[IS&T Security-FYI] SFYI Newsletter, July 25, 2011

Mon Jul 25 14:57:47 EDT 2011

In this issue:

1. McAfee Security 1.1 Available for Mac Users

2. Oracle Critical Patch Update Advisory July 2011

3. Information Security Mitigation Lists

-----------------------------------------------------------

1. McAfee Security 1.1 Available for Mac Users

-----------------------------------------------------------

Last week Information Services and Technology (IS&T) announced support for McAfee Security Suite version 1.1.

McAfee Security 1.1 is the virus protection application recommended by IS&T for users of Macintosh OS X 10.6 (Snow Leopard) and OS X 10.5 (Leopard). It replaces McAfee's VirusScan and older versions of McAfee Security Suite. It includes performance and security enhancements and provides the most up-to-date virus and malware detection engines.

If you use a Macintosh and do not have McAfee Security 1.1 on your computer, IS&T strongly recommends that you install this software.  You can download it from IS&T's McAfee Security 1.1 for Macintosh page

<https://ist.mit.edu/services/software/macsecurity/1x>.

IMPORTANT NOTE: IS&T is recommending to hold off on upgrading to OS X 10.7 (Lion) until supported products by IS&T have been fully tested or have been upgraded to run on the new operating system.

For help with installing or using McAfee Security 1.1, contact the IS&T Help Desk at helpdesk at mit.edu<mailto:helpdesk at mit.edu> or 617.253.1101. You can also submit a request online at:

<http://ist.mit.edu/support#form>.

---------------------------------------------------------------

2. Oracle Critical Patch Update Advisory July 2011

---------------------------------------------------------------

Oracle released an update advisory this month to address 78 vulnerabilities in various Oracle products and versions. US-CERT recommends that Oracle database administrators apply the appropriate patches or upgrade as specified in the Oracle Critical Patch Update Advisory - July 2011. Note that this document only lists newly corrected issues. Updates to patches for previously known issues are not listed.

See the full advisory:

<http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html>

------------------------------------------------

3. Information Security Mitigation Lists

------------------------------------------------

Last week the Australian Department of Defense released a list of 35 mitigations that are the best hope for stopping or mitigating the targeted attacks that are decimating government and industry around the world. US-CERT (United States Computer Emergency Readiness Team) also released a similar list of recommendations intended to "enhance existing security programs."

I think any organization can implement all or some of these recommendations depending on the type and amount of information they need to protect. Some of the recommendations are strategic, but others are common measures that we've been discussing for years, such as using strong passwords and changing them on a regular basis, filtering email, and making sure all systems have up to date patches and are scanning for viruses.

Take a look for yourself and see if you are already doing any of them in your area.

US-CERT:

<http://www.us-cert.gov/cas/techalerts/TA11-200A.html>

Australian Government - Department of Defense:

<http://www.dsd.gov.au/infosec/top-mitigations/top35mitigationstrategies-list.htm>

===================================================================================

Read all Security FYI Newsletter articles online or submit a comment at http://securityfyi.wordpress.com/.

===================================================================================

Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20110725/6641e2a1/attachment.htm