Skip to main content
Learn More
Shearman at dusk

Information Security

Information Security

Information Security Issues?

Call
337.475.5995

Submit a Helpdesk ticket
Contact InfoSec

The protection of information resources at McNeese State University is a high priority. The Information Security website is designed to educate the university community about technology policies and information security best practices, and equip students, faculty and staff with the tools needed to protect the information resources of the University, it's members and connected networks. McNeese State University is committed to implementing policies and encouraging best practices that do not impose on the University's established culture of openness, trust, and integrity.


Please read the Policies, Guidelines, and Laws Relating to Information Security.

Information

McNeese will NEVER ask for account information via email. Messages about quotas, upgrades or maintenance are likely Phishing attempts.


OpenSSL TLS 'Heartbleed' Vulnerability

CIS Cyber Security Advisory 2014 - 028

Executive Summary

A vulnerability has been discovered in OpenSSL’s implementation of the TLS ‘heartbeat’ extension that could allow for the disclosure of sensitive information. OpenSSL is an open-source implementation of the SSL protocol used by a number of other projects. SSL (Secure Sockets Layer) is a protocol that ensures secure communication over the Internet via encryption. This issue could allow an attacker to compromise the private key and other sensitive data stored in memory.

Threat Intelligence

Proof-of-concept code has been released. This vulnerability was first included in OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the issue. Software products known to be using OpenSSL are the open source web servers Apache and nginx.According to Netcraft's April 2014 Web Server Survey ( http://news.netcraft.com/archives/2014/04/02/april-2014-web-server-survey.html ) of 958,919,78

ALERT: Microsoft Security Bulletins - March 2014

"Office of Information Technology Security Alert List" - MAR 11, 2014

Microsoft has just released five security bulletins for the month of March. Exploitation of vulnerabilities range from remote code execution, elevation of privilege, and security feature bypass. It is recommend that the updates be applied as soon as possible after appropriate testing.

Critical Bulletins:

MS14-012 Cumulative Security Update for Internet Explorer (2925418)
https://technet.microsoft.com/en-us/security/bulletin/ms14-012

MS14-013 Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2929961)
https://technet.microsoft.com/en-us/security/bulletin/ms14-013

Important Bulletins:

MS14-015 Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2930275)
... more

Pages