Cybersecurity

What are some great Anti-Spyware Tools?

Ad-Aware SE Personal Edition – http://www.download.com
Spybot Search and Destroy – http://www.download.com
Hi-Jack This – http://www.download.com

Detecting Mac OS X Trojan "Flashback"

Background

As of October 2011, a Trojan named Flashback has been targeting Mac OS X users by masquerading as a legitimate version of the Adobe Flash Player installer. Its visual elements and user interface are is quite similar, if not identical in certain cases, to the official Adobe Flash Player installer. Upon installation, it checks for the built-in Mac OS X firewall and if it is not found, the malware may request payloads from remote hosts. (1)

According to F-Secure researchers:

“There are three variants of Flashback. According to F-Secure, two of them cannot connect to their remote hosts, as they are offline. The third can connect to the remote host for additional payloads, but the host isn’t serving anything. Also, unlike the first version, the other variants are requiring an administrator password before proceeding with installation.” (2)

Mitigation Recommendations

2. Flashback installs to “~/Library/Preferences/Preferences.dylib” so a user could check for the presence of that file to gauge whether Flashback is running on their Mac.

3. Sophos also detects the file as “OSX/FlshPlyr-A” so those with the campus-provided anti-virus software should be notified so long as their anti-virus definitions are updated. Sophos is a free anti-virus software that UCLA provides to the campus community. It can be downloaded from the UCLA Bruin OnLine Sophos website. (http://www.bol.ucla.edu/software/sophos/)

References

(1) http://www.securityweek.com/mac-os-x-trojan-targeting-apple%E2%80%99s-anti-malware-system

(2) Ibid.

SQL Injection (Application Vulnerability)

Summary

SQL Injection is a type of security vulnerability that occurs when application does not properly sanitize user inputs. The vulnerability potentially allows attacker to arbitrarily manipulate queries sent to the database layer. This type of vulnerability is usually considered medium/high severity since private data can be leaked or integrity of data can be affected.

Types

Cloning systems with Sophos and Sysprep

During deployments of multiple systems with the exact same hardware configuration, Sysprep is the most common tool to assist this along with Ghost.

If you have Sophos on your original deployment image, you may find that you cannot access the Sophos console on cloned systems with Sysprep (or other tools that change the computer SID).

To repair this:

http://www.sophos.com/support/knowledgebase/article/12561.html

If you have already deployed cloned systems and need to repair your Sophos installation follow the instructions at the bottom of the article, “Changed SID values and Sophos Anti-Virus”:

On a computer where the SID value has been changed, open a command prompt and type the following command:

On Windows Vista the command is:

-

If you are doing this on the master image before you have deployed it or after you have deployed cloned systems, follow the link above.

  1. On the template computer, stop the following services (if they are present):
  1. Read the Microsoft warning about editing the registry.
  2. On the template computer, in turn, open each of the following registry keys (if they are present):

and, in each key, delete the following two entries

Note: These keys must not be removed from a server running Enterprise Console.

  1. Delete the following files from the template computer:
    C:\Program Files\Sophos\AutoUpdate\Data\Status\status.xml
    C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\Config\Machine.xml

Useful OSS Security Tools

1 – Alienvault – Open Source Security Information Management system – good review in the latest (March 2010) Linux journal

From the web site: The OSSIM platform consists of a Management Server, and Sensor or “Probe”. A professional version that includes SEM functionality is also available (please see below). The solution may be implemented as a single monolithic appliance or a set of appliances in which probes are separated from the management server, and distributed throughout the enterprise.

Probes capture network and system information in real time, and send it to the central Management Server where the data is analyzed to assess immediate threats and risk, filter out false positives, and locate false negatives that other security devices and software on the network cannot detect.

Probes not only capture data, but can be tasked as sophisticated attack detection components. They come with several attack detection systems, audit systems, and context learning systems (network profiles, inventory, availability), all of which are seamlessly integrated. When deployed in this fashion probes provide a very quick and safe way of continuously and transparently monitoring local and remote networks, providing provide full visibility of all security related aspects of the enterprise.

The information from the organization’s security systems, such as the firewall, antivirus, IPS, HIDS, etc, are all collected through these probes, and then analyzed through sophisticated intelligence technology. This technology correlates data from many sources to detect blended threats otherwise undetectable by individual systems; prioritize these threats; and make automated decisions with regard to the risk implied in each one.

