Skip to main content
Learn More
Shearman at dusk

Information Security

Information Security

Visit the MSU Alumni Association

Information Security Issues?

Call
337.475.5995

Submit a Helpdesk ticket
Contact InfoSec

The protection of information resources at McNeese State University is a high priority. The Information Security website is designed to educate the university community about technology policies and information security best practices, and equip students, faculty and staff with the tools needed to protect the information resources of the University, it's members and connected networks. McNeese State University is committed to implementing policies and encouraging best practices that do not impose on the University's established culture of openness, trust, and integrity.


Please read the Policies, Guidelines, and Laws Relating to Information Security.

Information

McNeese will NEVER ask for account information via email. Messages about quotas, upgrades or maintenance are likely Phishing attempts.


Internet Security Shouldn't Be A Volunteer Project

The opinions expressed here are not endorsed by McNeese State University.

Heartbleed reveals our neglect of Internet security

The U.S. Government: Paying to Undermine Internet Security, Not to Fix It
by Julia Angwin ProPublica, April 15, 2014, 12:50 p.m.
XKCD


The Heartbleed computer security bug is many things: a catastrophic tech failure, an open invitation to criminal hackers and yet another reason to upgrade our passwords on dozens of websites. But more than anything else, Heartbleed reveals our neglect of Internet security.


The United States spends more than ... more

OpenSSL TLS 'Heartbleed' Vulnerability

CIS Cyber Security Advisory 2014 - 028

Executive Summary

A vulnerability has been discovered in OpenSSL’s implementation of the TLS ‘heartbeat’ extension that could allow for the disclosure of sensitive information. OpenSSL is an open-source implementation of the SSL protocol used by a number of other projects. SSL (Secure Sockets Layer) is a protocol that ensures secure communication over the Internet via encryption. This issue could allow an attacker to compromise the private key and other sensitive data stored in memory.

Threat Intelligence

Proof-of-concept code has been released. This vulnerability was first included in OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the issue. Software products known to be using OpenSSL are the open source web servers Apache and nginx.According to Netcraft's April 2014 Web Server Survey ( http://news.netcraft.com/archives/2014/04/02/april-2014-web-server-survey.html ) of 958,919,78

ALERT: Microsoft Security Bulletins - March 2014

"Office of Information Technology Security Alert List" - MAR 11, 2014

Microsoft has just released five security bulletins for the month of March. Exploitation of vulnerabilities range from remote code execution, elevation of privilege, and security feature bypass. It is recommend that the updates be applied as soon as possible after appropriate testing.

Critical Bulletins:

MS14-012 Cumulative Security Update for Internet Explorer (2925418)
https://technet.microsoft.com/en-us/security/bulletin/ms14-012

MS14-013 Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2929961)
https://technet.microsoft.com/en-us/security/bulletin/ms14-013

Important Bulletins:

MS14-015 Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2930275)
... more

Pages