Differences

This shows you the differences between two versions of the page.

--- zotdefend [2025/05/19 19:57] – jnilsson
+++ zotdefend [2025/06/30 13:06] (current) – [Method One (preferred): Book an appointment with SSCS] jnilsson
@@ Line 1: / Line 1: @@
 ====== ZotDefend security package information ======
-{{::zotdefend_newsannouncement_securitypackage.jpg?600|}}
+[[https://www.oit.uci.edu/2025/03/26/secure-your-devices-with-new-zotdefend-security-package/|{{::zotdefend_newsannouncement_securitypackage.jpg?600|}}]]
-Below you can find a brief summary of the information we currently have available about the ZotDefend program.
+===== What is ZotDefend? =====
+ZotDefend is OIT's branding for the programs and policies that are being enforced in response to the {{ ::letter-from-president-drake-chancellors-cyber-letter.pdf |letter}} that was sent out by the UCOP president in May of 2024 that set specific requirements.
-===== Book an appointment with SSCS to get ZotDefend set up on your computer =====
+More information about ZotDefend, including what needs to be installed, can be found in the [[#frequently_asked_questions_about_zotdefend|FAQs below]].
-Send us an email ([[sscs@uci.edu]]) to make an appointment to set up the ZotDefend requirements on your computer. This is only required on university-owned computers, not on tablets, phones, or personal devices. Please provide your computer's property tag, which is on a barcode sticker on your computer and looks like this:
+===== Temporary Exemption =====
+If you need to quickly access a site that has been blocked, you can request a temporary exemption at the link below:
-{{:proptag.png?200|}}
+  * [[https://activate.uci.edu/sso-zotdefend-exemption]]
-The appointment should take 15-30 minutes, during which we will install an application called BigFix. This will add the computer to our inventory and we can use that to install the other remaining required applications in the background while you can continue using the computer normally.
+You may do this on personal devices and as often as needed.
-===== Two stages to the ZotDefend project ======
+===== How to set up ZotDefend on your computer: ======
-Only stage 1 is being implemented right now:
+==== Method One (preferred): Book an appointment with SSCS ====
-===== 1. Minimum Requirements for the UCOP Mandate =====
+Send us an email ([[sscs@uci.edu]]) to make an appointment to set up the ZotDefend requirements on your computer. This is only required on university-owned computers, not on tablets, phones, or personal devices.
-The [[https://www.security.uci.edu/projects/uc-mandate-2025/|UCOP Cybersecurity Mandate]] requires compliance by May 2025. This will be our primary area of focus.
+=== Property Tag ===
-We will use an application called BigFix to install the following packages:
+Please provide your computer's property tag, which is on a barcode sticker on your computer and looks like this:
+{{:proptag.png?200|}}
+=== Appointment info ===
+The appointment should take 15-30 minutes, during which we will install an application called BigFix. This will add the computer to our inventory and we can use that to install the other remaining required applications in the background while you can continue using the computer normally.
+We will use BigFix to install the following packages:
   * [[https://www.oit.uci.edu/services/security/edr/|Trellix HX]]
   * [[https://www.security.uci.edu/services/vmp/|Tenable Nessus]]
+  * [[https://duo.com/docs/duo-desktop-faq#install,-upgrade,-and-uninstall|Duo Desktop]]
-==== BigFix Installer ====
+==== Method Two: Install the ZotDefend components on your own ====
-You can download the installer for BigFix for your computer on your own, or we can help you with this during our appointment.
+=== Instructions for Windows computers ===
+If you use a Windows computer and would prefer to do this on your own, you can download the installer for BigFix here:
-  * For Mac: [[https://sites.socsci.uci.edu/~cndavis/share/BigFix-SocSci-Mac.zip|BigFix-SocSci-Mac.zip]]
   * For Windows: [[https://sites.socsci.uci.edu/~cndavis/share/BigFix-SocSci-Win.zip|BigFix-SocSci-Win.zip]]
-The BigFix installer is password protected. We will provide the password to open the .zip archives during our appointment with you.
+The BigFix installer is **password protected**. We will provide the password to open the .zip after you have sent us the property tag for your computer. See the example image above for what a [[ #property_tag|property tag]] looks like.
-If you are installing this on your own, please email us ([[sscs@uci.edu]]) with the computer's property tag number, and we can send you the password.  The property tag looks like this barcode sticker:
+After BigFix is installed, we can use that to automate the installation of Duo Desktop, Trellix HX, and Tenable Nessus.
-{{:proptag.png?200|}}
+=== Instructions for Mac computers ===
-===== 2. Enforcement of more strict security standards =====
+If you use a Mac computer, then we recommend scheduling an appointment with us by contacting us via email ([[sscs@uci.edu]]). You can install BigFix, but we have observed that BigFix will usually not install Trellix HX correctly. If the installation ends in a broken state, then we must manually uninstall and reinstall it.
-This will not be implemented right away, but in the future OIT is discussing requiring the following additional security policies:
+If you want to install BigFix on your own, you can use this link:
-  * the above minimum packages, plus
+  * For Mac: [[https://sites.socsci.uci.edu/~cndavis/share/BigFix-SocSci-Mac.zip|BigFix-SocSci-Mac.zip]]
-  * Duo Desktop
-  * Full Disk Encryption
-  * MS Defender
-  * Jamf/Intune device management enrollment
-They would enforce this by blocking access to [[https://uci.service-now.com/sp?id=kb_article_view&sysparm_article=KB0013436|certain UCI websites]] if you do not meet these security requirements.
+The BigFix installer is **password protected**. We will provide the password to open the .zip after you have sent us the property tag for your computer. See the example image above for what a [[ #property_tag|property tag]] looks like.