2 -DEFT Linux – live Linux Distro for Forensics / Network Security / Analysis

DEFT Linux v5 is based on the new Xubuntu Kernel 2.6.31 (Linux side) and the DEFT Extra 2.0 (Computer Forensic GUI) with the best freeware Windows Computer Forensic tools ; it isn’t a customization of Xubuntu like the old version, it is a new concept of Computer Forensic live system that use LXDE as desktop environment and thunar file manager, mount manager as tool for device management, dhash2, guymager, dcfldd, ddrescue and linen as forensic imager tools, sleuthkit 3.01 andvautopsy 2.21 as landmark for the disk forensic, nessus 4 as security scanner and much more like:

an advanced file and directory researcher
foremost, scalpel and photorec carving tools
a complete support for the most used file systems
a complete support for logical volume manager
a complate support for afflib and ewflib support
a very powerful tools for network forensic as Xplico, wireshark,
kismet, ettercap and nmap
a very powerful tool for identify file type from their binary
signatures (TrID)
the last version of ophcrack, the password cracker based on rainbow
tables and john the ripper password cracker
chkrootkit, rkhunter and exploit scanner
clam 4.15 virus scanner
steganography detection software as outgess
tool for screenshot as take screen shot and video screen capture as
record my desktop
deft-mount script for mount device in read only

Can be booted from a thumbdrive or CD.

3 – Eraser for Windows Eraser is an advanced security tool for Windows which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns. Works with Windows 98, ME, NT, 2000, XP, Vista, Windows Server 2003 and Server 2008.

Sort of like a Windows-native Darik’s Boot And Nuke

Taken from email to UC-CSC list by UCI colleague Harry Mangalam

What is the function of www.AppliedSecurity.ucla.edu site?

This site is dedicated to posting practical solutions to current data security issues facing the community. The current topics include listing of IT policies, Peer-to-Peer, and Encryption of sensitive data and related tools on campus.

The site is accessible only from UCLA IP addresses. The site address is:

Is the cost of licenses to protect sensitive data by encrypting the disk paid by the campus?

Yes. The campus IT security group has chosen PGP full disk encryption and related tools for this purpose. All campus entities with a need to protect their sensitive data and data coverd in campus Policy 404 (Data including Personal Information) are entitled to use the available tools at no cost to the department or the individual.
Contact your IT department or your IT Compliance Coordinator on how to start protecting your data. For more information visit: www.appliedsecurity.ucla.edu.

How to Prevent Unauthorized Users From Accessing Your Computer if you Step Away From Your Desk

It takes only a few seconds to secure your computer and discourage malicious individuals. Lock down (or log out of) your computer every time you leave your desk.

To log back in, you’ll need to put in the username/password for your computer, which may be one you choose, or it may be your departmental login information. Be sure to shut down your computer completely when you leave for the day.

To Lock Down Your Computer

To Log out of a Mac

To Lock Down Windows 7

  1. Go to the Start menu
  2. Select the right pointing arrow from Shutdown category from the bottom right
  3. Select Lock

To Lock Down Windows XP

  1. Click Ctrl+Alt+Delete
  2. Select “Lock Workstation”
  3. This will bring up your login screen and lock your computer down.

Windows XP shortcut: Click the Windows key (the flying window key at the bottom of the key board) and the L key. This will bring up your login screen and lock your computer down.

How do I set a password-protected screen saver?
If you forget to log out of your computer when you walk away, for your protection, you should set up a screen-saver that will lock your computer after a pre-set amount of time and require a password to log back in.

To Set a Password-Protected Screen Saver

To Set a Password-Protected Screensaver for XP
Right click on your desktop. A drop down menu box will appear. Select “Properties.” See Insert Fig. 1

Insert Figure 1

The display properties for the desktop will appear. Click on the “Screen Saver” tab.

See Fig. 2

Insert Figure 2

Clicking “Start” in the taskbar at the bottom of the desktop screen and click on “Control Panel.” See Fig. 3

insert Figure 3

A window will appear that will have many icons or a list of items. Click on the “Display” icon or the “Display” in the list. See Fig. 4.

