Category Archives: Security

We used to fish for fish. Now the phish phish for us.

Posted on by

They just keep coming. Innovative phishing scams, appearing to come from a legitimate email address, sometimes from our own domain, asking for us to update our account or login to fix or confirm something right away...or your account will be terminated.

This is social engineering at its best. It's like the snake oil salesmen of old. Wiley miscreants who charm us to act...buy something or, in this era, give something up. Your username and password! This is how they steal your identity. Once they get a little about you, they can find ways to get more.

Never ever ever respond to emails that ask you to give up information about your accounts, usernames, passwords or other personal information. If a legitimate organization wants your attention, they would never ask in an email. If in doubt, ask. DON'T ACT.

There is a sucker born every minute. All these scams need is one in a million to make it worth their while. Don't let it be you.

Technology Update, January 2008

Posted on by

Technology Update
January 2008

Happy Winterim all, this is the semesterly update from ITS. Some of these items are repeats from the fall update, but they’re worth a second look.

Computers, information and accountability:

Where can I get computer help? Walk, run, call or e- yourself to the Learning Commons in Lamson Library. If they can’t help you right away, they know who in ITS to call.

535-2929 ? helpdesk@plymouth.edu

What are my rights to privacy using PSU email? The email system, PSU-issued computers and the network all belong to the University. Within that framework you have a high degree of academic and personal freedom. No one tracks your surfing or email. You do, however, leave tracks everywhere you go. And since 9/11, there have been numerous changes in laws that have reduced the degree of privacy. Still, privacy and personal responsibility remain core PSU values. Please read the PSU Acceptable Use Policy. We are all accountable to it.

Where do I go for help using technology in the classroom? Multimedia support is available through the Learning Commons and/or by seeking Equipment Reservations in myPlymouth (left column, see Services). The Learning Commons is available 7 days a week for your support in any number of ways. Stop in, call 2929 or email them at helpdesk@plymouth.edu. John Martin leads the support team for the classroom, so feel free to drop him a line directly, too.

What do I need to know about computer security? Be skeptical, be cautious, be smart. There are new schemes, alluring pitches and deals too-good-to-be-true every week. Amy Berg, our new Director of IT Operations and Chief Security Officer, has some tips.

Are there times during the week when systems may be unavailable? We plan most of our major upgrades during semester breaks. However, many of the systems need minor updates and tweaks throughout of the year. We strive to minimize those times. Most planned work occurs early on Sunday mornings between 6-10am when traffic and system usage is at a low ebb. If it’s just a few minutes, we hope you’ll understand. If systems are going to be down for extended time (more than a half an hour) we’ll send word out via FYI@plymouth.edu and myPlymouth. We don’t use every Sunday morning, but when we do, that’s our maintenance window. Thanks for understanding.

What is the best way to look up students, faculty and staff? PSU publishes a student and faculty/staff directory each year in October. You should all have one by now. You can also dial 3333 on any campus extension (or 535-3333 from a cell or other phone) and speak an employee’s name. And, if you want the best directory for PSU students, get yourself a FaceBook account and look them up there. In addition to finding out how to locate them, you can find all sorts of interesting factoids and pictures about them. 😉

Where do I get information? For a complete listing of news, campus announcements, Plymouth Week, events, Plymouth Magazine and more, see the myNews tab in myPlymouth.

What if I want campus updates delivered to my email? Public Relations launched a new listserv called FYI@plymouth.edu. This is an OPT IN service, meaning it will only be delivered to your email if you request it. To receive PSU FYI emails, sign up at http://toto.plymouth.edu/mailman/listinfo/fyi.

How does PSU communicate in case of emergencies? PSU has partnered with e2Campus, an online service that students and employees opt into. Those who register will receive urgent or emergency communications as text messages to their cell phones and/or their preferred email address. There is also an option to receive text message alerts in case of school closings and river flooding. PSU encourages everyone who uses a cell phone to register now. Visit the e2Campus site and follow instructions. This service will be used judiciously and for an occasional test, but in the event of an emergency, this is the quickest way to receive broadcast alerts. Emergency information will continue to be posted to email and the PSU web pages.

