IT Matters Fall 2010 Issue

16 09 2010

The new issue of IR’s IT Matters newsletter is available in PDF format.

Many of the articles deal with issues we’ve already been discussing here on the TAG site, but there are a few important items relevant to faculty.  Some quick highlights (take a look at the newsletter for more details) —

General:

  • Big news for Mac users — the U is now an Authorized Apple Service Center!  Glen Pace is our first Apple Certified Macintosh Technician.  The Laptop Support Center can now service University-owned faculty and staff Macs.
  • During the summer, over 58 faculty/staff computers were quarantined due to infections.  Make sure you’re browsing safely and that you’re backing up your files!
  • New antivirus software is on the way – Microsoft Forefront Client Security has been chosen as the replacement for McAfee.
  • Windows 7 deployment is in the works.
  • There’s a reminder about the new network authentication (aka CNAC deployment) that will be taking place.  See Jeremy’s post on this for all the details.
  • Files stored on Royal Drive are now encrypted so they’re more secure – but this is a back end change. As a user you won’t notice anything different.
  • We’ll soon be upgrading Royal Drive to a new Xythos server (before the end of fall semester).
  • You can use a tool called KeePass in Royal Drive to securely store a list of usernames and passwords.  Find a PDF of instructions here.
  • The Project Tracking system will slowly be streamlined with the use of Numara’s Change Management software.
  • IR is encouraging the campus to use Firefox instead of IE, except for accessing University systems.

Classroom Mediation:

  • OIT is slowly updating classroom technology.  Hyland 305, Leahy 1011, McGurrin 302, St. Thomas 209, and St. Thomas 563A were done over the summer.  You’ll notice a new control panel (that you can use to freeze images and mute sound).  You might also notice that any video you’re displaying from your laptop, smartphone, or iPad will be automatically formatted to accommodate the projector’s resolution.

Computer Labs:

  • OpenOffice is now on lab computers (along with Microsoft Office 2007).
  • Lab machines are now equipped with Deep Freeze, a program that restores the machine to a “fresh state” each time it’s rebooted.  Several labs got new equipment over the summer.
  • In addition to the standard software found in all computer labs, KSOM lab computers have the following software:  Eviews 7, Maple 14, MATLAB R2010, MS Office Pro, Minitab, MPL, MyITLab, Crystal Ball, Oracle SQL Plus, Peachtree Complete Accounting 2010, ProSeries 2009, Research Insight, SAP, PASW 18.0, Visual Studio, XLMiner, EconoMagic, Weka2, WireShark, and FrontPage.

Comments : Leave a Comment »
Tags: , , , , , , , , , , , , , ,
Categories : Royal Drive, Security, Upgrades

Phishing Scam

3 09 2010

Heads up, y’all. If you get a weird looking email from “The University of ScrantonScranton,” don’t click on the link – just delete it. This is a phishing scam.  IR posted a notice about it on my.scranton last night:

There has been a fake phishing email sent to an unknown number of Scranton.edu email addresses. It is from webmasterr@scranton.edu and says the following: “Dear Web mail User, Due to congestion in all The University of Scranton!webmail users accounts,The University of Scranton!would be shutting down some webmail account.In order to avoid the deactivation of your webmail account,you will have to confirm that is a present use account by clicking the secure Link Below.The personal information requested is for the safety of your account. Please leave all information requested.. Please leave all information requested.” Please, if you receive this email, do not click on the link and enter your personal information. This email is not from the University and we would never request your personal information via an email.

——————————-

Update 9/7: This phishing episode sparked a bit of discussion about the timeliness of communication about significant technology issues.  Here’s what we’ve worked out as a timeline for the incident (thanks to Jim and Jeremy for hashing out the details):

  • Thursday evening: First phishing emails were received, and the TSC received numerous reports. The TSC notified the security manager, who blocked access to the phishing web site from the U’s network (though this wouldn’t prevent faculty/staff from getting there from their home ISP).  The TSC put a notice in the my.scranton portal around 6:30pm.
  • Friday morning: The TSC posted a note to Bboard.  TAG posted the notice to our site here (thanks to Jim for the heads up about it).
  • Friday noon: The Provost emailed all faculty about the phishing attempt.
  • Throughout the day on Friday, the TSC responded to several calls about the email.  Sometime on Friday, the security manager contacted the host site and had the malicious site taken off line.

