What is the KACE Agent or KBOX?

KACE K1000 Management Appliance (or KBOX for short) by Dell/KACE® is a hardware and software inventory management tool employed campus-wide at Marshall University, primarily to automate and expedite the process of software updates. More information on this appliance can be found at: http://www.kace.com/products/systems-management-appliance/.

Back to top

Why is KACE Needed?

KACE provides numerous benefits such as automated and expedited process of software updates, license management, software management/distribution, inventory management, remote support, better enforced security.

Back to top

What Benefits Will I See as a User?

Faster support, more efficient patch management, remote support, fewer OS support related issues.

Back to top

Does My Machine Have KACE Client Installed?

All university-owned computers will have KACE client pre-installed as part of the default software image. The KBOX client is NOT licensed for use on personally-owned computers.

Back to top

What Types of Information Does the KACE Client Collect?

The KACE Management system assists in the collection of the following types of information for University-owned computers:

• Computer Hardware Inventory
  • Make, model, serial/service tag number
  • Physical specifications such CPU, RAM memory, Hard disk size
  • Network configuration such as Ethernet MAC address, IP address
• Computer Software Inventory
  • Operating system version and patch level
  • Install programs and versions as listed in ‘Add/Remove Programs’
  • Software license compliance (i.e. metering for per-seat and concurrent-use license agreements)
• Computer Security Inventory
  • Last logged on user
  • Security patches applied/missing
  • Change management information (i.e. dates/times when hardware/software changes were reported by the KACE client).

Back to top

Will I Notice the KACE Client on My Machine?

No, the client does not use many resources and runs in the background. The KBOX Client software client will periodically notify you when critical operating system or application updates needed and ask for permission before downloading and installing those updates.

Back to top

How Will I Know When Something is Being Done on My System?

The KACE client is configured to not begin the patch download/update process without your approval. You will see KBOX Alert pop-up window informing you that critical updates needed.
If you are in the middle of an important task and do not wish to be interrupted, you may click the ‘Snooze’ or ‘Cancel’ buttons.

Snooze works similar to an alarm clock; it gives you just a little more time to finish a task, and then KBOX Alert will pop-up again in 30 minutes, to remind you that critical patches are needed.

Cancel will clear the KBOX Alert for the day. You will be reminded during the next scheduled run – generally the next day – that critical updates are needed.

Back to top

What Is The KBOX Client Updating?

The KBOX Alert will notify you of two types of updates: 1) Critical Operating System (Windows or Mac) Updates; and 2) Critical Application Updates (i.e. Acrobat, Flash, Java, QuickTime, etc.).

Back to top

Why Do I See The KBOX Client Pop-Up Again So Quickly?

When your computer first becomes enrolled in the patch management process, there may be quite a number of updates which need to be applied. As a result, do not be surprised if you see the KBOX Alert pop-up several times on that first day. This is normal as some patches require a reboot and some patches need to be applied prior (as a prerequisite) to other patches.

Once your computer has installed all the necessary critical updates, then you should not receive any further alerts until the next time a new security update is released.

Back to top

Can I Still Apply Patches Myself?

Yes. The KACE client does not prevent you from applying patches yourself. However, if you do not apply these updates prior to receiving a KACE Alert, KACE will download and install the update for you.

Back to top

Will KACE Updates Automatically Reboot My Computer (without my permission)?

No. Some critical updates require that your computer be rebooted in order to complete their installation. In those cases, you will receive a second KBOX Alert which will notify you that while the patch is installed, a reboot is needed to complete its installation. When you click ‘YES’, the KBOX client will reboot your computer. You can click ‘No’ if rebooting would interrupt an important task and you will be reminded in 30 minutes. This is similar to ‘snooze’.

The KBOX Client will not reboot the computer until you click ‘Yes’.

Back to top

Will KACE Security Patches Upgrade My Applications to New Versions?