Which Windows operating system is supported? PSU rolled out Windows Vista on computer labs and many new computers. Students are bringing new computers with Vista to campus. We will continue to support Windows XP, too, for quite a while yet. Support for the Commodore 64, however, has been retired.

May I bring my own laptop to the PSU network? Yes. Like students, PSU employees may log on to the PSU wireless network with an appropriate username and password. They may also plug in to network ports in the library. Your computer needs to be current with Windows security updates and have MacAfee Anti-virus software installed. Personal computers cannot, however, plug in to office ports unless their computers have loaded several more PSU network and security components. This is designed for security and network protection.

How do I get my new iTouch (or Smartphone, or iPhone, or whateverPhone) connected to the PSU network? Take the unit to the Learning Commons in Lamson and smile nicely. They’ll take care of you.

How do I get software loaded onto the computer clusters? Faculty and instructors receive notice every April and December alerting them to submit requests for software to be installed on our network and in computer labs. Because there are so many software applications already loaded, new requests have to be tested for compatibility. If it passes muster, the new software is loaded and made available the following semester.

What technologies should we be paying attention to? Think about trends more than specific technologies. More and more software is made available as web applications. Email is a good example. Microsoft Outlook, an application that resides on your computer, used to reign. Now our email, calendar and documents can all be on the web. This practice is far more prevalent with students arriving at our doors. There is, however, a trade-off in your control and local storage. You're good as long as you’re connected. (Good if you live around Internet connections, not so good if you live in the sticks.) Google Mail is a good example. With Google Mail (a.k.a. Gmail) you do not need your own computer to access your email, only an Internet connection and web browser. Of course, this means change in how we work and organize our files. More of our vendors are going in this direction (see myPlymouth.edu, Banner self service). You can check it out with our new myMail system. If you're already configured to get your email in Outlook, it will work the same. You can also work on the web with the web version of our mail called myMail. This allows your work to follow you wherever you have an Internet browser.

What’s the latest on PSU students and music file sharing? ITS and Res Life have been pressing the issue all semester…do not share copyrighted materials on the PSU network. We’ve warned students of the dangers and let them know if they’re fingered, it’s between to them and the RIAA. PSU received more than 300 notices of copyright infringement associated with specific computers on our network. Those notices are forwarded to the students associated with the computer. First violations result in their need to complete an online tutorial within two days. Failure to do so will result in loss of network privileges for their computer. Subsequent offenses result in longer periods. If students come complaining to you that they can’t get their work done because ITS shut their computer off from the network, help them understand that it is a direct result of their own risky behavior. And it is no excuse, only an inconvenience to them. They can use any other computers to get their work done. It might also be a good opportunity to discuss copyright and ethics, too.

How are decisions about technology made at PSU? The Technology Advisory Committee (TAG, see myPlymouth Groups for documents and agendas the past several years) meets monthly during the academic year. Made up of faculty and staff (and occasionally students), TAG tackles a variety of technology issues that impact students and faculty. It also creates ad hoc groups and reviews policy recommendations. TAG is led by the senior technology officers: The CIO, Dwight Fischer, and the Director of the Library, David Beronä. TAG recommendations on major PSU decisions flow up to the President's Cabinet. In addition to TAG, there is an Executive Steering Committee for Information Systems (ESC). The ESC includes vice presidents, TAG leaders, Graduate Studies and others as needed. ESC has purview over all aspects of information systems, project priorities, data and network security, major system upgrades or replacements, and regulatory compliance.

Where can I ask other questions about computing and technology? Here, drop me a note. If I can answer, I will. If not, I'll find you someone who can.

Best of luck in the new semester. We're here to help.

