Summer network downtimes

2 06 2014

Just a heads-up for those who work on campus during the summer — there are some rolling Saturday morning network downtimes planned for university buildings (residential and administrative) over the next few weeks. All are Saturdays, 8am-12 noon and will affect wireless as well as wired phone and computer network connections.

See the calendar (PDF) for a full schedule, but here are a few of the planned downtimes for academic buildings:

  • O’Hara — June 7
  • McGurrin – June 14
  • Hyland — June 21
  • WML — June 28
  • CLP — July 5
  • STT — July 12 and July 19 (July 12 is STT-East, including Harper-McGinnis; July 19 is STT-West)
  • Long/Byron — July 19
  • Brennan — July 26
  • LSC — August 2 and August 9
  • IMBM — August 16
  • Loyola Hall — August 16

And here’s the announcement from the downtime-notices listserv:

Downtime Notices:
1) Purpose
Upgrade network-switch software
2) Systems Affected:
Wireless, IP-phones & computers connected in these buildings
3) Downtime Window:
Saturdays from 8AM to noon for administrative buildings or Monday-Thursday prior to 7AM for residence-halls per the attached building schedule
4) Point of Contact:
Steve Gilbody
Office:  941-6193, Cell: 335-3926


Comments : Leave a Comment »
Tags: , , ,
Categories : Network and Infrastructure, Outages

Identity Finder scans to begin Aug 1

29 05 2014

Reposting an all-faculty email from Information Security Officer Adam Edwards:

Starting on Aug 1, 2014 the Information Security Office will begin conducting weekly scans of faculty PCs to locate restricted data. These scans will only be conducted on University provided machines. This is an effort to protect University data and prevent data loss as described in the email notice below.  If you have Human Research data, please ensure it is encrypted prior to Aug 1 2014. These weekly scans have already been rolled out to staff and TAG members.

If you have any questions please email security@scranton.edu

You can also refer to TAG’s Identity Finder FAQ for Faculty.


Comments : Leave a Comment »
Tags: ,
Categories : Announcements, Security

TAG feedback on draft BYOD Strategy

21 05 2014

At our May TAG meeting, Calvin Krzywiec (Assistant Director of Network Security & Engineering) presented a draft version of a BYOD Strategy (Bring Your Own Device).  We promised Cal a written compilation of feedback to inform the next draft of the report.  Since the TAG meeting, I’ve also been discussing the draft Strategy with several other interested faculty members, and I’ve done my best to compile all of these conversations in an annotated copy of the draft. These notes represent a sampling of individual faculty members’ reactions and should not be considered an authoritative response from the faculty as a whole.

I believe the draft Strategy bears significant implications for teaching, learning, research, and the faculty work environment, and I’ve recommended that the document undergo careful review by the full Faculty Senate. (As the current Senate Liaison, Dave will share our feedback in a report to the Senate Executive Committee.)

I’d also like to invite additional comments and concerns from all faculty. If your exam week/senior week schedule permits, please take a look at TAG’s written response (annotated PDF) and let us know your thoughts.

[Update: Here’s a summarized comments view of the same annotated PDF.]


Comments : Leave a Comment »
Tags: , , ,
Categories : Announcements, Mobile, Security

TAG Meeting Notes 2014-05-07

7 05 2014

TAG Meeting May 7, 2014 12:00pm-1:00pm

Attendees:
Jeremy Brees, Tim Cannon, Teresa Conte, Kim Daniloski, Dave Dzurec, Tara Fay, Jim Franceschelli, Eugeniu Grigorescu, Calvin Krzywiec (guest), Andrew LaZella, Kristen Yarmey

TAG thanks Library Dean Charles Kratz for sponsoring lunch for our meeting today.

1. BYOD Strategy Draft

Calvin Krzywiec joined us as a guest to present and discuss a draft version of IR’s strategy for accommodating the BYOD (Bring Your Own Device) trend. Cal is Assistant Director of Network Security & Engineering and served as chair for the IR Strategy Group tasked with studying BYOD. The group is currently seeking feedback from campus stakeholders to incorporate into a final strategy.

