Software updates and access control (and a tutorial on the network structure of the University)

2 09 2010

MAJOR EDITS 9:35PM, 09-02-2010

Jim Franceschelli posted an update to the university community regarding the newest round of updates that will be coming to campus computers from Information Resources (IR; website). Here is a brief summary of how this will affect faculty and staff at the university.

0) This is the first apparent step (from the faculty point of view) of the more virtualized, transparent interaction between faculty machines and the campus network. While it may not appear so from our point of view, it makes the organization much cleaner on the server-side, i.e., the network administration becomes simpler and less complex, compartmentalizing the network by user type. This is coming right off the heels of a major network rebuild by IR, which means fewer network down times, and shorter network outages (which is a very good thing).

1) Previously, faculty computers did not need to “authenticate” to get access to the university network. This means that any computer plugged into a wall port that was designed for faculty use was allowed full access to the faculty network. This was then controlled on a port-by-port basis: Any computer plugged into the port in your office was connected to the faculty network, regardless of who the computer actually belonged to. And, if you plugged your computer into a port normally relegated for student use, you were relegated to the student network space, which left you unable to access certain network resources (departmental printers, for example). With the recent upgrades to the campus network, each network port now has the ability to be assigned to any virtual network. This means that, when you plug in your computer, you can be assigned to any of the on-campus networks (wireless, student, faculty, staff, dining services, etc., all have their own designated “network space”). Thus, instead of making the decision as to what network you belong to based on where you are connecting your computer, the decision as to what network you belong to is based on who you are and what community you are a part of (e.g., administration, faculty, dining services, etc.). So… where does this new update fit into the whole scheme?

2) The key in the previous point is that your digital identity is now the factor in deciding what network resources you have access to. Over and above that, for security purposes, IR would really like to allow you access to those resources, making sure that you are the one using it, not someone else who has somehow managed to get onto your computer. At the present time, there is no additional level of authentication, i.e., anyone using your computer looks like you. The first and foremost reason for requiring you to install Cisco Network Admission Control is to make sure that the only person accessing your network resources is you. Thus, this piece of software will require you to log in with your my.scranton username and password (which no one else other than you knows anyway, right?). But what about this “up to date packages” part of it all? Well…

3) As we said, this is the first apparent step in the upgrade of our campus network. With the installation of Cisco Network Admission Control, not only does it allow you to authenticate* to the network, this software has some additional advantages over a simple password-only based authentication. Cisco Network Admission Control, when running, has the ability to look at your critical software components (e.g., windows system files, web-browser updates, critical system patches, etc.) and make sure that no identified security vulnerabilities are present. This is not currently implemented into the installation configuration. It will be implemented in the near future (there is a possibility for an October timeline, but this is still in flux), with the added benefit of eventually prompting and directing you through the install of these critical software updates (eventually even doing so automatically) and patches to make sure your computer is safe, protected, and able to get onto the internet.** So where do you fit into the picture?

4) In order to implement this level of security, you will need to have Cisco Network Admission Control installed on your computer. Starting on 09/08/2010 in the first and second floor, west wing of St. Thomas (and following the schedule posted here), IR will be converting the behind-the-scenes infrastructure such that you will not be able to log on to the campus network without Cisco Network Admission Control installed! Once they have implemented this change, your internet browser will alert you of the required software and will (painlessly) step you through the installation procedure to install Cisco Network Admission Control on your machine. You will then be able to log in with your my.scranton username and password*** and continue to access the campus network and the world wide web at your leisure! So… what comes next?

5) As the behind-the-scenes updates from IR progress, you will be periodically required to re-authenticate to the network. This will simply provide some additional security, and allow Cisco Network Admission Control to periodically make sure everything is still A-OK on your computer, look for any flaws or critical system components that have been compromised or are in need of updating, and, eventually, even perform those updates for you! This exciting feature is coming soon to a computer near you!

Please see the below post e-mailed to the faculty today. If you have any questions or comments, please post them below. You can also join the discussion at tag-discussion@royallists.scranton.edu (see this post for instructions on how to sign up!).

* By “authenticate”, I mean “be recognized by”. This is just like showing an ID badge, swiping your Royal Card, or typing in your password at an online shopping site. You are proving your authenticity to the program, and it is allowing you access to whatever resources you are requesting, provided you have met all of its criteria.

** The extra time spent installing the updates is far shorter than the time it takes to fix your computer if it becomes infected with a virus. Currently, it takes nearly 3 full days of analysis whenever a computer is infected by a virus to make sure that no restricted information was passed to an outside source. This is a much more detailed and rigorous process than most are aware of, stemming from federal regulations regarding privacy laws. Hopefully we can post something about this is a future blog entry.

