May 2017

You are currently browsing the monthly archive for May 2017.

UPDATE (11:30):

Following a meeting of the Critical Incident Team at 11:00 the incident has been closed. This is due to the lack of open and ongoing problems. We are continuing to proactively monitor the situation and if the status changes we will reopen the incident.

Thank you for your patience on this incident.

IT

INITIAL (10:00):

Around 9 am this morning (25th May 2017) a critical incident affected a component of the network services provided to University of Reading Staff and Students. This component (DHCP – Dynamic Host Configuration Protocol ) is related to the provision of internet addresses to the computer and without an address network access is lost.

For further information or advice regarding this issue then please contact the IT Service Desk via the Self Service Portal (https://uor.topdesk.net/) or phone 0118 378 (6262).

IT

There have been a number of reports over the last few days of Scam phone calls targeting University of Reading staff. The caller purports to be from Microsoft saying that a PC is unsafe and asking for access. If access is given then they will most likely use this as a way of installing malware on your machine or as a way of asking for payment.

This is a scam and staff should terminate the phone call as soon as they determine it is not legitimate. You should then report this through the IT Portal.This will allow us to track numbers and ensure that we are able to respond to an increase in reports. No action will need to be taken following the call, unless you allowed the third party to install any software.

General advice to follow to prevent falling victim to these kind of scams:

  • Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
  • Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information.
  • Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
  • US-CERT and Microsoft also provide advice on avoiding social engineering and phishing attacks.

IT

The Information Technology department is currently working hard on mitigating the risks associated with the latest CyberSecurity incident: the WannaCry worm; the cyber-attack that affected a wide range of institutions last week.

What is it and what are the challenges affecting the University?

The worm affected computers that had not been properly patched, or that were running old operating systems. It follows a tradition of “worms” that have affected computers over a long period of time. The first worm was created in 1988 by mistake, but there have been many others that have affected the internet since and they continue to pose a threat today.

They all exploit vulnerabilities in operating systems: effectively where the code in a program has been poorly written and allows someone other than the intended user to access or control the program. When vulnerabilities are discovered, they can be “patched” – another piece of code is written to fix the code and remove the vulnerability. If the patch is not applied then the original program is left vulnerable to being attacked and the longer it is left the more likely it is that the vulnerability will be exploited and the software that is being used or the data that is being accessed will be compromised.

This is a particular challenge in environments where the management of computers is not well controlled – patching is disruptive (PCs often require a reboot) and time consuming – so machines and software are not always kept up to date. Also a University, like the NHS, will often have machines that are running expensive equipment (for example scanners, microscopes and other scientific equipment). These are often based on old operating system that cannot be easily upgraded and so the choice is to either buy a new piece of equipment or accept/mitigate the risks associated. This can be a very difficult decision to make.

What can you do to help?

There are a number of things that you can do to help:

  • Ensure that patches are applied. While the IT department will push patches out to machines, they often need to be rebooted to be applied. Make sure your machine is rebooted when prompted.
  • Use central file shares or OneDrive for Business to store information. The data is either backed up or previous versions are kept. In the event of a successful ransomware attack we can go back to an earlier version before the file was encrypted – if it is stored on a local drive it may not be backed up and will be lost.
  • Don’t fall for scam emails or websites. Be suspicious of anything you are not expecting and don’t open unexpected email attachments. If you are unsure then contact the sender, preferably by a different method (e.g. phone or text)
  • If you aren’t certain then contact the IT Service Desk they are there to help you with your questions and provide advice.

IT

UPDATE 2: Following a configuration change around midday we have seen an improvement to the service stability. This has continued to be monitored throughout the afternoon and has provided a consistent level of performance. Close monitoring will continue again tomorrow.

Thanks for your patience whilst we have been troubleshooting


UPDATE: We are currently still working on a permanent fix for this problem but have identified a workaround for this. Instructions on the workaround below:

  1. Go to: Control Panel -> Mail (32-bit) -> Email Accounts
  2. Double click on your username
  3. Go to: More Settings -> Connection -> Exchange Proxy Settings
  4. Un-tick ‘on fast networks…’
  5. Ensure ‘on slow networks..’ is ticked

Users are reporting that this workaround is correcting the problem. We are working on a more permanent solution.


We have had a recurrence of last weeks interruption to staff email. We are investigating the problem and working on a fix.

IT