April 5, 2007
To: UCOP Community
From: Kris Hafner, Associate Vice President, Information Resources and Communications
Now that the UCSF security breach is public,
I would like to share additional information to address potential
concerns about other servers and computers housed in the UCOP data
center.
The UCSF security breach reported yesterday involved a UCSF-administered server located in the UCOP Data Center and connected to a portion of the UCOP data center network with minimally restrictive access controls. UCSF manages the server in question remotely; thus, we are not sure what caused the breach or the exact nature of the intrusion. Further, we do not know whether the server had received up-to-date security patches. We are working closely with UCSF on forensics and expect this information will be revealed during the course of the investigation.
IR&C; worked with UCOP departments over the past year to relocate departmental servers to the UCOP data center. All these servers are located behind secondary firewalls with enhanced access controls for both the incoming and outgoing traffic. After being informed of the breach, we immediately initiated a review of all servers in the data center - both those managed by IR&C; and those managed by departments and campuses - as well as the mainframe, to identify any anomalies or indications of intrusion. No irregularities have been detected. We are therefore confident that the remainder of our computing environment has not been affected by this security breach. We will continue the diligence and keep you informed.
This incident emphasizes the need for the highest standards in server management. IR&C; is working to further consolidate server management so that servers in our data center not only are protected by the firewall but also are maintained in line with industry standards.
If you have questions or concerns, please contact Paul Weiss, Director, IR&C; Technology Support Services at 987-0522 or .