ICT Critical Security Advisory
The Department of Homeland Security has issued a warning about malicious software, or malware, called VPNFilter which targets home-network routers and puts at risk information that flows through them. To protect your information and limit access to your computing technology, you can:
- Turn your router off and then back on to remove critical parts of the malware from your router.
- You should do this immediately and routinely.
- As an added security measure, you can also reset your router to factory defaults and reboot. Doing so will require setting up your router to work on your network. (Manufacturer contact information is typically found on the bottom of the router.)
- Regularly reset storage devices that are attached to your home networks to factory defaults then reboot.
- Ensure that default passwords are not being used on network equipment.
- Ensure that remote management is turned off on routers. Network device management interfaces—such as Telnet, SSH, Winbox, and HTTP—should be turned off for wide-area network (WAN) interfaces, and, when enabled, secured with strong passwords and encryption.
- Ensure all devices are up-to-date with the latest patch versions.
- If you notice any suspicious activity that might be related to VPNFilter, report it to your local FBI field office, which can be found at www.fbi.gov/contact-us/field, or to the FBI’s 24/7 Cyber Watch at 855-292-3937 / CyWatch@fbi.gov.
Devices that are known to have been infected include, but are not limited to:
LINKSYS DEVICES – E1200, E2500, WRVS4400N
MIKROTIK ROUTEROS VERSIONS FOR CLOUD CORE ROUTERS – 1016, 1036, 1072
NETGEAR DEVICES – DGN2200, R6400, R7000, R8000, WNR1000, WNR2000
QNAP DEVICES – TS251, TS439 Pro
NMSU General User Account Password Standard
An NMSU General User Account password must:
- Be 17 to 64 characters in length
- Not be reused
- Expire every two years (730 days)
For more information, view ARP 15.51 – NMSU Account Password Requirements
Managing Your Facebook Account Privacy
Due to the recent Facebook data scandal, here are a few guides for managing Facebook account privacy:
The Information Security Office, under the authority of the Chief Information Security Officer, is the department with primary oversight for protecting information at New Mexico State University. The Information Security Office promotes security related training and awareness programs, monitors university systems, and assesses and audits university owned computers.
Data security is everyone’s responsibility!
Stay Safe Online
Report Spam and Phishing Attacks
- E-mail the Abuse Office: firstname.lastname@example.org
Report a Security Incident
If you experience a security event that was sent from a NMSU network connection or website, possible copyright infringement, or network intrusion:
- E-mail the Information Security Office: email@example.com
- Call (575) 646-5788 or (575) 646-5789
Report a Network or System Problem
If you experience a software or computer issue, including network connection problems, Canvas and myNMSU problems:
- E-mail the NMSU ICT Help Desk: firstname.lastname@example.org
- Call (575) 646-1840