Insert Figure 4

To Set a Password-Protected Screen Saver for Mac OS 10.0 – 10.5

  1. Open “System Preferences”
  2. Click on the “Security” icon
  3. Check the “Require password to wake this computer from sleep or screen saver” field.
  4. Return to the “System Preferences” and choose the “Desktop and Screen Saver” icon
  5. Select the “Screen Saver” tab
  6. Set the amount of time you want to pass before the screen saver starts (5 minutes is a good limit)
  7. When the screen saver activates after the required time period has lapsed and/or you want to unlock your computer move the mouse, click on a key to logon to your computer.

What to do if your e-mail is hacked

Standard steps to do if you believe your e-mail has been hacked:

http://blogs.msdn.com/b/securitytipstalk/archive/2010/07/07/hotmail-hacked-take-these-steps.aspx

While Hotmail is the most common target for hacking in the media, the instructions and general advice are good:

Courtesy of MSDN:

  1. Change your password. (On the Windows Live Hotmail Web site sign-in page, click Forgot your password?)
  2. Update and change the secret question and answer used to recover your password.
  3. Update and change the alternative email address that you use on your account.

If you no longer have access to your account, please contact the appropriate administrator to restore access to your account.

Additionally, we strongly recommend that you consider whether or not personally identifiable information has been compromised and contact your banks/credit cards/etc. for fraud alerts if they are at risk.

Courtesy of MSDN:

Verizon's Annual Data Breach Investigations Report (DBIR)

A dramatic increase in attacks by outside parties. Breaches fueled by monetary gain. Hacking and malware threats on the rise.

Data breaches continue to plague organizations worldwide, and we continue to analyze them ? so you can learn how to avoid becoming a victim. The DBIR series now spans eight years, more than 2,000 breaches, and over 1 billion compromised records. Our goal is to distinguish who the attackers are, how they’re getting in, and the assets they’re targeting.

The more you know, the better you can prepare ? and our reports provide insight and clear recommendations for you to follow to face security threats head-on.

Also:

Reducing Laptop Theft

To assist in reducing laptop theft UCPD participates in part of a nationwide security tracing program. The STOP system is applicable to computer laptops, digital projectors, and other portable devices.

For $20 UCPD will affix a permanent tag which ‘tattoos’ the device. The process takes five to ten minutes.

Contact UCPD CSO at 310/82*5-4774*, or email at cso@ucpd.ucla.edu.

STOP homepage

Sophos Security News & Blogs

Sophos has a number of security news feeds and blogs at:

Sophos Support on Twitter:

Symantec's Annual Internet Security Threat Report

The Internet Security Threat Report (ISTR) provides an overview and analysis of the year in global threat activity. The report is based on data from the Symantec Global Intelligence Network, which Symantec’s analysts use to identify, analyze, and provide commentary on emerging trends in the dynamic threat landscape.

see also:

Sophos Security Threat Report

See the threats through the hype, with the latest research and commentary from SophosLabs.

See also,

Mobile Device Management Now Available With Sophos

The current UCLA-wide agreement for Sophos anti-virus software has been renewed through October 2018.

The decision to renew was based upon input from numerous key stakeholder groups UCLA-wide. Input identified that Sophos effectively fulfills UCLA’s anti-virus needs, and that the cost to change to an alternative solution would outweigh any potential benefits.

Renewal negotiations resulted in favorable terms, including:
—Unlimited coverage for UCLA owned or leased devices
--Unlimited coverage for personally owned devices of faculty, staff and full-time students
—Upgrade to Endpoint Protection-Advanced
--Addition of Sophos Mobile Control

Sophos remains AVAILABLE AT NO COST to UCLA departments, faculty, staff and students for work and home use.

For Department IT Administrator access to the products available under this agreement, please go to http://www.bol.ucla.edu/software/sophos/admin/.

Explaining to your mother how to safely surf the web at Starbucks

The title is mostly for fun, but I’m curious if anyone has found fairly simple guides to safely browsing at public internet cafes or open wireless like UCLA_WIFI.

Not simple enough for some mothers, I did like this guide.
(9 Tips to stay safe on public wifi)

Heartbleed Remediation

For up to date status of Dell products in relation to Heartbleed visit —

Mashable’s List of sites to watch for Heartbleed—

Lynda.com has a couple of short videos to explain the situation—

Please feel free to add links to other articles about Heartbleed that others may find useful or interesting. Thanks!

Windows Bitlocker Strength

By default Windows 7/8 Bitlocker uses 128-bit encryption. Each version has an option for 256-bit AES encryption. The change to 256-bit requires a Windows policy modification.

