[liberationtech] New IT security measures underway
Yosem Companys
companys at stanford.edu
Fri Jan 31 09:01:06 PST 2014
New IT security measures underway
By Ileana Najarro January 30, 2014
New Stanford information security measures are underway, including a
modified and more versatile two-step authentication system to be
deployed this year, according to Michael Duff, assistant vice
president and chief information security officer.
Duff said that the University has secured a campus-wide license with a
third party vendor to make the two-step authentication process more
flexible with new options such as SUNet ID users receiving push
notifications on their phones through an app where they can tap "yes"
or "no" to login, thereby avoiding having to type in a six-digit code
number into WebLogin -- a system that current has drawn ire from some
Other information security measures currently on the table include
mandates for University employees outlined in a community email from
Randy Livingston '75 M.B.A. '79, vice president for business affairs
and chief financial officer, earlier this month.
One of these mandates includes having employees with Windows XP
laptops and desktops migrate to Windows 7 Enterprise or Ultimate, or
Windows 8
Pro or Enterprise, by April 8. Employees will be able to download the
latest Microsoft software for free under a new campus-wide license
obtained in November 2013.
Duff explained that students are also able to take advantage of the
new Microsoft license and are encouraged to download the latest
software for free as well.
In terms of updates from the July 2013 breach, Duff said that further
investigations from the Information Security Office and Mandiant -- an
external forensics firm -- found no evidence to indicate that
compromised encoded SUNet password information was decoded and/or used
in any way.
He added that IT administrators were able to detect an initial attack
on the central Microsoft account infrastructure within 12 hours when a
second sever crashed.
Since the July breach, the University identified 33 security
initiatives that will continue to be worked on over the next two
A previous version incorrectly said Michael Duff is the assistant vice
president and chief information officer. The Daily regrets this error.
More information about the liberationtech
mailing list