*** The login information for your computer will not change! Thus, your preferred username and password needed to start windows will not change. This will only affect your ability to access network resources (i.e., software not directly installed on your machine).

To All University of Scranton Faculty and Staff:

The University of Scranton provides our campus community with a robust environment consisting of over 2,000 desktop and laptop machines. Managing and ensuring the security of these machines has become increasingly challenging. In order to improve our services to you and increase our information security posture, we will be making changes to the way that desktop systems look and how they operate. Upcoming changes include a move to Internet Explorer 8.0 for using services found @scranton.edu sites, use of Firefox as the default internet browser, automation of additional third party application updates, a change in our anti-virus protection, and the deployment of Windows 7.

The next change that you will experience starting on September 7th is the deployment of the Cisco Network Access Control (CNAC) system for all computers connecting to the University network. This system will require end-users to go through a process similar to the one currently used to connect to the wireless network (RoyalAir); meaning that you will be required to authenticate — enter your username and password — before gaining access to the network. The CNAC system will help us to validate that only individuals who should have access to our network resources will have access and, eventually, will help us to monitor the “health” (up-to-date patches, operating systems, etc) of the desktops that are connecting to our network. Collectively, this will insure a more robust and secure electronic working environment for all of us.

The implementation of CNAC will begin on September 7th and is expected to take 30 days for campus wide implementation. The implementation will occur in small network segments that are grouped by building and by floor. Network changes will be made overnight and users of the segment will notice the change the following morning. To assist end-users, information about the planned schedule for deployment can be found at www.scranton.edu/CNAC-Deployment . IT Services staff will be available and located in each of the affected areas as we work our way across campus.

We appreciate your patience and understanding as we continue to improve. If you have any questions or concerns, please contact the Technology Support Center at 941-Help or at Techsupport@scranton.edu

Special thanks to Jim Franceschelli and Tony Maszeroski for their help in writing and correcting the above tutorial.


Comments : 9 Comments »
Tags: , , , , , ,
Categories : Network and Infrastructure, Security, Technology Training, Tutorials, Upgrades

IRAC on Hiatus

1 09 2010

TAG just got word that the Information Resources Advisory Committee (IRAC) will be on hiatus this semester, as IR evaluates feedback from committee members and other campus leaders about the best way to engage with the campus as a whole.

From a TAG perspective, this looks like an opportunity for the faculty to think about how technology decisions should be made at the University – that is, how faculty, staff, and students can all work with IR to get the support we need for teaching, learning, and other our University activities.  If you have thoughts on this, please feel free to post below.


Comments : Leave a Comment »
Tags: ,
Categories : TAG Administrative

2010 Faculty Questionnaire

31 08 2010

TAG is running a survey of all faculty on campus this week, with a goal of figuring out the best way to communicate with faculty about their technology needs.  If you’re a UofS faculty member, please check your email for the survey link!  We’ll be posting the survey results here and discussing them in our next meeting.


Comments : 3 Comments »
Tags: ,
Categories : TAG Administrative

IT Forum on Mobile Devices

30 08 2010

IR is hosting an IT Forum on mobile devices next month… here’s the ad:

Would you like to know more about using and getting support for mobile devices?

Come to the IT Forum on September 21st from 11:30 am to 1:00pm in BRN 509 and learn about purchasing, configuring and getting support for some of the latest Droids and the iPad.

Presentation by
Diane M.  Jachimowicz, Senior Technology Services Analyst and
Kathy Boock, Customer Support Specialist

Lunch will be served and there will be prizes!! All members of our community are encouraged to attend. Registration is required by September 17th, by emailing  ITServices@scranton.edu.

 

—-UPDATE: Slides for the Forum are here (.ppsx).


Comments : Leave a Comment »
Tags: ,
Categories : Mobile, Technology Training

Campus Network Outage

24 08 2010

Some of the on-campus network seems to be down.  matrix.scranton.edu is accessible, but royaldrive and my.scranton.edu are not.  This is affecting the authentication system as well, so logging on to the computers with your scranton ID my not be possible.  Access to off-campus websites is unaffected.  I have been told that the Help Desk is aware of this situation, but no further information is available at this time.  Anyone with additional info, please pass it along.

UPDATE 1:00PM : Everything seems to be back working.  royaldrive, e-mail, and my.scranton all seem to be accessible.


Comments : Leave a Comment »
Tags: , , ,
Categories : Network and Infrastructure, Outages, Royal Drive

Situational Awareness and IT Security

24 08 2010

Starting August 18th, as part of an attitude to promote situational awareness to security issues on campus, all owners of any resources which “expose services to the Internet through the campus perimeter firewall” are now receiving daily reports from IR.  These daily reports show any suspicious activity that has been directed at these resources which have been identified by the Intrusion Prevention System.