No. Security updates and application upgrades are separate processes. For example, KACE may apply a security update to your Microsoft Internet Explorer (IE) browser to take you from version 7.00 to 7.01 – or upgrade Adobe Acrobat Professional from version 8.1.2.3 to 8.2.3.4; but it will not automatically upgrade you from major versions – IE 7.01 to IE 9.0 or Acrobat 8.x to 10.x. NOTE: In cases where a major application upgrade is needed – e.g. to address major security issues or to support institutional application compatibility – a separate campus upgrade notification will be sent.

Back to top

What If I Have Mission-Critical Applications Which Are Sensitive to Patch Updates?

The KACE Management system provides a great deal of flexibility and does not force us to use a ‘one-size-fits-all’ approach. If you have mission-critical applications (for the institution, department, or yourself) which you believe will not respond well to an automatic update process, please contact the IT Service Desk and open a support request. The IT Service Desk will work with you either a) address the application sensitivity, or b) provide a ‘smart label’ which will include your computer in a patch exception group.
Back to top

Who do I Call If There is a Problem or a Question?

If you have questions, concerns or comments, please contact the Marshall University IT Service Desk:

• 304) 696 -3200 Huntington calling area
• (304) 746-1969 Charleston calling area
• (877) 689-6838 Toll free, outside the Huntington/ Charleston.

Back to top

You can upgrade to the latest maintenance release of Symantec Endpoint Protection:
-11.0.6300.803 for Windows OS including Windows XP, Windows Vista and Windows 7 posted on 6/28/2011.
-11.0.6300.0212 for MAC OS 10.4 (Tiger), 10.5, (Leopard) and 10.6 (Snow Leopard) issued on 6/28/2011.

Download the latest release here

Most computer users are aware of the importance of keeping their computers up-to-date to protect against software security vulnerabilities. Microsoft Update and Apple Update are common methods used notify an individual that their computer needs one or more updates to fix software vulnerabilities. What you may not be aware of is this: there are many other software applications and utilities installed on your computer which do not receive auto-updates from the Microsoft or Apple Update process. These applications such as Adobe Acrobat®, Adobe Flash®, Java®, and Apple QuickTime® are commonly found on your computer and frequently need updates because of security vulnerabilities.

The Marshall University Office of Information Technology understands that detecting and patching these software apps can be a tedious and time-consuming process for a computer user.  We also expect that you have many tasks – both important and enjoyable – which you would rather do besides deal with software updates. This usually means that patch updates are a task left for another time, or to be taken care of by someone else.

Introducing the KBOX Client

Marshall University has licensed a system to automate and expedite the process of software updates. This system is called the KACE K1000 Management Appliance (or KBOX for short) by Dell/KACE®. University-owned computers will have a small software client pre-installed as part of the default software image.

The KBOX Client software client will periodically remind the computer user when critical software updates are needed and ask for permission before downloading and installing those updates.

If you are in the middle of an important task and do not wish to be interrupted, you may click the ‘Snooze’ or ‘Cancel’ buttons.

Snooze works similar to an alarm clock; it gives you just a little more time to finish a task, and then KBOX Alert will pop-up again in 30 minutes, to remind you that critical patches are needed.

Cancel will clear the KBOX Alert for the day. You will be reminded during the next scheduled run – generally the next day – that critical updates are needed.

Restarting Your Computer

Some critical updates require that your computer be rebooted in order to complete their installation. In those cases, you will receive another KBOX Alert  which will notify you that while the patch is installed, a reboot is needed to complete its installation. When you click ‘YES’, the KBOX client will reboot your computer. You can click ‘No’ if rebooting would interrupt an important task and you will be reminded in 30 minutes. This is similar to ‘snooze’.

The KBOX Client will not reboot the computer until you click ‘Yes’.

IMPORTANT: You should save your work and close any open application or browser windows BEFORE you click ‘OK’.

 Frequently Asked Questions (FAQ)

What Is The KBOX Client Updating?
The KBOX Alert will notify you of two types of updates: 1) Critical Operating System (Windows or Mac) Updates; and 2) Critical Application Updates (i.e. Acrobat, Flash, Java, QuickTime, etc.).

Why Do I See The KBOX Client Pop-Up Again So Quickly?
When your computer first becomes enrolled in the patch management process, there may be quite a number of updates which need to be applied. As a result, do not be surprised if you see the KBOX Alert pop-up several times on that first day. This is normal as some patches require a reboot and some patches need to be applied prior (as a prerequisite) to other patches.