Dwight Fischer, CIO
Information Technology Services

ext. 2443 dcfischer@plymouth.edu

******************************

Other topics

· Changes in Communications, Changes in Habits

· Green Technology

· Music galore, and Legit!

· How do people respond to an increasingly rapid pace of technology change?

· Top Ten Things You Should Know About Technology at PSU

· myPlymouth Sings

· More…

7 Thinks You Should Know About FaceBook?

E-Books in Higher Education: Nearing the End of the Era of Hype?

Google Earth User Guide

Thanks to YouTube, Professors are Finding New Audiences

Top Ten Things You Should Know About Technology at PSU

Posted on by

What you need to know about computing, network policy and your personal responsibilities:

PSU has a new email and calendar system...myMail. Last year, a decision was made to replace our aging email system. We selected Zimbra, a web-based email system that has all the bells and whistles of common email applications like Google, Hotmail and Yahoo. You can access your email in my.Plymouth.edu, at mail.plymouth.edu. Outlook users access it through the same mail server. You can also use the calendar, address book and write, store and share documents for online collaboration. Try it. Get to know it and make it work for you. (hint: look at Shortcuts in Options to save time!)

PSU recently adopted a new emergency notification system called PSU Alert. that enables the school to send urgent news to your cell phone. Once you sign up for the service, the school can text your cell phone with timely information about emergencies, snow days, floods or other urgent campus communications. This is an OPT IN service. To register, login to myPlymouth and select the PSU Alert in the My Services sidebar. There you will find FAQs and instructions on how to register.

When you connect to the network for the first time this fall, you were required to update your computer's antivirus and operating system software. This enables you to maintain a secure and protected computer, while keeping our network and PSU information systems safe. We take network security seriously, we hope you do to.

Music and movie file sharing has become a risky behavior. It's been free music for years, but now there is far greater risk to you personally. If you are identified, your computer may be disconnected from the PSU network. Worse, you could be levied a hefty fine. Don't do it! Share music responsibly.

Whether you bring your own or use a PSU computer, you are accountable for how you use your computer on the PSU network. You have high degree of academic and privacy, but know that you leave tracks everywhere you go. All of us are accountable to the PSU Acceptable Use Policy for Computing. Check it out and compute responsibly.

Sunday mornings are reserved for network and system maintenance. We strive to keep downtime periods short, and you can receive text alerts in advance through e2Campus if you would like. Otherwise, we post notices to myPlymouth when work is scheduled.

Protect your portable computer! Never leave it unlocked or unattended. Work out security with your roommates so that you're all covered.

Security is everyone's responsibility. You are responsible for keeping your computer updated with Windows and anti-virus protection. You are accountable for use of your username and password, along with what you do on your computer connected to the PSU network.

Need to send large files? There are limits to the size of attachments in PSU email, but you can go to YouSendIt, SendThisFile, or DropSend, all online services that let you send files up to several gigabytes large for free.

We are a green campus, until it comes to printing. There are valid reasons to print papers, reports and other materials. Please understand, however, that PSU spends an extraordinary amount of funds on paper and toner for student printing. If we all print judiciously and avoid printing whenever possible, we'll be saving money and doing our part to conserve resources.

For questions on these topics and anything else, comment below and/or contact the ITS Help Desk at the Lamson Learning Commons: 2929 or helpdesk@plymouth.edu.

Dwight Fischer, ITS

Key Under the Flower Pot

Posted on by

 

One of the most prominent threats to our networks and the sensitive data transmitted comes from legitimate users …us! Strong passwords are the most important cog in our security plan. We have access to many systems and sensitive information to do our jobs. However, many of us have never changed our passwords. For those who have, many use the names of pets, sons and daughters, or other words associated with our lives. Some use the word ‘password’ within their password. And others keep their passwords taped under their keyboard or on a piece of paper in their drawer. That’s like putting a key under the flower pot outside the front door of Fort Knox.

