Notice: Instructure Security Incident & Canvas Updates

Yale ITS is monitoring a reported cybersecurity incident affecting Instructure, the vendor behind Canvas. At this time, there is no known significant impact to Canvas services at Yale, and updates will be shared as more information becomes available.

Read More

Critical vulnerability in all versions of Linux.

Critical vulnerability in all versions of Linux. Please check with your vendor for updates and plan to apply patches as soon as possible. For more information, see: https://xint.io/blog/copy-fail-linux-distributions

Read More

YALE-MSS-13.3: Ensure logs are forwarded to a log server in addition to the in-scope system

Standards Group:
YALE-MSS-13: Logging

YALE-MSS-13.3: Ensure logs are forwarded to a log server in addition to the in-scope system

Low Risk Endpoint Not Required Moderate Risk Endpoint Not Required High Risk Endpoint Not Required Low Risk Server Not Required Moderate Risk Server Upcoming High Risk Server Upcoming Low Risk Mobile Device Not Required Moderate Risk Mobile Device Not Required High Risk Mobile Device Not Required Low Risk Network Printer Not Required Moderate Risk Network Printer Not Required High Risk Network Printer Not Required

Details

Centralized log collection mitigates the risk of deletion or tampering of critical information and makes correlation easier for incident response.

Collect logs on a log server using syslog, event streaming or forwarding, or agent based log forwarders. Ensure collected logs are read-only and the sending system is not able to modify or delete the forwarded logs.