OIT Security

OIT provides information security services to the entire campus. If you need to contact the Security Team, please call the OIT Help Desk at (949) 824-2222, send an email to oit@uci.edu, or you may open a ticket.

Google Chrome 'Not Secure' Warning

A Note to UCI Webmasters about upcoming changes to Google Chrome

Beginning sometime in October 2017, Chrome version 62 and above will display a “Not Secure” warning when a user enters text into forms on any website that is not HTTPS. (You can see an example of the “Not Secure” message here). Many visitors to UCI web sites will be using Chrome.  The “Not Secure” message may alarm them and they may question the security and legitimacy of these “Not Secure” sites.

The recommended solution is to migrate to HTTPS. This will prevent Chrome’s “Not Secure” message from appearing. OIT offers an SSL certificate service through InCommon. More information can be found at https://security.uci.edu/ssl-cert.html.

The OIT Security teams provides technical documentation on how to request an SSL certificate for a webserver, including guidance on how to install the certificate.

For more detailed information about this issue and other Security issues, please visit their website at https://security.uci.edu.

I've tried the steps above and I'm still having issues

We recommend you continue your search in our comprehensive ServiceNow Knowledge Base.

If you're still having trouble, feel free to open a ticket. When doing so, please provide the following:

  • Your full name
  • Your UCInetID (the first part of your email address, not your ID number)
  • A detailed description of the issue

Failure to provide this information will delay our response.

Vulnerability Management Program

UCI Vulnerability Management Program

Introduction

OIT has embarked upon a program to track and manage information-security vulnerabilities on the network as part of an ongoing effort to reduce cybersecurity risks. This program involves scanning systems connected to UCInet for known weaknesses, informing owners of the issues that need to be addressed, offering technical assistance to fix problems, and when necessary, protecting the rest of UCInet by denying network access to vulnerable systems.

If you wish to analyze your own systems, please visit the Information Security Service Request site to gain access to our Tenable SecurityCenter self-service form or IBM Web Application vulnerability scan request form.

An OIT security engineer will fulfill your request as soon as possible or will reach out to you if any additional information is needed. Please allow up to 3 business days to process your Tenable SecurityCenter requests and 20-30 business days for IBM Web Application scan requests.

More information about this service can be found on the OIT Security website.

What if I'm blocked?

If the OIT Security Team determines that you're machine is vulnerable, we will email you the details of our scan and ask that you address the issue (either yourself - if you manage the machine - or with the help of your local IT support). We will give you 30 days to address the issue.

If you haven't addressed the issue in 30 days, your network connection will be blocked. You will not receive a notification of the block: you simply won't be able to get online. If you contact the Help Desk, we'll be able to help you understand why you were blocked.

Steps for remediation will include finding one of the email notifications you received 30 days prior, taking action, and replying to that email to let the IT Security team know you've addressed the issue.

Keep in mind that only the affected computer is blocked: you can still use your mobile phone (or another computer) to check your inbox for the email notification from the Security Team.

BigFix Endpoint Security

OIT offers IBM's BigFix software as a service (SaaS) to its desktop supported clients and all of the academic units across campus. Supported machines with the BigFix client installed are able to receive software updates & security patches automatically.

Moreover, users whose machines have been blocked due to software vulnerabilities can use this service to remediate any outstanding issues with their computers.

DSS-supported clients already have the client installed. If you are part of an academic unit, please partner with your CSCs for guidance on how to take advantage of this service.

Return to the OIT Help Center.