-===== OIT information about ZotDefend =====
+=== Instructions for Linux computers ===
-Here are the OIT published pages about the ZotDefend project:
+Please reach out to us via email ([[sscs@uci.edu]]) to let us know which computer(s) you are setting this up on and we can send you an installation script. When you reach out to us, please provide the property tag for your computer. See the example image above for what a [[ #property_tag|property tag]] looks like.
-  * [[https://www.oit.uci.edu/2025/03/26/secure-your-devices-with-new-zotdefend-security-package/|ZotDefend announcement]]
+===== Frequently Asked Questions about ZotDefend =====
-  * [[https://www.oit.uci.edu/org/projects/zotdefend/|ZotDefend Project Overview]]
-  * [[https://uci.service-now.com/sp?id=kb_article_view&sysparm_article=KB0013436|KB article - List of sites where enforcement of ZotDefend requirements can occur]]
-  * [[https://uci.service-now.com/sp?id=kb_article_view&sysparm_article=KB0013446|KB article - ZotDefend FAQ]]
-===== FAQs about ZotDefend =====
+==== How do I request an exemption? ====
-==== How do I request an exception? ====
 If you need to log in to a site that is blocked because you do not yet have the ZotDefend security packages installed, you can use the link below to request a 24-hour exemption:
-  * [[http://activate.uci.edu/sso-zotdefend-exemption]]
+  * [[https://activate.uci.edu/sso-zotdefend-exemption]]
+You may do this on personal devices and as often as needed.
 ==== What are the software components being installed? ====
-For now, these three components are being installed on Windows and Mac computers:
+  * BigFix is a software management tool that OIT has selected for the IT groups across campus to use to remotely install software. This is only for Windows and Mac computers, not Linux.
-  * BigFix is a software management tool that OIT has selected for the IT groups across campus to use to remotely install software.
   * [[https://www.oit.uci.edu/services/security/edr/|Trellix HX]] is the software that OIT selected to meet the EDR (endpoint detection and response) requirement of the mandate.
   * [[https://www.security.uci.edu/services/vmp/#endpoint|Tenable Nessus]] is the software that OIT selected to meet the vulnerability management requirement of the mandate
+  * [[https://duo.com/docs/duo-desktop-faq#install,-upgrade,-and-uninstall|Duo Desktop]] is installed when needed to access websites and services that OIT has determined require enforcement of a more strict security policy. See the next FAQ for details.
-Linux computers only need the Trellix HX and Tenable Nessus components.
+==== Which websites require Duo Desktop, in addition to Trellix HX and Tenable Nessus? ====
+Duo Desktop is required in order to verify your device's status when accessing the following websites and services:
+  * KFS
+  * Docusign
+  * Atlassian
+  * OneTrust
+  * [[https://uci.service-now.com/sp?id=kb_article_view&sysparm_article=KB0013436|additional sites and services listed here]]
+Please be aware that OIT might change the security requirements and/or the list of sites and services that require enforcement. We will update this page as more information becomes available.
 ==== What is the UC Cybersecurity Mandate? ====
-OIT has a detailed overview page at the following link that provides a good overview of the mandate and all the components:
+OIT has a detailed overview page at the following link that reviews each component of the mandate:
   * [[https://www.security.uci.edu/projects/uc-mandate-2025/]]
@@ Line 99: / Line 112: @@
   - deploy, enable, and configure multi-factor authentication (MFA) on email systems
     * this is done by requiring DUO when logging in to gmail and outlook email systems
+==== Is ZotDefend required on personal computers too? ====
+No, it is neither required nor recommended to install or configure any of this on computers/devices personally owned by you. All official university business should be done on university-owned computers.
+Keep in mind that tablets, phones, and similar devices are also exempt from the ZotDefend project.
+==== But I use a personal computer for work... ====
+If you do not have a university-owned computer (purchased either with school funds or grant funding), reach out to us at [[sscs@uci.edu]] and we can help you determine what to do.
+==== What has OIT published about ZotDefend? ====
+Here are the OIT published pages about the ZotDefend project:
+  * [[https://www.oit.uci.edu/2025/03/26/secure-your-devices-with-new-zotdefend-security-package/|ZotDefend announcement]]
+  * [[https://www.oit.uci.edu/org/projects/zotdefend/|ZotDefend Project Overview]]
+  * [[https://uci.service-now.com/sp?id=kb_article_view&sysparm_article=KB0013436|KB article - List of sites where enforcement of ZotDefend requirements can occur]]
+  * [[https://uci.service-now.com/sp?id=kb_article_view&sysparm_article=KB0013446|KB article - ZotDefend FAQ]]
+==== What do I do if I installed ZotDefend following OIT's self-enrollment instructions? ====
+Please reach out to us ([[sscs@uci.edu]]) and let us know the [[ #property_tag|property tag]] of your computer. If you are unable to access KFS, DocuSign, or other services that require ZotDefend, then we need to schedule an appointment with you to help sort things out. Even if ZotDefend is working for you, please still send us the property tag of any computer that you self-enrolled since this helps us accurately track and report our inventory.
+==== What is UCOP's response to my concerns about Trellix? ====
+UCOP has released the following statement regarding concerns about the EDR software, Trellix HX:
+  * [[https://security.ucop.edu/services/threat-detection-and-identification/edr-overview.html]]
+There is also an FAQ which covers questions about compatible devices, privacy/security, and concerns about teaching/research:
+  * [[https://security.ucop.edu/services/threat-detection-and-identification/edr-faqs.html]]
 [[https://socsci.uci.edu/zdinstallers|{{::uci18_simpleseal_blue_nofill_90.png?25|}}]]