if I receive an email from the Service Desk at TSD asking for my University account details?
If you receive an email that asks you to provide login details do not respond to it, but forward the email to the service desk (details below)
Please remember that the IT Service Desk will never send you an email requesting your username and password. In this context do not respond to such emails; do not provide the information requested.
Do not divulge your user account and password details to any third party; your password should only be known to you. Giving your username and password to someone may result in your email account being used to distribute spam email (risking all University email being blocked) and it may allow them to access and abuse your data and the University data for which you are responsible.
Example phishing scam messages
The following are examples of phishing email messages sent to University addresses. Clues indicating that they are scam messages are highlighted.
From: firstname.lastname@example.org [mailto:email@example.com]
Sent: Thu 05/02/2009 12:36
Subject: Dear student.uwtsd.ac.uk User
Dear student.uwtsd.ac.uk User
Your email account has been used to send numerous Spam mails recently from a foreign IP. As a result, the student.tsd.ac.uk has received advice to suspend your account. However, you might not be the one promoting this Spam, as your email account might have been compromised. To protect your account from sending spam mails, you are to confirm your true ownership of this account by providing your original username (*******) and PASSWORD (*******) as a reply to this message. On receipt of the requested information, the “student.uwtsd.ac.uk” web email support shall block your account from Spam.
Failure to do this will violate the student.uwtsd.ac.uk email terms & conditions. This will render your account inactive.
Thanks for using student.uwtsd.ac.uk
If you think a computer, IT service or user account has been compromised or if you think someone inside or outside the University is abusing or misusing campus IT services, please contact the Service Desk below:
Staff and Students – To log a call, log into the Service Desk Helpdesk system or alternatively use one of the methods below.
- Phone the Help Desk on 01792 481 134 (ext 4134 internally)
- Email firstname.lastname@example.org
- In person at the Help Desk (Mount Pleasant – Thompson Suite, opposite Cafe Metro)
Carmarthen, Cardiff, Lampeter and London Campus'
- Phone the Service Desk on 0300 500 5055 (ext 5055 internally)
- Email ITServiceDesk@tsd.ac.uk
- In person at the Service Desk (Carmarthen – Cwad, Lampeter – Library, London – LRC Resources Room)