Once your computer has installed all the necessary critical updates, then you should not receive any further alerts until the next time a new security update is released.

Can I Still Apply Patches Myself?
Yes. The KACE client does not prevent you from applying patches yourself. However, if you do not apply these updates prior to receiving a KACE Alert, KACE will download and install the update for you.

Will KACE Updates Automatically Reboot My Computer (without my permission)?
No. For computers assigned to faculty and staff, the KACE client is configured to not begin the patch download/update process without your approval. If you do not click ‘YES’, then no updates will be applied. You should save all your open documents and close any open application or browser windows prior to clicking ‘YES’. For certain types of shared-use computers (i.e. computer labs), KACE can be configured to automatically apply updates without user intervention (i.e. after hours or during the next power cycle).

Will KACE Security Patches Upgrade My Applications to New Versions?
No. Security updates and application upgrades are separate processes. For example, KACE may apply a security update to your Microsoft Internet Explorer (IE) browser to take you from version 7.00 to 7.01 – or upgrade Adobe Acrobat Professional from version 8.1.2.3 to 8.2.3.4; but it will not automatically upgrade you from major versions – IE 7.01 to IE 9.0 or Acrobat 8.x to 10.x. NOTE: In cases where a major application upgrade is needed – e.g. to address major security issues or to support institutional application compatibility – a separate campus upgrade notification will be sent.

What If I Have Mission-Critical Applications Which Are Sensitive to Patch Updates?
The KACE Management system provides a great deal of flexibility and does not force us to use a ‘one-size-fits-all’ approach. If you have mission-critical applications (for the institution, department, or yourself) which you believe will not respond well to an automatic update process, please contact the IT Service Desk and open a support request. The IT Service Desk will work with you either a) address the application sensitivity, or b) provide a ‘smart label’ which will include your computer in a patch exception group.

What Types of Information Does the KACE Client Collect?
The KACE Management system assists in the collection of the following types of information for University-owned computers. (Note: The KBOX client is NOT licensed for use on personally-owned computers.):

• Computer Hardware Inventory
  • Make, model, serial/service tag number
  • Physical specifications such CPU, RAM memory, Hard disk size
  • Network configuration such as Ethernet MAC address, IP address
  • Computer Software Inventory
    • Operating system version and patch level
    • Install programs and versions as listed in ‘Add/Remove Programs’
    • Software license compliance (i.e. metering for per-seat and concurrent-use license agreements)
    • Computer Security Inventory
      • Last logged on user
      • Security patches applied/missing
      • Change management information (i.e. dates/times when hardware/software changes were reported by the KACE client).

As smart phones become more and more like digital wallets, it’s common for them to contain things like account numbers, addresses, social security information – in some cases even bank statements and tax documents.

Even though the sensitivity of information that we routinely keep on our phones continues to increase, most people I know fail to take even the most basic of security precautions to help protect themselves against identify theft, fraud, and financial or personal loss.

Though this particular post is specific to the iPhone, since it’s what I and a lot of my friends use, chances are that your smart phone allows for many of the same security precautions. In the case of the iPhone, you can achieve a fairly decent level of security without any additional cost to you by taking advantage of the features of iOS and some free services offered to iPhone owners by Apple.

First Things First: Lock Your Phone

The most basic security precaution you can take is to make sure that your iPhone is using a passcode lock – and that the passcode lock will automatically engage after a brief period of inactivity. Many users put off taking the basic security measure for fear of the inconvenience assoicated with having to enter a passcode to unlock their phone. The truth is, once you train yourself to type your passcode when reaching for your phone, it becomes second nature – and the very minor delay you’ll experience while typing in your passcode is a small price to pay for the extra security you’ll gain.

To set up a passcode lock on the iPhone, open the “Settings” application, and click on “General>Passcode Lock”.

Click “Turn Passcode On”, and you’ll be prompted to enter a passcode to use when unlocking the phone, You’ll enter the passcode twice to make sure that you’ve typed it correctly – and then, once it’s set, you’ll have access to the additional passcode security options.