Cal explained that the group’s objectives were driven by increasing demand among students and faculty for access to institutional services from personal mobile devices. The group’s top priority is supporting BYOD for teaching and learning, while a secondary priority is protecting the security of institutional data.

For teaching and learning (see p. 2-4 in the draft), IR’s BYOD objectives include:

  • Investigate and implement untethered teaching/learning solutions
  • Focus classroom upgrades on providing collaborative, flexible workspaces
  • Leverage virtual desktop/application technologies and client devices to reduce reliance on physical lab infrastructure
  • Leverage virtual desktop/application technologies to provide ubiquitous access to lab software resources
  • Investigate and implement secure electronic assessment solutions
  • Expand lecture capture to additional locations

The draft identifies several barriers to BYOD implementation that were also raised by faculty members in TAG’s informal survey on specialized software and computer labs.  These include:

  • Expensive licensing fees for specialized software
  • Potential disparities in student computer ownership
  • Inaccessible and/or limited power sources
  • Security for electronic assessment/computerized testing
  • High demand on wireless network

The draft strategy recommends partnership with CTLE to support faculty needs as well as engagement with faculty during the implementation of BYOD-related strategies. Jim said that IR will work with TAG to recruit faculty volunteers to test out tools and services. While the precise timeline for rolling out these changes isn’t yet determined, there are some pilot projects already in motion. Faculty members in KSOM are piloting software for securing a browser (for computerized testing) using lab computers running thin clients. Teresa noted that the Nursing department would be very interested in piloting computerized testing tools in McGurrin. IR also plans to pilot test untethered teaching/learning options in the fall – TAG will get more information on this in the summer. Tim volunteered to participate in this pilot. IR has already been piloting Panopto lecture capture and will be looking to add this capability to additional classrooms for Fall 2014. Mobile printing is also in process.

Regarding network and authentication issues: Cal said that IR will be replacing the Cisco NAC client with encrypted SSID authentication, so that users will be able to log in to the University network from their device without downloading and installing CNAC. Once a device has been logged in,  it will stay logged in – users won’t have to reauthenticate multiple times during the day to stay on the network.

The second half of the draft (p. 4-9) addresses faculty and staff devices. One issue addressed is primary computing devices (for most faculty, our desktop computer). While currently primary devices are purchased and provided by the University, alternative models such as reimbursement or stipends for equipment and software purchases could be discussed.

Secondly, in order to protect institutional data, the draft proposes a three-tiered mobile device management (MDM) system:

  • Mandatory: This tier applies to all University issued devices and requires an enrollment in a MDM system that enforces the implementation of technical controls on the device, such as lock code, lock when idle, remote wipe capabilities, device encryption, and potentially even location tracking for locating a lost device.
  • Optional: This tier applies to all non-­‐corporate owned staff, faculty, and affiliate devices connecting to University systems, including email. Enrollment in the MDM solution is optional but the expectations of minimal technical controls and the requirement to notify PIR of a lost/stolen device are defined in institutional policy. Employees must agree to allow the University to wipe the device when it is lost/stolen or the employee separates from the institution.
  • Exempt: This tier applies to student devices. This tier has no requirements but offers guidance to students on how to secure their devices.

The draft proposes that a remote wipe could be partial rather than complete, “removing only corporate data.”

Kristen raised concerns about the Optional tier, which would apply to many faculty-owned mobile devices. Firstly, the exact definition of “corporate data” may need to be clarified. According to Appendix VIII (“Copyright”) of the Faculty Handbook, in most (but not all) circumstances, faculty retain copyright over works created as part of their normal teaching, research, and service duties – including research data, lecture notes, videos of lectures, syllabi, etc.  Kristen will look into existing University policies and documents to better understand what types of records (email?) would fall under this policy. Kristen also raised concerns about references to wiping data (including email) upon “employee separation,” which for faculty may take different forms (emeritus, phased retirement, terminal sabbatical, etc).