So it seems that from the IR side, everything went as planned — the information security manager was involved right away, notices were posted right away, etc.  However, anecdotally, it doesn’t seem like faculty or staff picked up on the alerts (especially the my.scranton notices) right away.  Most people didn’t seem to know about the scam until they got an email about it.


Comments : 1 Comment »
Tags: , , ,
Categories : Security

IE 8 Deployment

2 09 2010

It’s a big day for IR announcements. This just came out over Bboard:

All staff and faculty using Windows XP are encouraged to visit the IT Services Installation channel in the Employee tab of the my.scranton portal to install Internet Explorer 8 (IE8). The IE8 installation package will update existing installations of Internet Explorer 6 and 7 to Internet Explorer 8 and will install the KACE KBOX agent. In an effort to better secure University desktops from malware infections, it is critical to install and maintain the KACE KBOX agent on all University owned computers. IT Services will continue to deploy third party patches to all office systems using the KACE KBOX systems management appliance.

Please be advised that because the KACE KBOX agent is included in the IE8 installation package, this package is intended for installation on University owned PCs only.

Before you begin the installation, please save your work and close all other programs.

Questions and concerns about the Internet Explorer 8 installation should be directed to the Technology Support Center at x4357.

Note: To complete the installation of IE8, you’ll have to restart your computer. Make sure you have everything saved!


Comments : Leave a Comment »
Tags: , ,
Categories : Security, Upgrades

Software updates and access control (and a tutorial on the network structure of the University)

2 09 2010

MAJOR EDITS 9:35PM, 09-02-2010

Jim Franceschelli posted an update to the university community regarding the newest round of updates that will be coming to campus computers from Information Resources (IR; website). Here is a brief summary of how this will affect faculty and staff at the university.

0) This is the first apparent step (from the faculty point of view) of the more virtualized, transparent interaction between faculty machines and the campus network. While it may not appear so from our point of view, it makes the organization much cleaner on the server-side, i.e., the network administration becomes simpler and less complex, compartmentalizing the network by user type. This is coming right off the heels of a major network rebuild by IR, which means fewer network down times, and shorter network outages (which is a very good thing).

1) Previously, faculty computers did not need to “authenticate” to get access to the university network. This means that any computer plugged into a wall port that was designed for faculty use was allowed full access to the faculty network. This was then controlled on a port-by-port basis: Any computer plugged into the port in your office was connected to the faculty network, regardless of who the computer actually belonged to. And, if you plugged your computer into a port normally relegated for student use, you were relegated to the student network space, which left you unable to access certain network resources (departmental printers, for example). With the recent upgrades to the campus network, each network port now has the ability to be assigned to any virtual network. This means that, when you plug in your computer, you can be assigned to any of the on-campus networks (wireless, student, faculty, staff, dining services, etc., all have their own designated “network space”). Thus, instead of making the decision as to what network you belong to based on where you are connecting your computer, the decision as to what network you belong to is based on who you are and what community you are a part of (e.g., administration, faculty, dining services, etc.). So… where does this new update fit into the whole scheme?

2) The key in the previous point is that your digital identity is now the factor in deciding what network resources you have access to. Over and above that, for security purposes, IR would really like to allow you access to those resources, making sure that you are the one using it, not someone else who has somehow managed to get onto your computer. At the present time, there is no additional level of authentication, i.e., anyone using your computer looks like you. The first and foremost reason for requiring you to install Cisco Network Admission Control is to make sure that the only person accessing your network resources is you. Thus, this piece of software will require you to log in with your my.scranton username and password (which no one else other than you knows anyway, right?). But what about this “up to date packages” part of it all? Well…

3) As we said, this is the first apparent step in the upgrade of our campus network. With the installation of Cisco Network Admission Control, not only does it allow you to authenticate* to the network, this software has some additional advantages over a simple password-only based authentication. Cisco Network Admission Control, when running, has the ability to look at your critical software components (e.g., windows system files, web-browser updates, critical system patches, etc.) and make sure that no identified security vulnerabilities are present. This is not currently implemented into the installation configuration. It will be implemented in the near future (there is a possibility for an October timeline, but this is still in flux), with the added benefit of eventually prompting and directing you through the install of these critical software updates (eventually even doing so automatically) and patches to make sure your computer is safe, protected, and able to get onto the internet.** So where do you fit into the picture?

