Skip to main content
Learn More
Shearman at dusk

Information Security

Information Security

National Cyber Security Awareness Month

Information Security Issues?

Call
337.475.5995

Submit a Helpdesk ticket
Contact InfoSec

The protection of information resources at McNeese State University is a high priority. The Information Security website is designed to educate the university community about technology policies and information security best practices, and equip students, faculty and staff with the tools needed to protect the information resources of the University, it's members and connected networks. McNeese State University is committed to implementing policies and encouraging best practices that do not impose on the University's established culture of openness, trust, and integrity.


Please read the Policies, Guidelines, and Laws Relating to Information Security.

Information

McNeese will NEVER ask for account information via email. Messages about quotas, upgrades or maintenance are likely Phishing attempts.


Update: POODLE Vulnerability in SSLv3

CIS ADVISORY NUMBER: 2014-089 - Update

Subject

Vulnerability in SSLv3 Could Allow Information Disclosure

Executive Summary

10/15/2014

A vulnerability exists within the SSL version 3.0 protocol allowing an attacker to hijack and decrypt session cookies that are utilized between a user's web browser and the web site. Secure Sockets Layer (SSL) is a cryptographic protocol that is designed to provide secure network communication using X.509 certificates. This could lead to attackers temporarily impersonating web site visitor account logins and/or online payment systems.

Threat Intelligence

There are currently no reports of these vulnerabilities being exploited in the wild.

System Affected

  • Any client or Web Server supporting SSLv3 protocol

Risk

Government
  • Large and medium government

ALERT: Microsoft Security Bulletins - October 2014

Microsoft Security Bulletin Summary for October 2014

Microsoft has released updates to address vulnerabilities in Windows, Office, Office Services and Web Apps, Developer Tools, .NET Framework, and Internet Explorer as part of the Microsoft Security Bulletin Summary for October 2014. These vulnerabilities could allow remote code execution, elevation of privilege, or security feature bypass.

US-CERT encourages users and administrators to review the bulletins and apply the necessary updates.

Critical Bulletins:

(MS14-056) - Cumulative Security Update for Internet Explorer (2987107)
Severity: Critical
Primary Attack Vector: Specially crafted webpage
Publicly Disclosed: No
Assumptions: Some of these vulnerabilities would have to be used in conjunction with another vulnerability that allow remote code execution
Recommendations: Patch immediately after appropriate testing
Advisory Candidate: Yes

Critical Bourne Again SHell (BASH) Vulnerability Allows for Remote Code Execution

CIS ADVISORY NUMBER: 2014-080

Executive Summary

9/24/2014

A recent vulnerability has been discovered affecting the Bourne Again SHell (BASH). BASH is the default command-line shell processor that is often run in a text window on Linux and UNIX systems. BASH allows users to type commands that cause actions. In addition, BASH has the ability to read commands from a scripted file. Based on the wide use of Linux and UNIX systems, it can be assumed that most distributions running Linux and UNIX, as well Mac OS X, are likely vulnerable.


Successful exploitation could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Threat Intelligence

Exploit code is currently available and the vulnerability is actively being exploited.

System Affected

Pages