The BYOD Strategy Group will be compiling feedback into the next draft of the report. Kristen will write up summarized feedback from TAG’s discussion as a formal response to the draft document.

2. Brief Updates 

(The BYOD discussion took up most of the meeting, so updates were rushed.)

Identity Finder automated scans (Kristen)

Kristen has been working with Adam Edwards and Scott Finlon in Information Security to answer faculty questions about Identity Finder automated scans. Kristen has updated the Identity Finder FAQ with clarifications from Information Security.  There are still some faculty concerns about the scanning and reporting process (which was approved by the President’s cabinet back in June 2013); however, we have addressed as many as possible.

Information Security would like to begin the automated scans. TAG members present at the meeting felt ready to move forward with scanning faculty machines. Dave will report at this Friday’s Senate meetings that scans will begin. Kristen will work with Adam to coordinate a schedule and an all-faculty email notification.

Test Scanning Services (Jim)

Jim reported that IR will be changing the hours of Test Scanning Services effective Monday, May 12, 2014.  The service will continue to be provided from Alumni Memorial Hall, Room 001. Tests may be dropped off and results picked up Monday through Friday, from 8:30 am to 4:30 pm.  Based upon demand and operational requirements, immediate service while you wait may not be available.  IR will continue to strive to meet the needs of our customers and will provide a 24 hour turnaround of test scanning results.  Jim asked that faculty please plan accordingly as we approach the end of the Spring term.  Jim will contact regular users of the test scanning service with more details.

Desire2Learn (Eugeniu)

Additional Desire2Learn workshops are being planned for the summer – see CTLE’s workshop calendar for the updated schedule. Eugeniu also reminded TAG members that faculty should back up any student data (including grades, discussion forms, and dropbox submissions) in Angel that they wish to keep. Step by step instructions have been emailed out, but CTLE staff will also hold workshops on this during Senior Week for anyone who needs assistance (see ). Student access to Angel will be turned off as of May 30, but faculty will have access until July 31. After that, data stored in Angel will no longer be available.

PR Department/Program Website Initiative (Dave/Teresa)

We ran out of time for in-person updates on this project. Lori had sent Kristen updates via email. Kristen will post these notes to the TAG site in a separate update.

4. Adjournment

The meeting adjourned at 1:05pm. TAG will not meet again as a full group until Fall 2014, but projects and communication (via email) will continue during the summer.

[Updated immediately after posting with correction to Cal’s title]


Comments : Leave a Comment »
Tags: , , , , , , , , , , , , , , , , ,
Categories : Angel and Desire2Learn, Announcements, Classroom Mediation, Email, Minutes, Mobile, Network and Infrastructure, Security

Power Shut Down – Friday!

14 04 2014

Reposting from an all-faculty email. If you’re planning to work over break, and/or if you’re running any critical computing systems, please note:

April 11, 2014

Faculty, Staff, and Students:

On Good Friday, April 18th between 6:00 am and 12:00 noon the electricity to the entire campus will be SHUT OFF to perform needed repairs to the University owned 12,470 volt electrical distribution equipment.  Each year the Facilities department performs a three day preventive maintenance inspection of our electrical system.  We have been fortunate over the past few years that only minor problems have been located and the need to shut down the entire campus was not needed.  This year, however, we have found a few items that need to be corrected.  Good Friday, April 18th and as stated above we will SHUT DOWN THE POWER TO THE ENTIRE CAMPUS FROM 6:00 AM TO 12:00 NOON.

It is recommended that personal computers be turned off when you leave campus for the Easter holiday whether that is Thursday, April 17 or earlier.  Any other sensitive electronic equipment in your areas that does not need to be running should also be turned off and unplugged if it can be done easily.  These are just good precautions to take when you know power is being turn off.

