Information Security

New Identity and Access Management Infrastructure at UCR

jmenende — Mon, 13 Mar 2023 19:10:48 +0000

New Identity and Access Management Infrastructure at UCR jmenende Mon, 03/13/2023 - 12:10 More Blog Posts March 13, 2023

Top 5 Things to Know:

Deployment is scheduled to commence March 16, 2023, and conclude March 21*, 2023
- (* Please note that the deployment window has been extended as the result of a campus outage on March 20)
Campus can expect a disruption of IAM-dependent services during the deployment window
Identity creation and management processes previously performed in Enterprise Directory (eDir), eForms, and Temporary NetID System (TNS) will now be performed in IAMRiverside
eDir, eForms, and TNS will be decommissioned as part of the deployment of the new solution and, therefore, no longer accessible
Access managed through EACS will continue to be managed through EACS

Read on for detailed information about IAMRiverside and how it affects you as a member of the UCR community.

Deployment of IAMRiverside

Deployment of UCR’s new identity and access management solution, IAMRiverside, is scheduled to commence the afternoon of March 16, 2023, and conclude in the early morning hours of March 21*, 2023. Watch the IAMRiverside overview video to learn more.

Support Resources

Information about IAMRiverside and support resources, including step-by-step guidance, are available on the IAMRiverside project page: https://its.ucr.edu/iamriverside.

Those looking for additional support after deployment can attend the IAMRiverside Office Hour on Tuesday, March 28, from 1:30 - 2:30 PM (more times to be announced shortly).

User Experience During Deployment

Campus can anticipate the following during the deployment window:

Delay in NetID Creation & Account Updates

It is important to note that NetIDs cannot be provisioned during the deployment window. As a result, folks should expect delays in providing system access to new persons, as well as delays in processing any changes made in sources of authority (e.g., UCPath, Banner, etc.) for an existing person. This inconvenience is an unfortunate byproduct of the cutover to the new solution, but also a reminder of how critical this infrastructure is to UCR operations. Please share this information with your unit and try to plan accordingly.

Decommissioning of eForms, Enterprise Directory (eDir), and Temporary NetID System (TNS)

eForms, eDir, and TNS will be decommissioned as part of the deployment. As a result, these systems will no longer be accessible. Once IAMRiverside is live, functions currently performed in those systems will be performed in IAMRiverside.

Disruption to Password Reset

Additionally, near the beginning of the deployment window, the ability to reset one’s password in MyAccount will be unavailable for approximately one hour. An alert will be posted in MyAccount to make users aware of this planned service disruption.

Email Alias Limitation in R’Mail

Similarly, during the deployment window, those with R’Mail (Google) email accounts will be unable to use the “send as” alternate alias function when composing emails. Any emails sent during this time will leverage the default setting to “send as” the user’s netID@ucr.edu. However, it should be noted that users can still “send to” all alias email accounts (e.g., scotty.bear@ucr.edu).

UCPath Will Be Authoritative Source for Employee and Contingent Worker Account Types

Finally, it should be noted that IAMRiverside will look to UCPath as the authoritative source for account type. As a result, some users may notice a change in their access if there is currently a discrepancy between their UCPath designation and any alternate designation provided by eDir or eForms. We believe there are only a handful of units that this applies to, but if you or your staff experience any access issues after Go Live, please ensure that proper attributions have been applied in UCPath and EACS. If access issues persist, please submit a ticket to the Identity and Access Management (IAM) team.

User Experience After Deployment

Upon successful deployment, IAM-related services are expected to resume operations as usual.

If you experience any access issues after March 20, please ensure that proper attributions have been applied in UCPath and EACS. If access issues persist, please submit a ticket for the Identity and Access Management (IAM) team or call BearHelp during normal business hours at 951-827-4848.

Those who previously held eForms and/or eDir permissions will be able to log into iamriverside.ucr.edu using their NetID credentials. For guidance on how to perform specific functions, please refer to the knowledge documentation.

Key Features to Note:

IAMRiverside introduces a way to provision NetIDs prior to UCPath approval (watch the interface overview video to learn more)
An automated user match process will help to ensure duplicate accounts are not created for the same individual so long as those creating the account complete important form fields, such as the user’s birthdate and personal email address
An individual’s NetID can now be found by searching for the user at profiles.ucr.edu and clicking on their profile card (please note that you must be logged into Profiles in order to view)
The IAMRiverside system will send notifications to interested parties to communicate system actions and events (e.g., account expiration, creation, modification)
Administrators now have access to identity and access reports

To learn more, visit https://its.ucr.edu/iamriverside

Tags

Information Security

Information on LastPass Security Breach

npill005 — Fri, 20 Jan 2023 19:15:25 +0000

Information on LastPass Security Breach npill005 Fri, 01/20/2023 - 11:15 More Security Alert January 20, 2023

Updated on 3/10/23 to reflect new information

On December 22nd, LastPass notified its customers that, late in 2022, a hacker was able to obtain the full, encrypted vaults for many or all of its customers. On March 1st, LastPass released an update on the details of the security breach. You can read all the details here https://blog.lastpass.com/2023/03/security-incident-update-recommended-actions/.

