December 10, 2021
December 10, 2021
Urgent Message to all DukeHub Users
The SISS Office has an urgent matter that we need to communicate to all DukeHub users. Yesterday, a security vulnerability was discovered in a system used by institutions around the world, and Duke University. The SISS Office, and our OIT partners, are working to address this security issue immediately, and are taking the actions outlined below.
- Summary – What you need to know Several systems maintained by the SISS Office will be taken off-line for the entire weekend. These systems exist in two separate spheres – Production and Non Production
- Production Systems - Production systems are the ones most users access on a day-to-day basis. If you are faculty or an advisor, this is the system you use. Most staff members access only Production systems as well.
- Production DukeHub is currently up and online.
- Production Tableau and Perceptive Content are currently offline.
- Non-Productions Systems - Non-Production systems are for testing purposes, and only a small set of staff members use them.
- Non-Production Tableau, Perceptive Content are all offline.
- They will remain offline until a fix is in place.
- Non-Production DukeHub is offline.
- It will remain offline until a fix is in place.
- Non-Production Tableau, Perceptive Content are all offline.
- Cloud Systems – Cloud Systems are those that are operated ‘in the cloud”, and are not maintained by the SISS Office.
- Status of Slate and Sakai is unknown at the moment. Both systems are currently online, but it is undetermined if this will change.
- Production Systems - Production systems are the ones most users access on a day-to-day basis. If you are faculty or an advisor, this is the system you use. Most staff members access only Production systems as well.
- Details – What has happened and the SISS Office reaction
- A security vulnerability was publicized yesterday in a widely-used system called Apache.
- We have worked with OIT to bring down all non-essential systems. There are many systems that we use on a daily basis to test updates to software, review new development and implement changes to security. Since these systems are not critical to our work this weekend, we have brought those systems off-line.
- This lessens our vulnerability to bad actors, and mitigates against opportunities to access our systems.
- Based on analysis by Duke ITSO (IT Security Office) Production DukeHub is up for the time being, but may be taken offline if we discern additional threats.
- In conjunction with OIT, the SISS Office will continue to monitor developments over the weekend, and will keep our users updated.
- Future Communications
- For additional information, please continue to monitor your email. The SISS Office will continue to communicate to users via the following means:
- Email through the Registrar’s Office
- SISS Office Website
- Emails to the SISS-PowerUser list
- Emails to the SISS-Testers list
- For additional information, please continue to monitor your email. The SISS Office will continue to communicate to users via the following means:
Thank you for your understanding in this matter. If you have additional questions please feel free to email SISSOps