4) In order to implement this level of security, you will need to have Cisco Network Admission Control installed on your computer. Starting on 09/08/2010 in the first and second floor, west wing of St. Thomas (and following the schedule posted here), IR will be converting the behind-the-scenes infrastructure such that you will not be able to log on to the campus network without Cisco Network Admission Control installed! Once they have implemented this change, your internet browser will alert you of the required software and will (painlessly) step you through the installation procedure to install Cisco Network Admission Control on your machine. You will then be able to log in with your my.scranton username and password*** and continue to access the campus network and the world wide web at your leisure! So… what comes next?

5) As the behind-the-scenes updates from IR progress, you will be periodically required to re-authenticate to the network. This will simply provide some additional security, and allow Cisco Network Admission Control to periodically make sure everything is still A-OK on your computer, look for any flaws or critical system components that have been compromised or are in need of updating, and, eventually, even perform those updates for you! This exciting feature is coming soon to a computer near you!

Please see the below post e-mailed to the faculty today. If you have any questions or comments, please post them below. You can also join the discussion at tag-discussion@royallists.scranton.edu (see this post for instructions on how to sign up!).

* By “authenticate”, I mean “be recognized by”. This is just like showing an ID badge, swiping your Royal Card, or typing in your password at an online shopping site. You are proving your authenticity to the program, and it is allowing you access to whatever resources you are requesting, provided you have met all of its criteria.

** The extra time spent installing the updates is far shorter than the time it takes to fix your computer if it becomes infected with a virus. Currently, it takes nearly 3 full days of analysis whenever a computer is infected by a virus to make sure that no restricted information was passed to an outside source. This is a much more detailed and rigorous process than most are aware of, stemming from federal regulations regarding privacy laws. Hopefully we can post something about this is a future blog entry.

*** The login information for your computer will not change! Thus, your preferred username and password needed to start windows will not change. This will only affect your ability to access network resources (i.e., software not directly installed on your machine).

To All University of Scranton Faculty and Staff:

The University of Scranton provides our campus community with a robust environment consisting of over 2,000 desktop and laptop machines. Managing and ensuring the security of these machines has become increasingly challenging. In order to improve our services to you and increase our information security posture, we will be making changes to the way that desktop systems look and how they operate. Upcoming changes include a move to Internet Explorer 8.0 for using services found @scranton.edu sites, use of Firefox as the default internet browser, automation of additional third party application updates, a change in our anti-virus protection, and the deployment of Windows 7.

The next change that you will experience starting on September 7th is the deployment of the Cisco Network Access Control (CNAC) system for all computers connecting to the University network. This system will require end-users to go through a process similar to the one currently used to connect to the wireless network (RoyalAir); meaning that you will be required to authenticate — enter your username and password — before gaining access to the network. The CNAC system will help us to validate that only individuals who should have access to our network resources will have access and, eventually, will help us to monitor the “health” (up-to-date patches, operating systems, etc) of the desktops that are connecting to our network. Collectively, this will insure a more robust and secure electronic working environment for all of us.

The implementation of CNAC will begin on September 7th and is expected to take 30 days for campus wide implementation. The implementation will occur in small network segments that are grouped by building and by floor. Network changes will be made overnight and users of the segment will notice the change the following morning. To assist end-users, information about the planned schedule for deployment can be found at www.scranton.edu/CNAC-Deployment . IT Services staff will be available and located in each of the affected areas as we work our way across campus.

We appreciate your patience and understanding as we continue to improve. If you have any questions or concerns, please contact the Technology Support Center at 941-Help or at Techsupport@scranton.edu

Special thanks to Jim Franceschelli and Tony Maszeroski for their help in writing and correcting the above tutorial.


Comments : 9 Comments »
Tags: , , , , , ,
Categories : Network and Infrastructure, Security, Technology Training, Tutorials, Upgrades

Situational Awareness and IT Security

24 08 2010

Starting August 18th, as part of an attitude to promote situational awareness to security issues on campus, all owners of any resources which “expose services to the Internet through the campus perimeter firewall” are now receiving daily reports from IR.  These daily reports show any suspicious activity that has been directed at these resources which have been identified by the Intrusion Prevention System.

If anyone has any questions, suggestions, comments, or requests for new security services that you would like to see offered, you can e-mail them to security@scranton.edu .