Facilities staff, local electrical contractors, University Police, network services, and other campus staff will assist in shutting the campus down and then turning it back on to make sure heating systems, ac systems, lighting, elevators, security systems, fire alarm systems, refrigeration systems, data centers, card swipes, and the University network comes back on.

If you have a concern about the power being shutdown in your area for this period of time, please contact my office at 570-941-6267 or send an email explaining the concern and we will make every effort to try to accommodate your request if possible.

Thank you in advance for your cooperation in this very important matter.

Buildings not affected by the power shut down are: Adlin, NRCI, Houlihan, Girl Scout House, Smurfit Art Center, Wayne, Cambria, Fitz Field, J. Joyce Shop, Tioga, Fayette, Liva, and 314-316 N. Irving.

Mark Murphy


Comments : Leave a Comment »
Tags: , ,
Categories : Announcements, Outages

TAG Meeting Notes 2014-04-09

14 04 2014

TAG Meeting April 9, 2014 12:00pm-1:00pm

Attendees:
Jeremy Brees, Teresa Conte, Paul Cutrufello, Kim Daniloski, Dave Dzurec, Tara Fay, Jim Franceschelli, Eugeniu Grigorescu, Katie Iacocca, Andrew LaZella, Lori Nidoh, Sandy Pesavento, Kristen Yarmey

TAG members thanked Eugeniu and the CTLE for sponsoring lunch for our meeting (and for hosting us!).

1. Brief Reports/Updates

Desire2Learn (Eugeniu)

CTLE and IR will jointly host Desire2Learn Day on April 24, 2014 (more details in all-faculty email). The event will include Open Office Hours with D2L staff, workshops on using blogs, social media, Wiggio, and Panopto with D2L, and a presentation by faculty member George Gomez (Biology) on his experiences piloting D2L in Spring 2014. All faculty are invited. Most of the sessions are walk-in, but please register if you plan to attend the luncheon.

Eugeniu also reminded TAG members that faculty should back up any student data (including grades, discussion forms, and dropbox submissions) in Angel that they wish to keep. Step by step instructions have been emailed out, but CTLE staff will also hold workshops on this during Senior Week for anyone who needs assistance (see CTLE’s workshop calendar for dates/times). Student access to Angel will be turned off as of May 30, but faculty will have access until July 31. After that, data stored in Angel will no longer be available.

Identity Finder automated scans (Kristen)

Kristen has been working with Adam Edwards and Scott Finlon in Information Security to answer faculty questions about Identity Finder automated scans. Kristen wrote up an Identity Finder FAQ that she will update after getting final confirmation on a few questions from Information Security.  Kim mentioned that her department also had questions about performance and scheduling. Kristen will accompany Dave to the next Faculty Senate meeting to invite further questions or concerns.

WordPress (Kristen)

Following the discussion of WordPress at our March TAG meeting, Kristen and Dave met with Interim CIO Robyn Dickinson and Jim Franceschelli for a TAG update. Robyn and Jim explained some of the time constraints on IR staff members. TAG, the Library, and CTLE will continue to work with IR on this question. In the meantime, a faculty request for a WordPress blog was approved (thank you!). Jim said that WordPress was not yet an option in the Technology Support Center’s Footprints Service Catalog (tsc.scranton.edu), but he will follow up on this.

PR Department/Program Website Initiative (Dave, Teresa, Sandy, and Lori)

TAG members Dave, Sandy, and Teresa attended a meeting of the Committee on University Image and Promotion (CUIP) on March 17 to discuss PR’s department and program website initiative (see Teresa’s notes from that meeting, with additional comments from Dave).

Vendor Converge Consulting has been hired to assist in the preparation of content of about 50 program and department web pages, selected at that meeting. (See PR’s project announcement letter for a full update and list of departments/programs.) Each program/department has been asked to identify a representative who will meet with Converge during their campus visit on April 23-24. Lori noted that as of April 9, all but 2 representative slots had been filled. Dave emphasized that departments and programs will still have ultimate control over the content on these academic pages.

2. Items for Discussion

TAG Communication with Deans (Dave and Kristen)

At the invitation of Dean of the Library and Information Fluency Charles Kratz, Dave and Kristen met with members of the Provosts’ Advisory Board on April 3 to follow up on recent discussions of WordPress (the Interim Provost herself was not present due to the Kane Competition). Charles proposed that formal lines of communication be established between the Deans and TAG, to keep the Deans informed about academic technology issues. The other Deans in attendance (Conniff, Mensah, and Welch) agreed, noting that they would like to be better prepared for meetings about academic technology with an understanding how the technology could impact their colleges. Charles suggested that TAG meet once a semester with the Provosts’ Advisory Board for information-sharing.

Kristen and Dave shared this proposal with TAG members, with no voiced opposition. Kristen further proposed that TAG invite the Deans to contact a TAG member from their college to accompany them at meetings about academic technology in the future. TAG members agreed; Kristen will pass this invitation back to the Provosts’ Advisory Board.

TAG Membership and Leadership for 2014-2015 (Dave and Kristen)

As previously discussed, Kristen will step down as TAG co-chair at the end of the semester. Teresa Conte (Nursing) volunteered to serve in this slot (thank you!). There were no other candidates, so Teresa will start a two-year term as TAG co-chair in Fall 2014. Kristen will work with Teresa during the Summer to ensure a smooth transition. Dave will continue as co-chair in Fall 2014, and Andrew LaZella (Philosophy) will serve in Spring 2015 while Dave is on sabbatical.

Kristen asked TAG members to let her know if they do not plan to serve in 2014-2015. She also invited new members to join if interested.

Kristen and Dave will nominate Paul Cutrufello (Exercise Science) to serve as TAG’s Senate liaison for 2014-2015.

3. New Business

Royal News feedback (Lori)

PR is seeking feedback on Royal News, the weekly email/web newsletter for University students, faculty, staff, alumni, and community members. Lori asked TAG how best to solicit feedback from faculty. TAG members suggested coordinating a focus group with the Provost’s Office (perhaps as a Brown Bag session) as well as offering an online survey. Several TAG members noted that they liked Royal News and had no complaints or concerns. If PR puts out an online survey, Kristen will post it to the TAG site. Any faculty members who wish to share thoughts or comments (or participate in a focus group) on Royal News are encouraged to email royalnews@scranton.edu.

Heartbleed (Kristen)

Kristen shared Information Security’s update and recommendations regarding Heartbleed, a major OpenSSL vulnerability that has affected user privacy and security on many websites. The University’s main authentication service (CAS) was not vulnerable to this issue, and other servers and campus services are now all up to date. Information Security recommends, however, that users change their passwords for Internet sites and (especially if you reuse passwords) for my.scranton. Jim warned against reusing passwords and recommended KeePass as a password management tool.

IT Services Updates (Jim)

Jim provided a few brief updates on IT Services projects relevant to faculty:

  • Windows XP — IT Services aims to have all faculty desktop machines upgraded to Windows 7 before the end of the Spring semester. However, some faculty members aren’t returning calls to schedule and update. Kristen asked TAG members to remind their colleagues to respond to IT Services scheduling efforts.
  • Royal Cards — Old Royal Cards will expire on May 1, but there are still many faculty who have not gotten updated cards. TAG members will remind their colleagues to visit the Technology Support Center before the end of April to avoid being locked out of buildings, etc.
  • Internet Explorer 10 will be pushed out via KBOX before the end of the semester (upgrading from IE 8). Chrome and Firefox installations are currently up to date.
  • Java 7 has now been approved. Jim encouraged faculty to complete these updates in order to avoid security vulnerabilities or software incompatibility.
  • Funding for a campus-wide license for Panopto (a hosted lecture capture service) has been approved! IT Services is working with CTLE to integrate Panopto with Desire2Learn. TAG will work with IT Services in 2014-2015 to expand the availability of the service on campus. Kristen suggested that if IT Services knows approximately how much it will cost to add Panopto to a classroom, perhaps faculty members could apply for CTLE Technology Grants (or other funding) to speed implementation in their building/college.

As a follow-up question, Teresa asked Jim if student photographs could be integrated into Desire2Learn (for class rosters, seating charts, etc). Jim promised to look into this request.  [Post-meeting update from Jim (via email): “Unfortunately, I’ve been told this isn’t possible…  D2L does not have a provision to include photos in an automated upload from Banner. The D2L informed us that there was no way to do a bulk load of photos into D2L.  The only way to upload a photo into a student’s profile is for the student to upload it themselves. D2L is coming to campus later this month.  It might be a good question to broach to them… maybe we can get it on D2L’s development list.”]

4. Adjournment

The meeting adjourned at 1:00pm. TAG’s final meeting for Spring 2014 will be Wednesday, May 7 from 12pm-1pm in WML305. Network Engineer Calvin Krzywiec will join us to discuss IR’s drafted strategy for accommodating the BYOD (Bring Your Own Device) trend. Lunch will be provided (thanks to Library Dean Charles Kratz).


Comments : Leave a Comment »
Tags: , , , , , , , , , , , , , , , , , ,
Categories : Angel and Desire2Learn, Announcements, CMS and University Website, Minutes, Security, TAG Administrative

(Another) Update on Department/Program Websites

14 04 2014

Earlier this month, we posted notes from a joint meeting of TAG and the Committee on University Image and Promotion (CUIP) about department and program websites. To fill in some additional information, here’s a project announcement letter (PDF) PR put together for the Deans. The announcement includes a list of departments and programs selected for the pilot as well as a questionnaire that will be used to help elicit information from faculty members about departments/programs.

Many thanks to the faculty members who have volunteered to work on this joint initiative! Please let a CUIP or TAG member know if you have questions or suggestions — TAG members Dave Dzurec, Sandy Pesavento, and Teresa Conte are each serving as their department’s representative (History, Education, and Nursing, respectively).


Comments : Leave a Comment »
Tags: , , ,
Categories : Announcements, CMS and University Website

Desire2Learn Day – April 24

14 04 2014

Reposting an all-faculty email from CTLE/IR:

Dear Faculty,

Please join us for
Desire2Learn Day
Brennan Hall, Room 509 (Rose Room)
Thursday, April 24, 2014

Several sessions for faculty members will be conducted during the day, as outlined in the schedule below. The highlight of the day will be the lunchtime forum for faculty Desire2Learn – More Than Just a Course Management System.

Desire2Learn is a next generation learning solution, addressing key challenges related to learner engagement, retention, and outcomes. Its design and functionality represent a shift from the simple course management capabilities of an LMS, to a highly pervasive, perceptive, and personal learning experience. Come learn about the advantages of using Desire2Learn for your teaching, and some of its key features, from Desire2Learn representatives.

Also hear about the “real-life” experience of one of our own faculty members, Dr. George Gomez, who is using the D2L learning environment this semester.

You must register by April 16 for the lunch/presentation here (select IT Forum).

All other events on the schedule below are available on a walk-in basis.

  • 10:00-10:30 AM   D2L Open Office Hours – come and ask any questions you have about Desire2Learn
  • 10:30-11:00 AM   Using Wiggio & Blogs in Desire2Learn
  • 11:00-11:30 AM   Incorporating Panopto video into Desire2Learn
  • 11:30-1:00 PM   Lunchtime Presentation: Desire2Learn – More than just a course management system.  Registration Required. Deadline is April 16, 2014.

The following afternoon sessions are open to both faculty and students.

  • 1:15-1:45 PM   Desire2Learn Mobile apps (Binder, Assignment Grader)
  • 1:45-2:15 PM   Using Notifications in D2L
  • 2:15-2:45 PM   Social Media in D2L
  • 2:45-3:30 PM   D2L Open Office Hours – come and ask any questions you have about Desire2Learn

Comments : Leave a Comment »
Tags: , , ,
Categories : Angel and Desire2Learn, Announcements, Technology Training, Tutorials

Back Up Angel Student Data

14 04 2014

TAG and CTLE would like to remind faculty members to back up student data (including grades, discussion forums, and dropbox submissions) for their ANGEL courses by May 31, 2014.

Here are step-by-step instructions from CTLE/IR (as emailed to all faculty on 2014-03-31):

As mentioned in previous emails, course content from ANGEL copies over to D2L. However, ANGEL student data does not. We suggest that you backup all grade book, discussion, and dropbox submission data prior to May 31, 2014. There will be several workshops during the week of May 26 [see calendar] to help you backup your ANGEL student data.

Back up student grades:

  • Navigate to the ANGEL Manage tab of each course,
  • Gradebook => Overall Report => Save as PDF or,
  • Gradebook => Export Grades to save as a comma delimited file.

Back up discussion forums:

  • Navigate to the ANGEL Communicate tab of each course,
  • Click on a forum,
  • Select Nested View in drop down menu next to New Post,
  • Click [+] in front of Post Title to turn it into [-],
  • Click the printer icon at top right,
  • Select a pdf printer to save your discussion forum in pdf format.

Back up dropbox submissions:

  • Navigate to the ANGEL Lessons tab of each course,
  • Locate a droppbox,
  • Mouse over the dropbox title and click Submissions,
  • Click on Download Submissions,
  • Select All Submissions from the drop down menu,
  • Click Download to save a zip folder to your computer.

As always, the CTLE and ITDA will be available to help make this transition as smooth as possible. Please do not hesitate to call upon us at any time.


Comments : Leave a Comment »
Tags: , ,
Categories : Angel and Desire2Learn, Announcements

Heartbleed Update from Information Security

9 04 2014

For those that have been listening to the news about Heartbleed, here’s some information from Information Security Engineer Scott Finlon:

——————————————————

A major security vulnerability named Heartbleed was disclosed Monday night. The vulnerability affects a large portion of websites on the Internet and here at the University of Scranton that use OpenSSL to encrypt webpages (pages that start with https). SSL, or secure socket layer, is a cryptographic protocol which is designed to provide communication security over the Internet.

The security issue allows the stealing of information protected by SSL by stealing the private keys that protect the confidentiality of the information. Sites affected by the security vulnerability can have login credentials stolen as well as other data that would normally be protected by an SSL connection. In addition, once an attacker has the private key for a particular website, they can use the key to decrypt traffic previously sent to the server prior to the bug being disclosed.

Since Tuesday morning, the Information Security Office has been working with Enterprise Systems and other system owners across campus to ensure that their services are securely configured to mitigate risks associated with this issue.

The web servers that maintain CAS, the primary web-based authentication method used by campus services, were not vulnerable to this issue. Other campus services that utilize OpenSSL have been updated as quickly as identified, in order to mitigate the risk associated with the vulnerability.

Although we have no evidence that any University of Scranton sites have been compromised through this exploit, we do know that this bug has existed for 2 years before there was any knowledge of this specific vulnerability. We suggest you pay close attention to all your sensitive user accounts across the Internet and contact the owners of those related services if you have any questions.

Also, watch for fraudulent email claiming to be from companies with which you do business, as criminals will undoubtedly use this issue to create targeted phishing email messages to trick people into divulging their passwords.

If you have any questions or concerns about this issue, please feel free to contact the Information Security Office at <security@scranton.edu> or by calling the Technology Support Center at 570-941-4357.

Scott Finlon, CISSP GCIA GCIH
———————————–
Information Security Engineer
The University of Scranton
email : scott.finlon@scranton.edu
phone : 570-941-6168
———————————–

Comments : Leave a Comment »
Tags: , ,
Categories : CMS and University Website, Security

« Previous Entries Next Entries »