See also—

Tips for creating a secure password

How can I create a secure password?

Update: Read this first: Choosing a Secure Password by Bruce Schneier, Feb. 25, 2014

Your password is your key to access important personal information both on your computer and online. Should criminals or other perpetrators discover your password, a wide variety of consequences ranging from loss of privacy to identity and credit theft can ensue. Fortunately, creating an effective and memorable password is fast and easy, and these tips will help your ensure your information remains protected.

What makes a strong password

Make it lengthy. Your passwords should be 8 or more characters in length; 14 characters or longer is ideal.

Combine letters, numbers, and symbols. The greater variety of characters that you have in your password, the harder it is to guess. Other important specifics include:

Use words and phrases that are easy for you to remember, but difficult for others to guess. The easiest way to remember your passwords and pass phrases is to write them down. Contrary to popular belief, there is nothing wrong with writing passwords down, but they need to be adequately protected in order to remain secure and effective.

Use these steps to develop a strong password:

  1. Think of a sentence that you can remember. This will be the basis of your strong password or pass phrase. Use a memorable sentence, such as “My son Aiden is three years old.”
  2. Check if the computer or online system supports the pass phrase directly. If you can use a pass phrase (with spaces between characters) on your computer or online system, do so.
  3. If the computer or online system does not support pass phrases, convert it to a password. Take the first letter of each word of the sentence that you’ve created to create a new, nonsensical word. Using the example above, you’d get: “msaityo”.
  4. Add complexity by mixing uppercase and lowercase letters and numbers. It is valuable to use some letter swapping or misspellings as well. For instance, in the pass phrase above, consider misspelling Aiden’s name, or substituting the word “three” for the number 3. There are many possible substitutions, and the longer the sentence, the more complex your password can be. Your pass phrase might become “My SoN Ayd3N is 3 yeeRs old.” If the computer or online system will not support a pass phrase, use the same technique on the shorter password. This might yield a password like “MsAy3yo”.
  5. Finally, substitute some special characters. You can use symbols that look like letters, combine words (remove spaces) and other ways to make the password more complex. Using these tricks, we create a pass phrase of “MySoN 8N i$ 3 yeeR$ old” or a password (using the first letter of each word) “M$8ni3y0”.
  6. Test your new password with Password Checker. Password Checker is a non-recording feature on this Web site that helps determine your password’s strength as you type.

For more information on password security, make sure to check out these sites:

Reference:
http://www.microsoft.com/protect/yourself/password/create.mspx

Intrusion Detection Systems Information

Intrusion Detection Systems (IDS) have many approaches. This page is intended to document the different approaches and reference places where more information can be obtained.

Intrusion Detection Systems — http://en.wikipedia.org/wiki/Intrusion_detection_system
Intrusion Prevention Systems — http://en.wikipedia.org/wiki/Intrusion-prevention_system
Host-based IDShttp://en.wikipedia.org/wiki/Host-based_intrusion_detection_system
Application Protocol-based IDShttp://en.wikipedia.org/wiki/Application_Protocol-based_Intrusion_Detection_System
Network IDShttp://en.wikipedia.org/wiki/Nids

Where can I go to find out more information on viruses, worms, trojans, spyware, hoaxes, etc...

I like going to these sites:

BruinTech http://www.bruintech.ucla.edu/security_virus.htm provides a number of links to further information and products.

Phishing protection

Applications that offer phishing protection:

Standalone

Web-based

Why shouldn't I email or post Microsoft Word documents?

Many people send Microsoft Word documents as email attachments without realizing that there are several security risks.

How can I make more secure passwords that I can still remember?

Slightly off topic, but if you must write a password down, see if you can write only part of it, just enough to help you remember the rest.

If anyone has other suggestions, please add them.

See https://kb.ucla.edu/link/1037

What is PGP? Where can I get more info?

What is PGP?

PGP (“Pretty Good Privacy”) is a powerful, free crypto package. PGP lets people exchange files in a private, encrypted format, and also provides message authentication (to an extent).

If you have an encryption key for sending and receiving email, you can publish the public key for it in the UCLA key directory at:
http://keys.ucla.edu/vkd/GetUploadKeyScreen.event

For discussion of PGP, see the newsgroup alt.security.pgp. A FAQ is also available for this newsgroup at:
http://www.faqs.org/faqs/pgp-faq/

The Electronic Privacy Information Center is a good resource on privacy issues. Visit the EPIC Online Guide to Privacy Resources web site at:
http://www.epic.org/privacy/privacy_resources_faq.html

The PGP commercial product is available at:
http://www.pgp.com/

The open source equivalent of PGP, GnuPG, is available at:
http://www.gnupg.org/

Are there any security requirements for connecting a device to the UCLA network?

