Information Security

The Security team at UNC manages the information used by and through the university to ensure personal and universal security. From scanned emails to firewall parameters, and software encryption to virus protection, the security team ensures that the university can operate efficiently and safely at all times.




The Barracuda Spam and Virus Firewall is used to prevent and identify malicious email from reaching campus email accounts. The email security services protect against the latest spam, viruses, worms, phishing and denial of service attacks.

The performance metrics and benchmarking reports named Barracuda Email Security Report shows the amount of emails allowed, blocked emails, the total number of messages to campus over the past year. There are also 3 graphs on the report. They are: The monthly message count sent to campus since 2006, The number of messages sent during the last month to campus and the past years monthly messages to campus.  The second report is the Barracuda Annual Metrics. This shows the number of messages to campus since 2006, separated annually.

How we use these reports.  We track the numbers of messages daily and use the numbers to watch trends in message traffic.  The reports have helped us plan for additional storage, hardware replacements / upgrades to the Barracuda Services and initially the replacement of earlier anti spam technologies.  We have tracked the numbers since 2006 and have noted several identifiable out takes.  In June 2007 message traffic was overwhelming the technology we were using and we replaced the technology with the current vendor products.  Message traffic continued to increase to campus and with the help of our tracking of messages we were able to help identify the need for a better student email system. In August 2008 we migrated student email services to Microsoft’s Exchange Labs and to what we call BearMail. Since 2008 the number of messages to campus has trended downwards. The spam ratio of Good messages received to Blocked messages is currently trending to our favor.

Barracuda Spam Firewall Activity through October 2012
Barracuda Annual Metrics for email to UNC, through October 2012


BearDrive Report

BearDrive is UNC’s secure, web-based file sharing, information storage and work collaboration solution for students and faculty. It replaces temp drive, the unsecured file storage system used by many students. With BearDrive, files can be securely accessed from on campus and off campus, eliminating the need for carrying CDs or portable storage drives, or sending them through e-mail. More information on BearDrive is available at

The performance metrics and benchmarking reports named BearDrive Report show the number of active users, drive space used by employees, students and total usage. Three charts show current users of BearDrive, Storage Space used by employees/students and Total Storage Space used.

How we use this report.  We follow the trends of active users and drive space used by campus for planning addition resource allocation to report to management during projects. As part of our Information Security Awareness Road Shows that we present across campus and via the University SkillSoft Online Learning tools (UNC Custom Courses, UNC Cyber Security course) we discuss what BearDrive is and how campus can use it to securely transport information across campus and off campus.

BearDrive Report 2012-08


Full Disk Encryption

Data loss and disclosure is a serious issue for every organization in the public and private sectors. To help address these data protection concerns, UNC Information Technology uses Full Disk Encryption for mobile computers across campus. 

The performance metrics and benchmarking reports named Full Disk Encryption Installation Charts and Full Disk Encryption Installations Counts show the number of computers encrypted on campus in chart and numeric form. The charts show current installations for SafeGuard Easy, SafeGuard Enterprise, SafeGuard Enterprise Standalone, Checkpoint Mac encryption, our total number of encrypted computers on campus and percentage of the total number of computers encrypted by technology. The “Counts” document shows how many computers we have on campus that were encrypted for a specific month. We have tracked Original Installation counts of SafeGuard Easy, Current Installation of SafeGuard Easy (we are migrating off of this version as computer are upgraded to Windows 7) SafeGuard Enterprise, CheckPoint FDE Mac, SafeGuard Enterprise Standalone and the total count of encrypted computers on campus.

How we use the reports.   We follow the trends of installations and use the reports to confirm installation procedure have been followed and to report to management during projects. Starting in February of this we added a SafeGuard Enterprise Standalone client to our encryption portfolio. This client allows Windows Based computers that are not connected to the network to be encrypted with the simplicity of the old SafeGuard Easy client.

Full Disk Encryption Installations Counts through October 2012
Full Disk Encryption Installations Charts through October 2012


IPS Traffic

The following information is a tracking report for the Network intrusions that were blocked.

2012 Information Report

2011 Information Report

Older Information. Report


WSUS Statistics

Windows Server Update Services (WSUS) allows automatic downloads of hotfixes, updates, service packs, device drivers and feature packs to clients in an organization from a central server(s), instead of using the public Microsoft Windows Update website. This saves bandwidth, time and disk space, as the individual computers in a network do not have to connect to an external server themselves, but connect to a local central server. It also increases our ability to control and allow clients to obtain updates.

We have two performance metrics and benchmarking reports. One for our Desktops and Laptops on campus and the other for our Server Environment. We track and identify the amount of computers with errors, needing updates, installed and with not status. We also track the number of updates with errors, needed by computers, installed and with no status. Each report has one graph that shows the computer updates for campus. We have been tracking updates to campus since December 2008 for Desktops/Server and in January 2011 a server environment WSUS system was setup and we have been tracking updates on it since February.

How we use the reports.  We track the numbers of updates approved to campus and on a monthly basis we approve windows security updates for campus. Tracking updates on systems allows us to follow up on systems not updated and check them to make sure they are communicating properly to the WSUS servers.

Here are the WSUS Statistics for the campus.

Campus Servers through the end of February 2012
Campus Desktops/Laptops through the end of October 2012

US Data Breaches by Year

This is a count of annual data breaches reported. It includes the number of breaches. Each one could have contained anywhere between 1 person’s information stolen, to millions. This also does not include those that went unreported. These numbers come from the Identity Theft Resource Center.

How we use the reports. We follow these number on a monthly basis and use them to help us identify if there is an uptick in incidents. We also reference the numbers in security education aware presentation to the campus and community.

US Annual Data Breach Statistics Summary through July 2012

Security Hero of the Week

The UNC campus community regularly informs the IMT Security Team of potential security issues, from spam emails and malware attacks to viruses and sensitive information handling. The security team responds not only with taking action but also sends a Thank You to the person in the form of a certificate for "Hero of the Week".

Here is a link to the frequency of security issues sent to the security team by month:
Security Hero of the Week