Notes for CSE people regarding the campus security initiative beginning in Fall 2023.
This project is driven by the campus Cybersecurity Operations Group (CSOG), and they are working with CSEHelp via the Jacobs IT group (Office of Engineering Computing, oec@ucsd.edu).
If you're just looking for the link to the JSOE installers: here it is (each folder contains Linux/Mac/Windows-specific instructions). Otherwise, please read on...
If you have a Mac/Windows/Linux computer with a fixed hostname on a campus network, that computer should have Qualys (vulnerability management) and Trellix (antivirus) agents installed and configured to communicate with campus-run servers that monitor the security state of overall campus computing.
OEC is providing installers (see below). Those files should do the install such that the software will be already correctly configured once installed, with no further intervention.
This applies to most university-owned Windows, Mac, and Linux computing equipment using fixed hostnames on UCSD networks. Those using only dynamic addressing (dhcp) or wi-fi are exempt, as is non-university-owned equipment.
The OEC-provided installers (link below) should install and properly configure the agents. If installed correctly via the installers, you do not need to do any further configuration. Each subfolder (Linux/Mac/Windows) has the files you'll need, along with installation instructions.
Please note that campus will be monitoring the entire relevant IP address space, looking for computers that are not running these agents. We have not seen an official notice detailing what they will do regarding computers that are not running the agents; our guess is that it may involve network blocking, but that's just speculation at this time. We have requested that campus make their intention clear.
The latest Qualys and Trellix installers from OEC. These will install and configure the agents correctly.
Depending on your OS, you may get a warning about an unrecognized app or that the file is in one way or another "possibly unsafe", "might be dangerous", or "from an unknown publisher". Go ahead and install anyway.
You may need to click through to a "run anyway" button. For example, on windows, you may need to click on "more info" before the "run anyway" button will show up.
Each of the Linux, Mac, Windows folders contains a file with instructions. Please follow them carefully otherwise, in some cases, the install will not work. Specifically note that in some cases the install files need to be placed in a specific location before running. Here are the direct links to those documents:
If your host has an address in the "non-routable" address ranges (generally, starts with "172.xxxx"), you will need to run an extra command when doing the install (as of 2023/01). OEC is currently looking at this.
UC San Diego IT Policy Exception Process -- see the section "Requesting an Exception"
The OEC/Jacobs CyberSecurity information page
The OEC/Jacobs original outreach message
Campus CSOG page: note that both the Chancellor and the campus Chief Information Officer are behind this effort. (As of Fall 20233, the specific mandate wording seems to just be in the first bullet point under "Current Operational Targets". Although it seems a small mention, as per multiple discussions, campus does seem to be taking this seriously.)
Campus CCR page: The CSOG and CCR initiatives are similar. For this exercise, both are aimed at getting Qualys and Trellix installed on your hosts. CCR is more focused on research vs administrative machines.
As yet there is no known simple, clear, official, public statement from the Chancellor or campus CIO regarding this. We will provide a link to that once we are aware of it.
Some ITS mandate language can be found on this page: http://secure.assure.ucsd.edu/ Log in with your campus Active Directory credentials. As of 2023/10/24, I am told they are "working on updating the information".
UC San Diego Network Security Info
Specific research host support or exception questions can be addressed to:
ccr-support@ucsd.edu
UC_wide (UCOP) Security/S3 policy FAQ