Update Security on Duke-Owned Computers by Sept. 30

Duke staff and faculty should contact department IT staff to enroll

Computer

All Duke-owned computers must be enrolled in a campus security management system by September 30 or users may lose access to the Duke network.

In July, Duke announced the security enhancements in light of cyber-attacks to make sure Duke-owned computers on the network are enrolled in locally-operated security management systems in order to ensure the computers are receiving security upgrades.

“Because of the risks posed to our systems by computers utilizing outdated software, we have asked the IT Security Office and OIT to coordinate with school and departmental IT staff to complete the enrollment of all Duke-owned computers in the campus security management systems by September 30, 2017,” Provost Sally Kornbluth and Executive Vice President Tallman Trask III wrote to Duke deans, directors and department heads in July.

Richard Biever, chief information security officer at Duke, said enhanced security measures are necessary because of a shift toward attackers targeting networks and laptops.

“Duke has traditionally run an open network that supports academic freedom and collaboration,” Biever said. “That’s one of the advantages Duke has. The challenge with an open network is that attackers might use it to take advantage of vulnerable systems.”  

The campus security management systems – BigFix, System Center Configuration Manager, Casper and Symantec Endpoint Manager – allow Duke’s departmental IT groups to identify laptops and desktops that may be missing security updates. Typical cybersecurity attacks, such as phishing, may attempt to install malware — short for malicious software — that takes advantage of these missing security updates.

“Attackers take the path of least resistance,” Biever said. “That’s why it’s important we keep these machines up to date and run current versions of anti-virus software.”

Devices not enrolled in one of the security systems by Sept. 30 are subject to removal from the Duke network. Staff and faculty who haven’t been contacted by their departmental IT groups, or are unsure if they have, should contact their department IT representative for help, or write security@duke.edu for assistance.

“Security is a shared responsibility,” Biever said. “We’re working very hard to protect Duke and detect attacks against Duke. This is a step toward making sure that we understand where machines might be at risk.”

Enrollment in the campus security management system is not currently required for personally-owned computers and devices, like smartphones.