If anyone has any questions, suggestions, comments, or requests for new security services that you would like to see offered, you can e-mail them to security@scranton.edu .


Comments : Leave a Comment »
Tags: , ,
Categories : Security

Computer Training

23 08 2010

Just a reminder that Library systems specialist Vince Yanusauskas provides basic computer training workshops for University faculty and staff.  He’s just posted his September schedule, which includes workshops on Oracle Calendar, Excel 2007, Word 2007, and Royal Drive 7.0.


Comments : Leave a Comment »
Tags: , , , ,
Categories : Royal Drive, Technology Training

TAG Discussion List

23 08 2010

One of TAG’s goals is to facilitate discussions about technology issues on campus, particularly as they relate to teaching and research.  TAG-Discussion is an email listserv where faculty can share questions, solutions, concerns, and suggestions about technology on campus.

While TAG-Discussion focuses on faculty use of technology, the list is open subscription, so anyone in the University community is welcome to join.

If you’d like to subscribe, go to royallists.scranton.edu and log in with your Scranton account information.

Under “Mail List Categories,” click “Faculty”, then “tag-discussion@royallists.scranton.edu”.  On the left side, under “List Operations”, click “Subscribe”, then OK on the dialog box.  Note that you can also set the list to deliver one email per day as a digest, rather than receiving each email individually.  To set that up, click on “Subscription Options” and select “digest plain text format” in the top drop down menu.

To post to the list, just send an email to tag-discussion@royallists.scranton.edu. Your post will be distributed to the list after it is approved by the list moderator (currently, Kristen).  The discussion list is moderated to prevent spam or off-topic messages from clogging inboxes.

You can unsubscribe at any time by navigating back to royallists.scranton.edu, logging in, clicking on that list from the link on the left, and clicking on “Unsubscribe” from the list options.


Comments : 4 Comments »
Tags: ,
Categories : TAG Administrative, TAG-Discussion List

Meeting Summary 8/19

19 08 2010

TAG met for the first time today and had a very productive meeting.  Our main questions for discussion were the following:

  • How do we set up lines of communication between the faculty and IR?
  • How do we communicate with and solicit feedback from the faculty as a whole?
  • How should we communicate within TAG?

And here’s what came up in discussion…

  • IT Services has been focusing on pushing announcements through the my.scranton portal (and then as secondary outlets, Bboard, mass emails to faculty).  Most committee members agreed that neither my.scranton portal nor Bboard were used frequently by faculty members.  We discussed the bureaucratic limitations on mass email to faculty.  One possible outlet for faculty communication could be a RoyalList specifically for discussion of tech issues.
  • We noted that there’s an age/ability divide among faculty on campus.  Some might still want paper notices, and only about major IT outages, while others want to know every detail and want that information through Facebook/Twitter/other social media.  How do we filter what’s relevant to faculty members and put it into terms they can understand?
  • IR often has to make decisions based on meeting the needs of the majority of campus users, sometimes at the cost of convenience to a minority of users (e.g., less support for Macs on campus since fewer people use Macs).  Often unified solutions that work campus-wide may not meet specific individual needs.
  • Compromises often have to be made, since resources are limited.  How do we explain these compromises to faculty? We can say “No” when we need to, but it should be phrased as “No, but here’s why not.”
  • Faculty often feel like they don’t have input in IR decisions.  Many times there is faculty representation on a product/project committee, but other faculty don’t know about it and feel their voice isn’t being heard.
  • Regarding the role of TAG – the group could serve as guinea pigs for testing out new classroom technologies.  We should also be keeping eyes/ears open for other faculty who are already doing this, and make sure we link to their presentations, notes, or syllabi to help other faculty learn from them.

And here’s what we decided on as next steps…

  • Set up RoyalLists for TAG-Members and TAG-Discussion, and invite any tech-interested faculty to join TAG-Discussion
  • Create a New Technologies tab on the TAG website to start sharing information about which faculty are using new technologies in the classroom
  • Invite 1st year faculty to join TAG-Discussion and give TAG feedback on the technology aspects of their transition
  • Survey FT and PT faculty on how they’d like to receive IT updates (and why)
  • Meet again after the survey results have been received and compiled

Comments : Leave a Comment »
Tags: ,
Categories : TAG Administrative

Faculty/Staff Directory

18 08 2010

Human Resources, IR, and PR released a joint announcement today (on paper, through campus mail) about the Faculty/Staff Directory.  Since the directory is available online, this is the last year that a print directory will be available.

If you need to update your contact information in the directory, you can do so through my.scranton – just go to: University Links > Faculty/Staff (under Directories/Offices) > Update Your Directory Information.


Comments : Leave a Comment »
Tags:
Categories : Announcements

« Previous Entries Next Entries »