Please see UCLA’s Minimum Security Standards for Network Devices UCLA Policy 401

From: Associate Vice Chancellor Jim Davis, Office of Information Technology
Sent: Monday, July 17, 2006 6:00 PM
Subject: Minimum Security Standards for Network Devices

UCLA Office of Information Technology

Deans, Directors, Department Chairs and Administrative Officers

A minimum security standards policy for all devices connecting to the UCLA network has gone into effect as part of an ongoing initiative to enhance the security and privacy of UCLA’s electronic data and resources. UCLA Policy 401 focuses on the security of individual devices connecting to the UCLA network — including, but not limited to, laptop and desktop computers, printers, specialized medical and research instruments, and PDAs. Policy 401 articulates standards for software patch updates, anti-virus software, host-based firewall software, passwords, authentication, email relays, proxy services, and physical security. This policy is pursuant to the draft minimum standards policy that you were informed of in June 2005.

This policy has implications for faculty, non-IT staff, and students. Specifically, anyone who maintains a computer that connects into UCLA’s network is responsible for compliance with this policy in order to connect. For example, a student, faculty or staff member who uses a personal computer in his or her home for work would be responsible for ensuring that the system complies with the minimum standards. A device that is not compliant or for which there is not a security plan may not be permitted to connect.

UCLA Computing Support Coordinators, Network Coordinators, Help Desk Consortium members, System Administrators and unit CIOs have a primary role and responsibility in the implementation, enforcement and ongoing support of this policy within their units. However, it must be understood there are many devices for which the user, not the support staff, will have the primary responsibility for compliance.

The new policy was emphasized to departmental technologists in May in order to give them an opportunity to ask questions and make suggestions about the policy and its implementation. Many of the campus technologists were already familiar with the policy through their participation in working drafts circulated during the policy’s development and are now working to bring their units into compliance.

UCLA Policy 401 can be found at:
http://www.adminpolicies.ucla.edu/app/Default.aspx?&id=401.

Sincerely,

Jim Davis
Associate Vice Chancellor
Office of Information Technology

What is UCLA ASTF and who are its members?

The Applied Security Task Force issues advisories on IT vulnerabilities, threats, patches and other security issues as information becomes available. The advisories are generally sent to Computing Support Coordinators and the Help Desk list. If you are not on either of these listserves, but would like to receive Security Advisories, contact the ASTF at: safecomputing@ucla.edu.

It also includes RSS feeds.

Kerberos

Anti-virus, firewall and Internet security software

For general info on securing your PC/Mac you might want to check out:

Where can I download Sophos Anti-virus and how do I install it?

Sophos Anti-virus is offered to all faculty, staff, and students at UCLA. Sophos is offered by BOL and can be downloaded at this link:

https://www.it.ucla.edu/bol/software-downloads/sophos-antivirus

National Vulnerability Database

National Vulnerability Database is a comprehensive cyber security vulnerability database that integrates all publicly available U.S. Government vulnerability resources and provides references to industry resources.

Norton Antivirus causes email sending problems

The outgoing email scanning function in Norton Antivirus is usually turned on by default. Individuals who use NAV should be aware that the scan does not support SSL. Please do not be alarmed if the following message occurs:

Unable to establish a SSL connection with the server. Account: ‘SSCNET’, Server: ‘mail.ucla.edu’, Protocol: SMTP, Server Response: ‘454 TLS not available due to temporary reason’, Port: 25, Secure(SSL): Yes, Server Error: 454, Error Number: 0×800CCC7F.

Simply turn off the outbound scanning feature and the email client using SSL can send mail again. See NAV help files to disable scanning feature (instructions will vary based on different versions).

UCLA pays for Sophos, so that is what I use. However, Notre Dame uses Norton, so here are some instructions from its site:

Notre Dame Norton AV Instructions

New UC guidelines on Encryption

The best way to protect data is to not have it. However, restricted data should be retained only when it is necessary but if you must keep sensitive data, the University requires encrypting it. The purpose of encryption is to prevent unauthorized access to data while it is either in storage or being transmitted. For example, encryption can protect the privacy of restricted data that is stored on a laptop computer, even if that laptop computer is stolen. Similarly, it can protect data that is transmitted, for example, over a network, even if that network is tapped by an unauthorized third party.