Comments : Leave a Comment »
Tags: , ,
Categories : Security

Security updates on their way

11 08 2010

A new update from IT Services regarding the desktop security issues we’ve had this summer:

IT Services has experienced a large increase in the number of desktops becoming infected through casual web browsing and internet use. In order to limit exposure, computers that are infected must be immediately removed from the campus network. These recent malware infections require extensive work in cleaning and restoring the systems and have left many users without their computers for an extended period of time. IT Services has been working on improving the remediation process, however patching individual PC’s is necessary to limit the infection rate. In an effort to enhance desktop security and performance, IT Services will begin deploying third party patches to all office systems on August 10, 2010. Initial updates will include Adobe Reader, Adobe Flash, Adobe Shockwave and Java. These applications will be pushed out to office systems using the KACE KBOX service. Users will observe the installation prompt (light blue box with “University of Scranton” in the title bar) and it is critical that all users follow the prompts and install the third party updates.

IT Services will also provide the distribution of Internet Explorer 8.0 through the My.Scranton portal later this week. Watch for additional announcements in My.Scranton and on bboard.

If you have any questions or problem with the third party updates, please contact the TSC at extension 4357.


Comments : Leave a Comment »
Tags: ,
Categories : Security

Desktop security alert

9 08 2010

IR has put out a warning to all faculty about an increase in desktop computer infections this month —

During the summer months we have seen an increase in the number of computer desktops becoming infected on a daily basis. In order to limit exposure, computers that are infected must be immediately removed from the campus network until they can be remediated by a staff member of the Information Technology Services department. Depending upon the severity and nature of the infection, it may take one to two weeks to fully clean your computer and get it back to you. In preparation for the start of the fall semester, here are some things that you can do to help prevent an infection on your desktop and to protect your information.

  • Do not store personally identifiable information (social security numbers, financial account numbers) on your desktop – in documents, spreadsheets, or email.
  • Use Royal Drive to store personally identifiable information and any data files that you would need to continue to perform your job on a day-to-day basis if you do not have access to your desktop.
  • Use Internet Explorer for accessing University systems only.
  • Use the Firefox web browser with Adblock Plus for all other web browsing. Avoid the following areas of the Internet while using your University desktop — websites related to gambling, hacking, warez (illegal software), adult content, and social networking. The risk of infection to your system is particularly high from these types of sites.
  • We strongly recommend that computers which are used to perform financial transactions or those known to contain personally identifiable information, such as social security numbers or financial account numbers, not be used for web browsing, instant messaging, or accessing external mail accounts.

We are working to put in place additional measures to protect your desktop over the next few weeks, including automated patching of the most vulnerable applications. In the coming months, we will be deploying other tools to help locate personally identifiable information on desktops and place additional controls on desktops accessing our network. Longer term, we are making plans and requesting resources to provide a layered defense through the use of multiple tools that will help to protect our campus desktops, ensuring our information and your productivity.

If you suspect that your computer has been compromised, contact the Technology Support Center at (941-HELP or techsupport@scranton.edu).  For more information about this and other malware threats, please contact security@scranton.edu

Anecdotally, we’ve had several computers hit here in the Library, and it takes a few days for the computer to make its way back into the Library after being cleaned up by IR.  If you’re not backing up your work, either to Royal Drive, to an external hard drive, or to some other cloud storage service, now would be a good time to start.


Comments : Leave a Comment »
Tags:
Categories : Security

Computer control

21 06 2010

Last week Brian Croxall from Clemson University wrote a post for ProfHacker about faculty needing to have control over their own computer resources.  An excerpt:

Now I have nothing against IT Staff. In my interactions with them at the two schools where I’ve taught, they have been helpful and friendly. But relying on another person to adjust the tools that I need for my research is never efficient, and it suggests that researchers or teachers are not in a position to judge what is best for them. (I’ve been told, for instance, that I could not install specialized software we were using in class on a classroom’s podium computer because it would deviate from the standard software set.) If the computer is the equivalent of laboratory equipment–and for many in the humanities, it is the only “laboratory equipment” we have–then we should have control over its use.

Any thoughts? Is this an issue for you on our campus? Post to the comments.


Comments : Leave a Comment »
Tags: ,
Categories : Announcements, Security

Next Entries »