Given this new information, the Information Security Office is now recommending that users move from LastPass to a different password management tool.

Please note that the security of the data you store in any password management tool is entirely dependent on the strength of your master password. The weaker your master password is, the easier it will be to break it and allow someone to gain access to your vault. While weaker passwords will be cracked sooner, even stronger passwords will very likely be cracked over time. Because of this, we strongly recommend that you change all passwords, particularly any involved with high-value accounts such as banking accounts.

UCR staff, faculty, and students who use LastPass should take the following steps to ensure the safety of their accounts.

Change your LastPass master password.
Change every password/credential stored within your LastPass vault/account.
Enable multi-factor authentication for your LastPass account.
Strongly consider using a different password management tool

For updates on this incident, please visit https://blog.lastpass.com

Tags

Information Security

Notice of Smishing Texts Targeting UCR Community

npill005 — Thu, 15 Dec 2022 00:45:14 +0000

Notice of Smishing Texts Targeting UCR Community npill005 Wed, 12/14/2022 - 16:45 More Security Alert December 15, 2022

The Information Security Office has become aware of an increase in spam SMS also known as “smishing” being sent to the UCR community. When cybercriminals "phish," they are sending fraudulent emails that aim to trick the recipient into opening a malware attachment or clicking on a malicious link, and they “smish” when they try to engage potential victims in the same way via text messages.

This recent campaign, Impersonation of Kim Wilcox targeting – staff and faculty especially middle and upper level management was very active in November, 2022.

Some helpful ways to protect yourself from these smishing attacks include:

Read messages carefully. Oftentimes spam and phishing messages will have weird spacing, incorrect spelling, poor grammar, asking for personal information or requesting you perform some sort of action like logging into a website that looks legitimate but is not.
Never click a link from a number you are unsure about. Verify information from the sender via a known safe method of communication.
Do not respond to smishing messages instead Report spam texts to your wireless carrier forward all spam text messages to 7726. (Note: not all carriers offer this)
SMS is not a secure way of sharing personal information so be wary of anyone requesting this information via SMS. A legitimate business will never request information from you via text messages, unless you have “opted-in” to text messages with them, and then it’s usually just to send you information or ask for verification of services.
If you haven’t yet done so, get antivirus for your phone and other handheld devices. Keep the software on them up-to-date.
Remove any apps from your devices that you don’t use.

Tags

Information Security

Known Issue with PhishAlarm When Using R'Mail to Report

npill005 — Wed, 14 Dec 2022 23:54:02 +0000

Known Issue with PhishAlarm When Using R'Mail to Report npill005 Wed, 12/14/2022 - 15:54 More Security Alert December 14, 2022

The UCR Information Security Office is aware there is an issue with the PhishAlarm reporting tool not working properly for some users on R'Mail. This is an intermittent problem and only affecting some R'Mail users. We are working to find a solution and will provide an update to users once the issue is resolved.

If PhishAlarm is not working for you, please put in a ticket in SNOW to notify us and we will contact you if we need more information. You can also forward the entire email including headers to Abuse@ucr.edu. Instructions on how to do so can be found in the knowledge base (KB0011368).

Tags

Information Security

UCR Calls for Cyber Security Superheroes!

ikruc001 — Tue, 11 Oct 2022 16:03:54 +0000

UCR Calls for Cyber Security Superheroes! ikruc001 Tue, 10/11/2022 - 09:03 More Blog Posts October 01, 2022

As a University on the rise, UC Riverside is on the radar of brilliant students and researchers across the globe. Unfortunately, this global recognition also puts our university on the radar of cyber criminals looking to maliciously exploit our systems and victimize our community.

Now more than ever, UC Riverside needs heroes—cyber security superheroes, to be exact. That’s why UCR Information Technology Solutions (ITS) invites you to participate in national Cyber Security Awareness Month and gain the cyber security superpowers needed to keep our campus safe!

Throughout the month of October, the ITS booth will be set up near Coffee Bean & Tea Leaf every Monday and on the east side of the Bell Tower every Thursday. Students, faculty, and staff who visit the booth will be invited to take the Cyber Security Superhero Challenge. Challenge participants who demonstrate that they have cyber security “superpowers” will be eligible to win fun prizes, including power banks, water bottles, wireless charging pads, and a coveted Cyber Hero t-shirt!

In addition to the on-campus events, ITS will run a blind fishing derby in October. At some point during the month, the ITS Information Security Office will send out an email phishing lure to campus. What makes this lure blind compared to ITS’ normal campus phishing simulations is that if you interact with the email you will not be notified that it is a UCR-sanctioned simulation. The first 10 people to successfully report the tagged blind phish using PhishAlarm will receive a $25 Amazon gift card and a limited-edition UCR cyber security challenge coin!

So, do you have what it takes to keep our campus safe? Find out and earn your Cyber Hero cape! Visit https://its.ucr.edu/cybersmart to learn how to participate in Cyber Security Awareness Month and strengthen your cyber security superpowers.

Tags

Information Security

Notice of Job Offer Scams Targeting UCR Students

alexandc — Wed, 28 Jul 2021 22:26:54 +0000

Notice of Job Offer Scams Targeting UCR Students alexandc Wed, 07/28/2021 - 15:26 More Security Alert July 28, 2021

The Information Security Office has been working diligently to investigate and defend UCR against a Job Offer Scam that is primarily targeting UCR students.

This is a type of email scam in which the attacker will impersonate the identity of a UCR faculty member or administrator. Using social engineering tactics, the attacker will try to trick their targeted victims into sending money or sensitive information through email. For example, these fraudulent emails may ask students to send resumes, bank account numbers, social security numbers, addresses, birthdays, research data, gift card codes, etc.

In this recent campaign targeting students, the attackers will impersonate UCR faculty and administrators and email students from Gmail accounts. The email is worded like a job offer to solicit personally identifiable information, which is then used to contact the student directly via personal email or phone to persuade the student to provide money or sensitive information, such as a social security number or bank account number.

In one recent attack the victim believed they received a virtual personal assistant job. The victim received a check and explicit instructions to deposit the check into their personal bank account to purchase gift cards on behalf of the person impersonating a UCR employer. Once the victim sent the gift card codes to the scammer the check was voided, resulting in the gift card money being deducted from the student’s own personal savings.

This kind of attack is very similar to previous Business Email Compromise (BEC) scams targeting students, faculty, and staff. As a reminder, here are some tips to prevent yourself from falling victim to these kinds of cyberattacks:

Locate the “From” field of the email and double-check that the email address of the sender matches exactly with the address of a trusted UCR faculty or staff member. Next, hit “Reply” and make sure the address showing in the “reply-to” field is the same ucr.edu campus address. Keep in mind that scammers can spoof an email address to make it appear real, so it’s important to ensure the reply-to address isn’t going to a non-campus email address. When in doubt, you can find contact information for faculty and staff at profiles.ucr.edu. If you believe the email address to be illegitimate, do not send a reply to the email or open any attachments.
Validate any requests for monetary funds or protected information by taking additional actions, such as calling the person on their UCR office phone number or physically visiting the person’s office or department office to verify the legitimacy of the email.
Never send sensitive information over email (i.e., credit card numbers, bank account routing numbers, social security numbers, etc.). If asked to provide sensitive information over the phone, verify that the phone number matches the UCR office phone number of the person you believe you’re speaking with, or ask to call them back at the office number listed on an official UCR directory or website.
Other red flags to watch out for include:
- Having to open an email attachment in order to view the offer
- No company name provided
- Promise of high pay for very little work
- Spelling and grammar errors or awkward phrasing
- Offers to send money
- Requests for money or gift card codes
- Requests to communicate using non-UCR channels (text message, non-UCR email, other applications, etc.)
- You received a job offer but didn’t apply for/are not actively looking for a job

In general, ITS advises all UCR students, faculty, and staff to be wary of any suspicious emails and to always think twice before responding to any email. Please report any suspicious emails to abuse@ucr.edu (see complete instructions here). To learn more about job fraud, visit the UCR Career Center’s website. For more cybersecurity tips to protect yourself, visit our website at its.ucr.edu/cybersmart.

If you are a victim of a Job Offer Scam and lost money or sent personal information to the attacker, you should file a report with UCPD. In the event you sent personally identifiable information, it is a common practice to put a Credit Lock on your credit reports with three major credit bureaus (Equifax, Experian, and Transunion) to mitigate identity theft.

ITS would like to thank you for your deliberate efforts in keeping the campus secure.

Tags

Information Security