In April, 2006, UCOP’s Information Resources and Communications released guidelines for encryption and announced an agreement with Pointsec to provide the University with encryption tools for PCs, smartphones, PDAs, removable media such as CDs and flash drives, and management tools for those who have to look after all these various devices.

As the guideline states “Encryption is not, however, a panacea. It is not a substitute for other security measures, such as authentication, authorization, and access control, and must be used in conjunction with those other measures.” The guidelines provide information on developing strategy at the local level to use encryption effectively.

Preventing SSH Dictionary Attacks With DenyHosts

From the tutorial:

“In this HowTo I will show how to install and configure DenyHosts. DenyHosts is a tool that observes login attempts to SSH, and if it finds failed login attempts again and again from the same IP address, DenyHosts blocks further login attempts from that IP address by putting it into /etc/hosts.deny. DenyHosts can be run by cron or as a daemon. In this tutorial I will run DenyHosts as a daemon.”

http://www.howtoforge.com/preventing_ssh_dictionary_attacks_with_denyhosts

Security Engineering - free e-book

Free online copy of a good and comprehensive computer security book: Security Engineering: A Guide to Building Dependable Distributed Systems.

“If you’re even thinking of doing any security engineering, you need to read this book”
Bruce Schneier

How do I obtain Sophos Anti-Virus Software at UCLA

UCLA has negotiated an agreement with Sophos for all of their anti-virus products for desktop and gateway servers. The software is available to all UCLA students and employees at no charge for home and work computers:

https://www.it.ucla.edu/bol/software-downloads/sophos-antivirus

Department IT Administrators (only) may request a username and password to download desktop and gateway anti-virus products directly from Sophos via this link:

https://www.it.ucla.edu/bol/software-downloads/sophos-antivirus-ucla-it-administrators

For questions on specific components of the license or availability of updates, please contact Bruin OnLine directly at consult@ucla.edu or (310) 267-4357.

Uninstalling Norton Antivirus

To install Sophos you must first remove your current anti-virus program. These instructions to uninstall Norton Antivirus for Windows.

If you still have trouble installing Sophos, check the Symantec website for more information on how to uninstall Norton Antivirus:
http://service1.symantec.com/SUPPORT/nav.nsf/docid/2001092114452606

I need a free file encryption software

TrueCrypt is a simple, easy-to-use, on-the-fly encryption program. It works on Windows 2000/XP/2003 and Linux.

Some features include:

  1. Ability to encrypt entire hard disk partition or a storage device
  2. Creation of a virtual encrypted disk within a file that mounts as a real disk.
  3. Encryption using AES-256, Blowfish (448-bit key), CAST5, Serpeant, Triple DES, and Twofish.

For a more information, please visit:
TrueCrypt

_

UCLA offers PGP WDE (whole disk encryption) free to all departments. It is cross platform, has central key management (for recovery!), and there are staff to assist implementation:

Crashed PGP encrypted disks can be recovered by DriveSavers:

Is there a free Anti-Virus software for Windows XP 64-bit?

Sophos 6.x supports 64-bit Windows XP, but according to Bruin Online, the earliest it will become available as a download/update is Spring 2007. Campus users still need to upgrade from Sophos 4.x to Sophos 5.x before UCLA releases Sophos 6.×.

During this transitional phase, 64-bit Windows users can try the personal version of AVAST Anti-Virus Software. Though I haven’t tried it, many of my colleagues really like this product.

Visit AVAST for more information.

Mikey

UCLA Multi-Factor Authentication

For Google Apps for Education (g.ucla.edu)

Since Google Apps authentication is done using UCLA Single Sign On (SSO), turning on 2-step verification through your Google Apps account settings won’t have the intended behavior. If you’d like to add multi-factor authentication protection to your Google Apps account you’ll want to turn on MFA for your UCLA Logon ID.

For UCLA Logon ID

All employees including student workers are required to enroll in MFA as of October 31, 2017 MFA is available as an option to all other UCLA Logon account holders (i.e. students, alumni, retirees, contractors, etc.) but is opt-in.

See https://www.it.ucla.edu/security/resources/mfa-at-ucla for more information.