I recommend setting the “Require Passcode” setting to “After 5 minutes”. This means that, after 5 minutes of inactivity, an attempt to unlock your phone will require that you enter the passcode. I’ve found that this time period is a good trade off between being too long to have real value, and too short to not be excessively annoying.

Make the Passcode Hard to Guess

On newer versions of iOS, you’ll have an additional option in the Passcode Lock settings labeled “Simple Passcode”. By default, “Simple Passcode” is on – and it essentially means that your passcode will need to be a 4 digit number that you’ll type when unlocking the phone. You can, and should, turn this setting off and enter a passcode that is more difficult to guess than the simple 4 digit pin.

If you still want the quick convenience of typing the passcode easily when unlocking, you can set the more complex passcode to a longer series of numbers. As long as everything in the passcode is numeric, you’ll still be presented with the larger number pad keyboard when unlocking – even though you’ve chose a more complex passcode.

Limit the Maximum Number of Unlock Attempts

To prevent someone from trying to break in to your phone if it’s stolen, take advantage of the setting at the bottom of the “Passcode Lock” settings page, labeled “Erase Data”. By default, this is set to off. Turning it on tells the iPhone to completely wipe the content of the device if 10 failed attempts to unlock the iPhone are recorded.

While it may sound scary at first to tell your iPhone to wipe all of your data if there are failed passcode attempts – remember that you get 10 tries. It’s unlikely that someone who should have access to the device would accidentally enter the wrong passcode 10 times in a row. Also remember that if there is a situation where the data is wiped inadvertently (think coworker prank) you always have the option of restoring from iTunes.

Take Advantage of the Free “Find My iPhone” application and Remote Data Wipe

Apple provides a great service called “Find My iPhone” that is available for free to any iOS device owner using their Apple ID (the same email address and password you use to purchase apps in the App Store). Complete instructions for setting up Find My iPhone are available on Apple’s Web Site.

Find my iPhone allows you to login to the portal at http://me.com and locate an iPhone that has gone missing. From that same site, you can also choose to have a message sent that will display on the phone, you can force an audible alarm to play, or you can completely wipe the device data making sure that your personal information is completely inaccessible.

Summary

Given that all of the precautions outlined here are available to you free of charge if your an iPhone owner, you have no excuse not to take these precautions to protect your data. in the new world of the smart phone as digital wallet, personal organizer, and information destination, it’s a necessity.

-11.0.6200.754 for Windows OS including Windows XP, Windows Vista and Windows 7 issued on 1/25/2011.
-11.0.6200.0203 for MAC OS 10.4 (Tiger), 10.5, (Leopard) and 10.6 (Snow Leopard) issued on 1/25/2011.

Download the latest release here

You should be aware that search engines:

• record your private information
• store your private information
• share your private information.

Can they do it without your permission? Yes, anytime you use one these search engines you give them consent to retain your personal data. Read through the terms of service and privacy policy for each of the search engine services you are using. Understand how they process your personal information before your give them your consent to store, share and pass your information to the third parties. Google’s Privacy Policy describes how they treat personal information when you use Google’s products and services: (http://www.google.com/privacypolicy.html)

What data is retained and stored by the search engines:
Google uses deeply linked cookies that auto renew every two years. Each of these cookies has a globally unique identifier (GUID) and can store search queries every time you search the web. Google does not delete any information from these cookies. Therefore, if a list of search terms is given, Google can produce a list of people who searched for that term, which is identified either by IP address or Google cookie value. If an IP address or Google cookie value is given, Google can also produce a list of the terms searched by the user of that IP address or cookie value.

