Sunday afternoon, after careful evaluation of a significant security concern, we made the intentional decision to sever our ties to the internet.
I feel like most big announcements like this end up being Ransomware. Cutting off from the wider internet feels like a weird move to defend/mitigate that? Unless it’s to reduce exfiltration?
No VPN was provided for us to use - it was pretty much just connect to port 22 with the university’s website as the hostname, from any network.
It was a pretty niche thing as only a few students (including myself) used it remotely, and only a tiny part of the course that included a DBA exercise actually required us to use SSH access an Oracle DB server.
I believe the attacks were carried out external to the campus, but they didn’t clarify that to us
umich.edu
Hot