Presentation is loading. Please wait.

Presentation is loading. Please wait.

Windows 7 Project and Heartbleed Update Sian Shumway Director, IT Customer Service.

Published byLee Evans Modified over 9 years ago

Similar presentations

Presentation on theme: "Windows 7 Project and Heartbleed Update Sian Shumway Director, IT Customer Service."— Presentation transcript:

1 Windows 7 Project and Heartbleed Update Sian Shumway Director, IT Customer Service

2 Windows XP Overview Technical issue: Windows XP support ends April 8, 2014. Microsoft will no longer provide patches, updates, or support. XP systems will no longer meet UCSF minimum security requirements and must be upgraded. Risk: XP systems will be vulnerable to security exploits. UCSF enterprise at risk from anticipated influx of threats. Action: Mandate the upgrade of all Windows XP systems. Executive support for escalation, potential funding, and minimizing security exceptions. 2 Post April 8 th UCSF will have substantial quantities of XP computers operating in our environment which requires us to take risk mitigation steps immediately.

3 Where We Started ~ 8500 XP systems to upgrade ~359 Applications to test, migrate or except Timeline: 3

4 Progress Update ~ 5000+ XP systems complete to date ~3000 systems remaining Estimated completion date of May 31 ~400 systems excepted due to application migration cost/availability - complete by April 2015, many earlier ~350 Applications test and migrated ~10 applications required exception to complete migration by April 2015 (~500 systems) 4

5 Risk Mitigations Microsoft extended support for Windows XP for 1 year Installation of Symantec Endpoint Protection 12 on all computers Install Microsoft Enhance Mitigation Experience Toolkit (EMET) XP computers Enhance the UCSF Spam Firewall Web filtering to monitor network traffic 5

6 What is the Heartbleed bug This flaw potentially allows attackers to steal passwords or other data from websites using OpenSSL encryption. Approximately 2/3 of all sites on the Internet were vulnerable for almost 2 years until the bug was discovered last week. It’s difficult or impossible to determine whether or not this vulnerability was widely used to steal passwords and confidential information. 6

7 What we are doing about it Remediation is a 3-step process: Patch the software Install a new SSL certificate Have users to change their passwords IT Security scanned the network to identify vulnerable UCSF systems and notified system administrators Dozens of Internet-accessible systems and many more internally accessible systems have been patched Email will be sent to all users next week asking you to change UCSF passwords 7

8 What should you do about it? Change your Active Directory password when asked by IT Change passwords for your personal accounts on sites that may have been affected (Google “Mashable Heartbleed” for a good list of popular, affected sites) Look for updates at: http://tiny.ucsf.edu/heartbleed http://tiny.ucsf.edu/heartbleed 8

9 Questions? Web: readyfor7.ucsf.edureadyfor7.ucsf.edu Sian Shumway, Director IT Customer Service sian.shumway@ucsf.edu] sian.shumway@ucsf.edu Project Manager: arabella.handy@ucsf.eduarabella.handy@ucsf.edu 9

Download ppt "Windows 7 Project and Heartbleed Update Sian Shumway Director, IT Customer Service."

Similar presentations

Patch Management Patch Management in a Windows based environment

Patch Management Patch Management in a Windows based environment
Information Security The Responsibility of Security Lies on The Shoulders of Each and Every User……. R. LaRocca 1997 Robert LaRocca - Director Information.

Information Security The Responsibility of Security Lies on The Shoulders of Each and Every User……. R. LaRocca 1997 Robert LaRocca - Director Information.
Keep Your PC Safe (Windows 7, Vista or XP) Nora Lucke 02/05/2012 Documents - security.

Keep Your PC Safe (Windows 7, Vista or XP) Nora Lucke 02/05/2012 Documents - security.
A NASSCOM ® Initiative Comprehensive Computer Security Software An advanced computer security software usually have one or more of the following utilities.

A NASSCOM ® Initiative Comprehensive Computer Security Software An advanced computer security software usually have one or more of the following utilities.
Current Security Threats WMO CBS ET-CTS Toulouse, France 26-30 May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.

Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.

SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.
Viruses and Spyware. What is a Virus? A virus can be defined as a computer program that can reproduce by changing other programs to include a copy of.

Viruses and Spyware. What is a Virus? A virus can be defined as a computer program that can reproduce by changing other programs to include a copy of.
How PNNL Manages Windows Desktops 1 Will Jorgensen.

How PNNL Manages Windows Desktops 1 Will Jorgensen.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
IT Security Essentials Ian Lazerwitz, Information Security Officer.

IT Security Essentials Ian Lazerwitz, Information Security Officer.
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.

Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.

Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.

Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.
Viruses, Worms and Spam Definitions Virus - unauthorized software, embedded in other programs and with the ability to propagate when the host program is.

Viruses, Worms and Spam Definitions Virus - unauthorized software, embedded in other programs and with the ability to propagate when the host program is.
RFC6520 defines SSL Heartbeats - What are they? 1. SSL Heartbeats are used to keep a connection alive without the need to constantly renegotiate the SSL.

RFC6520 defines SSL Heartbeats - What are they? 1. SSL Heartbeats are used to keep a connection alive without the need to constantly renegotiate the SSL.
Internet Safety By Megan Wilkinson. Viruses If your computer haves a viruses on it, it will show one of them or a different one. All commuters have different.

Internet Safety By Megan Wilkinson. Viruses If your computer haves a viruses on it, it will show one of them or a different one. All commuters have different.
FCMAT Technology Recommendations Fil Duldulao Shawn Cabey David Flores Julienne DeGeyter.

FCMAT Technology Recommendations Fil Duldulao Shawn Cabey David Flores Julienne DeGeyter.

Similar presentations

Ads by Google