Types of information retained:

• Log information – When you access Google services, their servers automatically record information that your browser sends whenever you visit a website. These server logs may include information such as your web request, Internet Protocol (IP) address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser.
• Location data – Google offers location-enabled services, such as Google Maps for mobile. If you use those services, Google may receive information about your actual location (such as GPS signals sent by a mobile device) or information that can be used to approximate a location (such as a cell ID).
• Services such as Google Toolbar and Google Web Accelerator send the uniform resource locators (URLs) of web pages that you request to Google. When you use these services, Google will receive and store the URL sent by the web sites you visit, including any personal information inserted into those URLs by the web site operator. For example, when you submit information to a web page (such as a user login ID or registration information), the operator of that web site may embed that information – including personal information – into its URL (typically, after a question mark (?) in the URL). When the URL is transmitted to Google, servers automatically store the URL, including any personal information that has been embedded after the question mark. Google does not exercise any control over these web sites or whether they embed personal information into URLs.

What you can do to protect your information

Good news! Some things are still in your control:

1. Delete Google cookies when you close your browser or use an application like CCleaner that supports the cleaning of temporary internet files and cookies and other potentially unwanted files left by certain programs. Download it free: http://www.piriform.com/ccleaner/.
2. Use the Google Analytics Opt-out Browser Add-on. The add-on communicates with the Google Analytics JavaScript to indicate that information about the website visit should not be sent to Google Analytics. If you want to opt out, download and install the add-on for your current web browser. This add-on is available for Internet Explorer (versions 7 and 8), Google Chrome (4.x and higher), and Mozilla Firefox (3.5 and higher): http://tools.google.com/dlpage/gaoptout/.
3. Do not use the same company as your search engine that you use for your email e.g. Google Search, Gmail instead use Google Search and Yahoo Email or MSN Email.
4. Do not use any of these search engines companies if at all possible. Have an email account that is not associated with any of them. There are several search engines that do not track your activities:
   • Ixquick (http://www.ixquick.com/) also known as Startpage (www.startpage.com) search engine – focuses on delivering great search results with the best possible privacy. Ixquick/Startpage has the industry’s leading Privacy Policy: No recording of users’ IP addresses. No identifying cookies. No collection of personal data. No sharing personal data with third parties. Offers secure encrypted connections and a free proxy service that allows anonymous browsing of websites.
   • No personally identifiable information is required by Yippy (http://clusty.com/). This means Yippy never seeks any information related to your name, telephone number, address, or even your email address unless you request a Yippy Service where that information is required. Yippy is intended to be an anonymous service.
   • Proxify (https://proxify.us/) is a web-based anonymous proxy service which allows anyone to surf the Web privately and securely. Through Proxify, you can use websites but they cannot uniquely identify or track you. Proxify hides your IP address and our encrypted connection prevents monitoring of your network traffic.

Courtesy of Hakin9 IT Security Magazine.

The web publishing environment in most higher education institutions tends to be highly distributed. This distributed web environment is such that departments frequently manage their own web resources with their own staff. It is common to have hundreds of top-level websites containing numerous sub-site directories which are then managed by many people who have write-access to the web server.

The problem occurs when web publishers save files in their web directories not realizing that these documents and folders are public and can be viewed by anyone on Internet. They believe that just because you have to authenticate to save/upload the files that the files in the directory are also password-protected for web viewing. Every so often people use web directories as personal file storage to backup their PC or as a convenient file share.

For instance, a department has a website with a URL: http://www.university.edu/academics/.  A web overseer of that department saves an Excel spreadsheet called “grades.xlsx” in the web directory so their colleague can look at the file later. The file is immediately accessible to anyone on the internet to view under the following URL:  http://www.university.edu/academics/grades.xlsx.

The University Information Security Policy prohibits storage of files which contain any confidential or protected information on a publicly accessible web server. This would include files such as:

• Student educational records including grades
• Home addresses and phone numbers
• Employment history
• Performance evaluations
• Social Security Numbers
• Driver’s license numbers
• Credit/Debit card numbers
• Medical information and personally identifiable patient information
• Financial records
• Proprietary research data
• Any other proprietary data that should not be shared with the public.

Even if you are putting your data on a web site temporarily, there is still a good chance that you will forget about it and a web crawler will find it.  The leading search engines, such as Google and Yahoo, use crawlers to find pages for their  search results.   Even so you may believe that no one knows the direct URL to your files, anything you put out on a public-facing web server can be quickly found and indexed by a search engine.  Sooner or later someone will  stumble upon a file containing confidential information in search results or, even worse,  a hacker will find it using Google hacking tools:  ” The dark side of Google’s power.”

