You're a Security Contact, now what?

Did you get an email about an application called Socreg that you don’t know anything about? Maybe your manager just told you you're a ‘Security Contact’? Or perhaps you got a scary email about a security incident involving a computer in your Department? No matter how you got here, let’s take a look at what’s involved and how to succeed as a Security Contact.

First, a Security Contact is actually a group of people who have been designated to receive and respond to security notices from UC Berkeley’s Information Security Office (ISO) for their department or for a specific set of IT Resources. So really you are a member of your Department’s ‘Security Contact’.  

Second, as a member of a Security Contact you have two responsibilities:

  1. Manage your Department’s registered assets, so that the Information Security Office (ISO) can do routine security monitoring.

  2. Respond to (and/or forward accordingly) any Security Notices you receive regarding those registered assets.

Registered assets are simply computers or devices that are connected to the campus network. There are a variety of ways that these things connect to the network so that’s why there are different types of assets to register. We call them out to assist you in identifying and registering your Department’s assets. In fact, every page in Socreg has helpful information - just click “Help” in the top bar. 

SOCREG DOCUMENTATION

SIDE BAR TIPS:

Each section includes a tip or an additional description related to the item to help you along the way. Just click the + icon to expand for more.

Asset Registration

To access and manage your Department's registry, you will use Socreg, ISO’s Asset Registration Portal. After logging in with your CalNet ID, you will see a list of all the Security Contacts you belong to. By clicking on the name of the Security Contact, you can see a list of the other members, the email address listed for receiving security notices, and registered assets (under the other tabs). You can add new assets (or delete old ones) there too. Your Department might not use every kind of asset and each kind of asset works a little bit differently.

TIPS ON EMAIL:

The email address for a Security Contact should reach multiple people so that security incidents receive prompt attention. This can be accomplished by using a CalNet SPA, listserv, bConnected List, group email address, or any other type of email address that is monitored by, and reliably reaches more than one person.

TIPS ON MEMBERSHIP:

Security Contacts need to be familiar with the computers in their Department and be able to work with a technical person. It is not necessary for the Security Contact members to have extensive security expertise, but it is important that Security Contacts have more than one member. Members can different levels of permissions:

  • Admin: full privileges for the Security Contact and all asset types. 
  • IP Info: modify everything except the Security Contact and its membership.
  • Device Info: modify Device registrations only
  • View only: no permissions to modify any registration information

Make sure that more than one person is an admin within the Security Contact and at least one person has ‘receive FYI’ notifications turned on.

How do you know what assets your Department is using and that need to be registered?  The most common types of assets used on campus are subnets, IP addresses, and devices.

COMMON ASSET TYPES:

  • Subnet: These divisions of the campus Network are supplied by bIT - Network Operations and Services. Examples of campus network blocks include: IPv4  ‘10.0.17.10/24’, ‘128.32.206.128/26’ or IPv6 IP address block ‘2607:f140:ffff:ffff::/64’
  • IP Address: An unique address that identifies a device on the internet or within a Subnet.  Normally an entire subnet is registered to a Security Contact, but on older subnets where the subnet is shared between departments, individual IP addresses are registered by a different Security Contact (this only for IPv4 subnets.)
  • Device: The MAC address is the physical address of a computer's wired Ethernet port. Necessary for using the campus DHCP service.  For details on registering devices see our DHCP Device Registration page.

If there are computers in your Department connected to a wired Ethernet port or you have active Ethernet ports that folks plug into, then your Department may have a subnet assigned to it by the campus Network Team - or at a minimum several IP addresses to use.

Note: To use the Campus DHCP Service for wired network connections, you need to register your device(s) in Socreg.

WHAT IS DHCP?

The DHCP (Dynamic Host Control Protocol) Service automatically (and dynamically) provides and assigns IP addresses, gateway, and other network configuration information to registered devices. Computers can be configured manually with this same information… we call this Static IP Address configuration … but if entered incorrectly the computer will not successfully connect to the campus network and the computer will need to be configured every time it moves to a new subnet.

If you need help looking up your Department’s subnet and IP addresses, email dns@berkeley.edu with your building and office location information, and the port IDs on the wall plate if available. Examples of port IDs: STAN-313-331D-012-D or HAASC-200-228-006-D.

If you get IT support from IT Client Services (ITCS) they can help you gather inventory information and register devices.

BECOME AN ITCS CLIENT:

For more information on becoming a client of ITCS, see the IT Client Services page describing their services.

Does your Department run a website? If it is hosted by a service provider (e.g., WPEngine, Bluehost, Github) then you should check that it is registered to your Security Contact. Or, if it is managed by ‘bIT - Open Berkeley’, it may already be registered in Socreg to ‘bIT - Open Berkeley’. See the list of Open Berkeley sites.

REGISTER AN OFFSITE HOSTNAME:

For details on registering Offsite Hostnames see our Offsite Hostname page

If your Department has computers that store or process sensitive data you will need to register them as ‘PD Applications’. PD Applications are used to identify components that store or process sensitive information. In addition to having attributes like Protection Level and Record Count, PD Applications are made up of assets like Subnets and IP Addresses. There are also other less common types of assets that may be in use by your Department.

OTHER ASSET TYPES:

  • Cloud Account: provisioned by bIT Cloud team.  AWS, Azure, GCP cloud account.
  • CC IP Address: an address within a Subnet where the Security Contact is not responsible for security incidents … some other Security Contact is … but wishes to be copied on any security notices. Used rarely and only for IPv4 addresses.
  • Subdomain: a subdivision of ‘berkeley.edu’ domain name, e.g. ‘security.berkeley.edu’.  Useful only for self-service fixed DHCP registration.
  • PD Services: defined by units within bIT to assist Security Contacts registering their PD Applications.

Respond to Security Notices

If you get a security notice, immediately respond to the notification with any information you have about the registered device, including who’s using it and where it might be located. ISO will add the computer’s user to the security notice for that issue. 

Depending on the seriousness of the issue ISO will walk you and the computer user through any necessary steps or point you to helpful resources. Typical steps to take to fix the issue can range from having the user reset their CalNet passphrase to wiping and reinstalling all programs and files on the computer.

TIPS ON USING A PASSWORD MANAGER:

UC Berkeley is offering Free LastPass Premium to all Students, Staff, and Faculty. LastPass is a password management tool that securely manages your passwords in an online vault.  Now managing your passwords is easy, whether you’re at school, work, home, or on the go.

TIPS ON BACKING UP YOUR DATA:

Having a recent good backup of your computer is critical when dealing with a Security incident.  For more information on creating backups see our Backing up Your Data page

TIPS ON REINSTALLING YOUR COMPUTER:

If you do need to reimage a computer see our Reinstalling Your Compromised Computer page for more information.