Cybersecurity Awareness

Cleaning an Infected Computer of Malware

If the system has any data classified as Protection Level 4 (P4)
disconnect it from the network - don't turn it off or unplug it - and
immediately contact at (510) 664-9000 (option 4)

Attackers often leave “backdoors” on a compromised computer and removing them all can be difficult, if not impossible. We recommend reinstalling your operating...

Protecting Your Credentials

1. Beware Social Engineering and Phishing Scams

Phishing scams are a significant source of compromised credentials. These scams are a form of social engineering attacks used to trick the unsuspecting user into revealing account information. These scams can occur by phone, email, or text.

Most commonly, a phishing scams are initiated by an email that has the appearance of official business and request that you perform an urgent action, like logging into your account.

Sometimes emails...

Center for Internet Security

About The Center for Internet Security

The Center for Internet Security (CIS) is a community of organizations and individuals seeking actionable security resources. As a member of this community, the UC Berkeley campus has access to Consensus Security Configuration Benchmarks, Scoring Tools, Consensus Security Metric definitions, and discussion forums where we can collaborate on security best practices.

Using CIS Tools and Resources for System Hardening

To get started using tools and resources from CIS, follow these steps...

Java Security Best Practices

Why is Java such a high-security risk for the campus?

Since late 2011, a multitude of critical vulnerabilities has been discovered in Oracle's Java platform.

In many cases, running the latest available versions of Java offers no protection for users. To date, at least eight zero-day attacks targeted the Java platform, affecting millions of systems. Most exploits require little or no user interaction. Users' systems are compromised...

Preventing Laptop Theft

Every semester, UC Berkeley Police receive numerous reports of stolen laptops on the campus and University properties. According to theft reports, many of those stolen laptops were the result of "smash-and-grab" car break-ins. UCPD warns that, "it only takes 10 seconds for a thief to smash a window and grab a laptop.” To protect your devices and data, follow these basic security practices.

1. Physically Protect Your Device From Theft Never leave your laptop or mobile device in a vehicle Do not walk away from your laptop, even for a minute If you...

Securing Network Traffic With SSH Tunnels

Introduction to SSH Tunnels

Secure Shell, or SSH, is used to create a secure channel between a local and remote computer. While SSH is commonly used for secure terminal access and file transfers, it can also be used to create a secure tunnel between computers for forwarding other network connections that are not normally encrypted. SSH tunnels are also useful for allowing outside access to internal network resources.

To create an SSH tunnel, you need:

Target server offering network services (http, vnc...

Reinstalling Your Compromised Computer


The following is a general guide on how to perform a clean reinstall of your computer. Reinstalling a computer after it has been compromised can be a painstaking process, but it is the best way to be certain that everything an attacker left behind has been found.

Checklist before performing a reinstall Change passwords - You should change passwords to all systems you have connected to from your computer during the period it could have been compromised. Especially look at bank and credit...

What is your role in protecting Berkeley Campus Data?

Have you ever copied a work file to your USB drive at the end of the day and wondered, "Is it safe to copy this data Classification Level Pyramidhere?" Have you ever sent an email with a Social Security Number, a credit card number or student grades and wondered "Should I send this in email?"

You are not alone in asking these questions. Every day data—...

Preventing Password Theft

One of the biggest security threats facing UC Berkeley campus users on a daily basis are phishing emails and websites looking to steal CalNet credentials (username and password). Bad guys use phishing emails and websites to pretend to be from legitimate sources, so they can trick users into typing their CalNet credentials and potentially share other private information. Far too often they are successful. The consequences of such theft are often far worse than imagined. You can find more information in our Phishing...

Celebrate Data Privacy Day 2020

January 6, 2020
What's Data Privacy Day?

Champion Badge

Data Privacy Day, held every year on January 28th, is a global initiative promoting privacy awareness and education. This annual event focuses on instilling the importance of protecting and controlling your personal information. Champions represent those dedicated to...