A periodic review of review your departmental and personal websites will help you ensure no sensitive information is stored in your web directory.

What to do if you identify sensitive materials on a University web page

• DO NOT IMMEDIATELY DELETE THESE FILES, rather…
• Immediately contact the MU IT Service Desk (304) 696-3200 and the Office of Information Security
• IT and Information Security staff will need to assist you in determining the ownership of the files, how long they have been accessible, and whether they have been recently accessed.
• Once this has been documented, only then should the files be removed from the web server.
• Additionally, we may also need to assist in contacting search providers to request removal of the sensitive materials from their cached search results.

What to do if you find sensitive information on your personal web page

• Review the files in your web directory and be sure you understand how they came to be saved to a public location.
• Delete any files which contain sensitive data.

A common question we hear from people with infected computers is “I visit only good sites. How in the world did I get a virus?”  The answer can surprise some of them – FEW websites are truly safe and can guarantee malware-free web surfing. According to the Websense State of Internet Security, Q1-Q2 2009, 77% of web sites with malicious code are legitimate sites that have been compromised.

Malware creators take full advantage of the trusted sites with good reputation and millions of visitors. How do they do it? They do it in such creative ways that these “good” sites unknowingly host malicious content.

One of the methods often used is when exploiting a well-known website is to insert a small, simple piece of malicious code within the legitimate code.  This may take the form of a hidden HTML iframe or JavaScript which will cause your web browser to download malicious content from a completely different and not-so-trusted web server.  In most cases site visitors have no idea that malware is being installed on their computer and sometimes they are invited to download a file that appears to be legitimate.
The following picture provided in a Sophos White Paper entitled “No all malware detection is created equal” shows an example of a compromised with (A) iframe and (B) script web page that cases the browser to load content from the malicious site.

Another more common way that hackers can compromise a trusted web site is by exploiting vulnerable versions of web applications such as blogging, content management systems, shopping cart apps and etc. The technical term for these exploits include SQL Injection, Cross-site Scripting and PHP File Include attacks and these continue to be the three most popular techniques used for compromising web sites, according to the SANS Top Cyber Security Risks.

In the SQL injection attack, malware creators fill out the user input form fields such as “log in” or “comments” with a database commands that get them access to website’s database and let them plant malicious code inside of it. A successful SQL injection can be very powerful and can result in hacker being able to to read and modify sensitive data from the database, execute admin functions, issue commands to operating system and ultimately redirect site’s visitors to a malicious web server where they get infected with malware. This video demonstrates how SQL injection works:

The Cross-Site Scripting Attack, is described here in a recent example of an attack on a very popular legitimate web site reported by SC magazine: “YouTube, iTunes hit in holiday attacks.”

In the next techniques the websites willingly publish or allow to publish rich content that contains malicious code and comes from third party advertisements and widgets.

Malvertising is a common venue for malware attacks. The legitimate site is a part of the third-party ad network that rotates  image or flash ads across multiple web sites.  A hacker plants a banner with hidden malicious code in the ads inventory and this banner gets posted across multiple websites without any proper input validation. Visitors of these sites get infected with malware automatically and silently. Some 1.3 million malicious ads viewed daily according to the report provided by the web security firm Dasient.

Many websites utilize third party widgets like traffic counters, e-commerce buttons and etc. All a hacker needs to do is compromise the third party host and place  a piece of code into a widget. With a click of hacker’s mouse, all websites using an infected widget can start serving malware to its visitors without knowing it.

These are just several examples of how you can get end up with a serious malware infection even while you thought you were surfing trusted websites.

We encourage our visitors to always provide us feedback about what you like – and we’ll try to do more; what you don’t like – and we’ll try to improve; and any content or features which we could add in future updates.

Thanks for visiting…

-11.0.6005.562 for Windows OS including Windows XP, Windows Vista and Windows 7  issued on 5/4/2010.
-11.0.6000.0162 for MAC OS 10.4 (Tiger), 10.5, (Leopard) and 10.6 (Snow Leopard) issued on 4/19/2010.
Download the latest release here: