Wireless Network work this week

5 08 2013

Update 2013-08-08: Downtime complete :)

[Updated 2013-08-05]

Network Infrastructure is going to be working on our wireless network this week, upgrading to a new version of Cisco NAC. If you’ll be working on campus this week, you may see some downtime on Tuesday and Thursday in the late afternoon/early evening. Notice from the downtime-notices RoyalList:

What:
Network Infrastructure will be upgrading Cisco NAC to version 4.9.3.

Why:
To add support for newer operating systems and antivirus as well as add new features. During this upgrade we will also be migrating off of legacy hardware onto new appliances.

When:
August 6th 4:30 PM – 6:30 PM
August 7th 4:30 PM – 8:30 PM

Impact:
August 6th 4:30PM – 6:30 PM:
Approximately 20 mins of downtime is expected for the wireless network.  Wired connections will be unaffected.
August 7th 4:30PM – 6:30 PM:
There will a 1 hour window of downtime where wireless (Royalair, RoyalGuest) and unauthenticated users on wired connections on campus will be unable to login.


Comments : Leave a Comment »
Tags: , , , , ,
Categories : Announcements, Outages, Upgrades

Firefox Upgrades Now Available through IT Services

31 10 2012

Jim Franceschelli gives us the following update from IT Services:

In the effort to support users and provide them with a modern and secure web-browsing platform, IT services is now installing and supporting up-to-date versions of Firefox.  

Historically, browsers updates have been limited only to those which are fully supported by the ERP / Banner system.  IT services will be lifting this restriction on Firefox, but keeping IE updates restricted to only those versions which are fully supported.  This will means that all IT services computers will contain (and IT services will support) one browser that is guaranteed to be fully compatible with ERP / Banner (Internet Explorer 8.0) and one which has modern features and security (Firefox).

The Information Technology Service (ITS) department will be pushing the newest version of Firefox to University owned computers in offices on campus via KBOX beginning on November 2, 2012. 

Once you install this update and open Firefox, you may be prompted with a series of screens on which you need to make choices.

  • Select Your Add-ons
    • Click the Add-ons you want to use
    • Click Next
  • Select your Add-ons (2nd screen)
    • Displays which Add-ons are disabled but will be enabled as soon as they are compatible and which ones will be updated.
    • Click Next
  • Your default home page (most likely my.scranton.edu)
  • Default Browser pop-up box
    • Asks if you want to make Firefox your default browser
    • We recommend you uncheck “Always perform this check when starting Firefox”.
    • Click Yes  –  if you want Firefox to be your default browser
    • Click No  –  if you generally use a different browser such as IE

 If you have questions about this upgrade, please contact the Technology Support Center at (570) 941-4357 or techsupport@scranton.edu.

 


Comments : Leave a Comment »
Tags: , ,
Categories : Announcements

Angel Back up and Running

18 10 2011

Angel appears to the up and functional. Thanks to the staff for the upgrade and early finish. If anyone runs into any problems after this update, please let us know asap!

Good luck with your grade submissions!


Comments : Leave a Comment »
Tags:
Categories : Announcements

CNAC Reauthentication

6 01 2011

On January 12th, and regularly on the second Wednesday of every month, IT Services is going to require all faculty and staff to enter their username and password (as you would if you were to log on to my.scranton) in order to get internet access. This allows IT to ensure that your computer has the most up to date security software and protection.

On January 6th, faculty and staff received the following e-mail from IT Services:

As part of Information Resources’ continuing effort to enhance our services and increase our information security posture, the Cisco Network Access Control (CNAC) will require individuals to re-authenticate to gain network access on a monthly basis.

On Wednesday, January 12th all end-users should expect to enter their University username and password into the CNAC agent before gaining access to any network resources. This process will allow us to continually assess the validity and health of our computing environment. The CNAC re-authentication process will routinely occur on the second Wednesday of each month.

Thank you for your patience and understanding as we implement these changes. If you have any questions or concerns, please contact the Technology Support Center at 570-941-HELP or at techsupport@scranton.edu

Click here for more information on CNAC authentication.

Click here for a detailed discussion of the new CNAC security procedures.


Comments : Leave a Comment »
Tags: , , , , , ,
Categories : Network and Infrastructure, Security

CNAC Deployment Feedback?

8 10 2010

The Library was the last building on the CNAC Deployment schedule – and we’re hitting a few rough spots today after this morning’s rollout.  How did the deployment go for everyone else? Any issues that the TSC hasn’t been able to resolve?


Comments : 3 Comments »
Tags: , , ,
Categories : Network and Infrastructure, Security, Upgrades

Software updates and access control (and a tutorial on the network structure of the University)

2 09 2010

MAJOR EDITS 9:35PM, 09-02-2010

Jim Franceschelli posted an update to the university community regarding the newest round of updates that will be coming to campus computers from Information Resources (IR; website). Here is a brief summary of how this will affect faculty and staff at the university.

0) This is the first apparent step (from the faculty point of view) of the more virtualized, transparent interaction between faculty machines and the campus network. While it may not appear so from our point of view, it makes the organization much cleaner on the server-side, i.e., the network administration becomes simpler and less complex, compartmentalizing the network by user type. This is coming right off the heels of a major network rebuild by IR, which means fewer network down times, and shorter network outages (which is a very good thing).

1) Previously, faculty computers did not need to “authenticate” to get access to the university network. This means that any computer plugged into a wall port that was designed for faculty use was allowed full access to the faculty network. This was then controlled on a port-by-port basis: Any computer plugged into the port in your office was connected to the faculty network, regardless of who the computer actually belonged to. And, if you plugged your computer into a port normally relegated for student use, you were relegated to the student network space, which left you unable to access certain network resources (departmental printers, for example). With the recent upgrades to the campus network, each network port now has the ability to be assigned to any virtual network. This means that, when you plug in your computer, you can be assigned to any of the on-campus networks (wireless, student, faculty, staff, dining services, etc., all have their own designated “network space”). Thus, instead of making the decision as to what network you belong to based on where you are connecting your computer, the decision as to what network you belong to is based on who you are and what community you are a part of (e.g., administration, faculty, dining services, etc.). So… where does this new update fit into the whole scheme?

2) The key in the previous point is that your digital identity is now the factor in deciding what network resources you have access to. Over and above that, for security purposes, IR would really like to allow you access to those resources, making sure that you are the one using it, not someone else who has somehow managed to get onto your computer. At the present time, there is no additional level of authentication, i.e., anyone using your computer looks like you. The first and foremost reason for requiring you to install Cisco Network Admission Control is to make sure that the only person accessing your network resources is you. Thus, this piece of software will require you to log in with your my.scranton username and password (which no one else other than you knows anyway, right?). But what about this “up to date packages” part of it all? Well…

3) As we said, this is the first apparent step in the upgrade of our campus network. With the installation of Cisco Network Admission Control, not only does it allow you to authenticate* to the network, this software has some additional advantages over a simple password-only based authentication. Cisco Network Admission Control, when running, has the ability to look at your critical software components (e.g., windows system files, web-browser updates, critical system patches, etc.) and make sure that no identified security vulnerabilities are present. This is not currently implemented into the installation configuration. It will be implemented in the near future (there is a possibility for an October timeline, but this is still in flux), with the added benefit of eventually prompting and directing you through the install of these critical software updates (eventually even doing so automatically) and patches to make sure your computer is safe, protected, and able to get onto the internet.** So where do you fit into the picture?

4) In order to implement this level of security, you will need to have Cisco Network Admission Control installed on your computer. Starting on 09/08/2010 in the first and second floor, west wing of St. Thomas (and following the schedule posted here), IR will be converting the behind-the-scenes infrastructure such that you will not be able to log on to the campus network without Cisco Network Admission Control installed! Once they have implemented this change, your internet browser will alert you of the required software and will (painlessly) step you through the installation procedure to install Cisco Network Admission Control on your machine. You will then be able to log in with your my.scranton username and password*** and continue to access the campus network and the world wide web at your leisure! So… what comes next?

5) As the behind-the-scenes updates from IR progress, you will be periodically required to re-authenticate to the network. This will simply provide some additional security, and allow Cisco Network Admission Control to periodically make sure everything is still A-OK on your computer, look for any flaws or critical system components that have been compromised or are in need of updating, and, eventually, even perform those updates for you! This exciting feature is coming soon to a computer near you!

Please see the below post e-mailed to the faculty today. If you have any questions or comments, please post them below. You can also join the discussion at tag-discussion@royallists.scranton.edu (see this post for instructions on how to sign up!).

* By “authenticate”, I mean “be recognized by”. This is just like showing an ID badge, swiping your Royal Card, or typing in your password at an online shopping site. You are proving your authenticity to the program, and it is allowing you access to whatever resources you are requesting, provided you have met all of its criteria.

** The extra time spent installing the updates is far shorter than the time it takes to fix your computer if it becomes infected with a virus. Currently, it takes nearly 3 full days of analysis whenever a computer is infected by a virus to make sure that no restricted information was passed to an outside source. This is a much more detailed and rigorous process than most are aware of, stemming from federal regulations regarding privacy laws. Hopefully we can post something about this is a future blog entry.

*** The login information for your computer will not change! Thus, your preferred username and password needed to start windows will not change. This will only affect your ability to access network resources (i.e., software not directly installed on your machine).

To All University of Scranton Faculty and Staff:

The University of Scranton provides our campus community with a robust environment consisting of over 2,000 desktop and laptop machines. Managing and ensuring the security of these machines has become increasingly challenging. In order to improve our services to you and increase our information security posture, we will be making changes to the way that desktop systems look and how they operate. Upcoming changes include a move to Internet Explorer 8.0 for using services found @scranton.edu sites, use of Firefox as the default internet browser, automation of additional third party application updates, a change in our anti-virus protection, and the deployment of Windows 7.

The next change that you will experience starting on September 7th is the deployment of the Cisco Network Access Control (CNAC) system for all computers connecting to the University network. This system will require end-users to go through a process similar to the one currently used to connect to the wireless network (RoyalAir); meaning that you will be required to authenticate — enter your username and password — before gaining access to the network. The CNAC system will help us to validate that only individuals who should have access to our network resources will have access and, eventually, will help us to monitor the “health” (up-to-date patches, operating systems, etc) of the desktops that are connecting to our network. Collectively, this will insure a more robust and secure electronic working environment for all of us.

The implementation of CNAC will begin on September 7th and is expected to take 30 days for campus wide implementation. The implementation will occur in small network segments that are grouped by building and by floor. Network changes will be made overnight and users of the segment will notice the change the following morning. To assist end-users, information about the planned schedule for deployment can be found at www.scranton.edu/CNAC-Deployment . IT Services staff will be available and located in each of the affected areas as we work our way across campus.

We appreciate your patience and understanding as we continue to improve. If you have any questions or concerns, please contact the Technology Support Center at 941-Help or at Techsupport@scranton.edu

Special thanks to Jim Franceschelli and Tony Maszeroski for their help in writing and correcting the above tutorial.


Comments : 9 Comments »
Tags: , , , , , ,
Categories : Network and Infrastructure, Security, Technology Training, Tutorials, Upgrades