Wednesday, 12 September 2018

Australian Cyber Security Centre(ACSC) alert: 2018-140 Malicious activity targeting education institutions (GREEN)

Studentnet is a registered partner of the Australian Cyber Security Centre(ACSC). The ACSC is part of the Australian Signal Directorate of the Department of Defence. Registered partners of the ACSC are considered by DoD to be part of Australia's critical infrastructure. Studentnet receives alerts such as this as a result of that status. 

The ACSC has issued the following alert that is directly relevant to our school education community.:

==========================

TLP: GREEN

2018-140: Malicious activity targeting education institutions

The Australian Cyber Security Centre (ACSC) is aware of ongoing spear-phishing campaigns targeting multiple Australian higher education institutions.
==========================  

The alert is marked TLP Green:
"Restricted to closed groups and subject to confidentiality. 
You may share GREEN publications with external organisations, information exchanges, or individuals in the network security, information assurance or critical network infrastructure community that agree to maintain the confidentiality of the information in the publication. You may not publish or post on the web or otherwise release it in circumstances where confidentiality may not be maintained."

This means that Studentnet cannot distribute the content of the alert via this blog. However, we can email the alert to directly to individual members of our community.

The alert contains detailed information on the malicious activity and recommendations on protecting your organisation. Cloudwork contains specific features that allow you to easily implement the protection recommendations of the ACSC.

Studentnet strongly recommends that you obtain a copy of the alert. You can obtain a copy by emailing a request to kjk@studentnet.id. Studentnet will email you a full copy of the alert under TLP green conditions.

Please contact Kevin Karp at Studentnet(+61 2 9281 1626 or kjk@studentnet.id) to discuss and plan your implementation of the ACSC's recommendations using Cloudwork's features.

Thursday, 6 September 2018

Advisory: NTLM Abuse Mitigation

NT Lan Manager (NTLM) authentication is currently being abused to harvest user credentials, so CERT Australia has prepared a list of recommendations for techniques to mitigate NTLM abuse.

CERT Australia is now part of the Australian Cyber Security Centre(ACSC) of the Australian Signals Directorate(ASD) section of the Department of Defence.

Wednesday, 16 November 2016

Advanced User Upload Usage

The user upload feature is not new, it has been in operation many years. We have recently looked at it's capabilities and decided to update what it can do in our dashboard.

Let's look at what it currently does.


You can upload a CSV file to create or update multiple accounts at once.


Your CSV file must contain the following headings: 

Email,User Name,First Name,Last Name,Password,Role

For example:

Email,User Name,First Name,Last Name,Password,Role
principal@example.edu.au,principal,School,Principal,pri2009,teacher
joeblogs@example.edu.au,joeblogs,joe,blogs,joe2009,teacher
a.student@example.edu.au,SN1234,Alfred,Student,as2010,student
 
The following email accounts will be created:
  • Username: principal
    Password: pri2009
  • Username: joeblogs
    Password: joe2009
  • Username: SN1234
    Password: as2010
Valid roles must be chosen from the following list:
  • Student
  • Alum
  • Teacher
  • Parent
 

This has been pulled directly from the dashboard so no new information there.

All of these values are the same and remain required information.

The Let's look at the additional fields that we have added.

Recovery Phone

This is the phone number that is used in password reset. As with the other headings it must be put exactly as above. This field is not compulsory and may be left out if it is not required.

Recovery Email

 This is the email address that is used in the in password reset. As with the other headings it must be put exactly as above. This field is not compulsory and may be left out if it is not required.


Additional Attributes

This is where things can get a little more interesting. You can now add additional attributes to the import and will will import them into the Custom Attributes for the user. This can be useful when having to bring additional information for a user that needs to be sent to the service provider, but doesn't quite fit in the existing categories. For example StudentID, SynID etc

These are not compulsory and can be left blank for the users that do not have such a value.

If we look at what this might look like in a spreadsheet





This will create a record as normal with the below attibute
User Name: principal
Email: principal@example.edu.au
First Name: School
Last Name: Principal
Password: pri2009
Role: Teacher

With the new attributes this will also add

Password Reset Recovery Email: othermail@gmail.com
Password Reset Recovery Phone: 0412345678

Another attribute will be created:

SynID: 314159

Once the user logs in, all the normal attributes will be created and sent to the service provider, additionally this user will have SynID sent. NB Password reset information is NOT exposed to service providers.

So when the user is created all the information about the user is already there without need for further interaction.

Conclusion

Just to make things clear on these new attributes, they can be left blank for users that they do not apply, or just simply not included in the import.

Remember these imports can be run as scheduled imports through the sync profile interface.

 









 

 

 

Tuesday, 26 January 2016

Managing your Alumni accounts for the new academic year

Updating your graduating students to Alumni status is a simple process.
To start, select Sync Profiles from the menu in your Cloudwork dashboard
Dashboard Menu Screenshot
You'll be shown a list of the sync profiles currently set up for your school.
Sync Profile list Screenshot
Select the sync profile for your graduating year, and then change Role under the User Settings heading to Alum
Sync Profile User Settings Screenshot
Scroll to the bottom of the page and click Submit. Go back into the sync profile and click Start Full Resync. In a few minutes, your graduated students will all be marked as alumni. You can check this by examining any of the newly graduated students. You can also navigate to your dashboard home page and observe that the number of chargeable users has now been decreased (and of course the number of Non-chargeable users correspondingly increasing).

I only have one Sync Profile for my students!

No problem! We need to pln how to setup new sync profiles for each of your graduating years. Call Studentnet on (02) 9281 1626 and we'll be happy to plan this process with you..

My alumni students aren't in Active Directory any more...

In that case, create a support ticket (support.cloudwork.net.au) or send us an email(support@studentnet.net), with a list of the usernames for your alumni students. We'll update them for you.


We'll also accept a list of usernames to process if you manage your students directly or via CSV files instead of syncing with Active Directory.

Tuesday, 8 December 2015

Password Reset Flow



Password Reset Flow
When looking to reset a password a user will be given a link, this can be on a portal or the login page or whatever method is preferable.
The first screen that is presented is below. This screen the user will enter their username and choose how they want the process to go, by choosing Email or Mobile



If the username is not found or the user does not have the particular recovery method available to them an error will be given. This can happen if the user selects Mobile and the system does not have any record of a Mobile number for the user. Same applies for email. For security reasons the actual reason for failure is not given.


Otherwise we move onto the next screen


Given that we are now on this screen this means a message has been sent to the user’s email or mobile.
Mobile:

Email:





The user will then enter the code that was sent to them into the field and continue.

From there the user will be able to reset their password. This is the point where password complexity rules will be applied.






Once the new password is put in and the “Change Password” is pressed. The password change is made and the user is now able to use that password for future logins.