[HSC-Unix] SECURITY NOTIFICATION 2003-6-4

Petrie, John F., III PETRIE at uthscsa.edu
Tue Jun 17 19:00:28 CDT 2003 

SECURITY NOTIFICATION 2003-6-4

 

*** FOLLOWUP OF EMERGENCY SHUTDOWN OF FTP PORT FROM JUNE 14, 2003 *** 

 

SUMMARY 

 

This is an IMPORTANT notification. The Information Security Office
recommends that TSRs share this information with their Data Owners,
Managers, and System Administrators.

 

After the FTP port shutdown of June 14, 2003, the Information Security
Office began the work of opening inbound FTP on specific servers related to
University operations.  Besides existing requests for inbound FTP access,
the Information Security Office contacted server administrators who had
participated in the recent server inventory survey and who had designated
their systems as using FTP.  Those who responded, requesting to retain FTP
access from outside the University were added to the firewall access control
list to allow inbound transactions.

 

During June 16 & 17 the Information Security Office and Telecommunications
and Networking contacted the system administrators of servers listed in the
server inventory that listed FTP as one of their available services.  Those
administrators were given the opportunity to specify whether their servers
should be granted FTP exceptions and have FTP open to connection from
outside addresses.  In addition, previously submitted Remedy cases were
scanned for FTP port requests and the existing firewall ACL was reviewed to
find other UTHSCSA computers that might need FTP exceptions.  These cases
have been resolved, and we believe that most of the situations where this
type of access is needed have been addressed.  

 

Based on the incident described in Security Notification 2003-6-3, as well
as previous activity, it has been determined that the FTP capabilities of
the University network have probably been well mapped and the network is a
likely candidate for exploitation.  In the interest of maintaining and
improving network security, unrestricted FTP access originating from outside
the network will remain disabled.

 

NEW PROCEDURES FOR REQUESTING FTP ACCESS

 

Beginning Wednesday, June 18, 2003 requests for FTP access into the UTHSCSA
network from external sites will be handled the same as HTTP (80) and other
port exception requests.  Users or system administrators who need to have
FTP connections to their devices allowed from external sources will need to
fill out a T&N Service Request Form (SRF) and submit it to the T&N Customer
Service office.  These port requests will be reviewed by the Information
Security Office before authorization is given to allow the port to be
opened.

 

You can find T&N's online SRF at
http://www.uthscsa.edu/tn/Documents/Web-SRF.html.  When submitting a FTP
port exception request, please provide the following details:

 

- The IP address and computer name of the internal device

- The IP address(s) and computer name(s) of the external device(s) (if the
range can't be determined and access is needed from the entire Internet, put
ALL)

- Name, department, and contact information for the device's user, sysadmin,
and/or TSR

 

As a reminder, the Network Access Policy (HOP 5.8.5) paragraph 5, states,
"All public access (non-protected) will be to services within the DMZ"  If
you require the public, or non UTHSCSA entities to access your FTP server,
you should consider locating the server in the DMZ in the near future.  

 

If you have questions regarding the SRF or this process or moving an FTP
server to the , please contact the T&N Customer Service Center at 7-2061, or
call the Information Security Office at 7-5900.

 

 

If you have specific questions or need additional information, you can
contact the Information Security Office at: 

 

Website: http://infosec.uthscsa.edu/ 

Hotline: 210-567-5900 

Email: Security-Questions at uthscsa.edu 

 

 

John Petrie, CBM, CISSP

Chief Information Security Officer

The University of Texas

Health Science Center at San Antonio

7703 Floyd Curl Drive

San Antonio, TX 78229-3900

v: 210-567-0652

f: 210-567-2204

p: 877-379-0947

petrie at uthscsa.edu <mailto:petrie at uthscsa.edu> 

--------------------------------------------------------------------------

CONFIDENTIALITY STATEMENT

The information in this email may be confidential and/or privileged. This
email is intended to be reviewed by only the individual or organization
named above. If you are not the intended recipient or an authorized
representative of the intended recipient, you are hereby notified that any
review, dissemination or copying of this email and its attachments, if any,
or the information contained herein is prohibited. If you have received this
email in error, please immediately notify the sender by return email and
delete this email from your system. 

------------------------------------------------------------------------

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://biochem.uthscsa.edu/pipermail/hsc-unix/attachments/20030617/7e0e1421/attachment-0002.htm

More information about the HSC-Unix mailing list