 

While these are all very logical, personal coping mechanisms, these are often the cause of security breaches. Any miscreant intent upon hacking into, say, the student information system, would look up a number of employee names, find their birth dates, scoop some information on immediate family members and pets, and then get down to business. It probably wouldn’t take long to find a match with some of the password cracking tools available. At that point, they might have access to sensitive data, grades, or worse, maybe pilfer private identity information.

 

Responsibility for security rests with all of us. To help alleviate the need for multiple PSU passwords, ITS has developed a single sign-on feature to myPlymouth. With one username and password, you can sign in to Banner, WebCT and many other internal sources of information. In the future, we’ll build more into that single sign on, making your life easier, but requiring us to be ever more vigilant in our methods of password management.

 

The most important thing you can do to heighten our security is to change your password routinely. Every three months is good practice, or at least once a year. Use passwords that include letters and numbers. Avoid names or common words that someone could guess. If you must write them down, avoid writing them next to the associated usernames. Protect them like you would your money and credit cards. Better still, confine them to memory.

And if you do have any keys under the flower pot, lose 'em.

Wireless in Res Halls?

Posted on by

Many students ask about setting up wireless routers in the residence halls. Simply put, the campus housing is too densely populated for personal wireless access to work. It would be convenient, for sure, but there are a number of downsides.

More below. But the bottom line is this: PSU has expanded wireless access to public spaces (Library, HUB, Prospect) and academic buildings. By the end of this year, all common areas in residence halls will be have wireless access to the network.

What we cannot do, at least now, is bring wireless to the living areas. And, because of the inherent problems that are listed below, ITS simply doesn’t have the resources to support students who attempt to set up wireless access points in their rooms. In fact, we prefer that you don’t. Here’s why

Wireless at home vs. wireless in a densely-packed residence hall

Setting up a wireless router at home is easy. In a densely-packed resident hall, it’s something else altogether. There are a number of technical problems that arise when students hook up wireless routers in their residence hall or PSU apartment:

  • Wireless routers are set to a specific channel. If there are two or more wireless signals competing for the same channel, they’ll conflict and render each other useless.
  • Wireless routers are also impacted by some electronic equipment, like microwaves and wireless phones.
  • Unless a wireless router is configured correctly, it will allow others to connect to our network equipment that is not authorized or properly screened for viruses and operating system updates. That creates a network security hole that could negatively impact others on the residential network.

Additionally, the wireless signal provides maybe 1/10th of the capacity of a direct connection to a PSU network port. If multiple students are connecting on a single wireless access point, performance slows to a crawl.

Because of the support required, and the rapid evolution of wireless standards, ITS simply cannot provide support to those who want to install wireless hubs. It is also a security risk that we cannot condone. Consequently, and in light of the points above, we ask that you avoid using wireless hubs in the res halls and student apartments.

ITS Installing Wireless Access Points in Common Areas of Residence Halls

To help accommodate the growing demand from students to connect wirelessly, we are installing wireless access points in common areas of all the residence halls. Just like in the HUB or Lamson, you will be able to connect by logging in to the web page that pops up in your browser.

Meanwhile, if you want a little more latitude nn your room, consider a 15-25’ computer cable. You’ll have a much faster and secure connection. Cables are available for purchase at either the Lamson Learning Commons (front desk) or at the University Computer Store on Merrill St.
We’ll continue to listen to your feedback and grow our network to meet your needs.

Dwight

Security is everyone's business

Posted on by

Security is everyone’s business.

In this era of online information, every one of us who has a responsibility to work student, employee, alumni and donor information has an ethical standard to meet. We must protect that data from those who might want to steal it. We need to establish good software security to ensure that only those who have a legitimate need to see that information can. We need to train people on the latest schemes of digital pick-pocketing.

Here’s the rub. Those of us in the technology field can establish pretty strong security around data and information. The weak link tends to be with individuals. Cases in point.

A student registers for class on a public cluster computer. They forget to log out. Their academic and personal record is there for the next person to see.

A faculty member posts grades to the wall with SSNs matched with grades. The paper is stolen.

A staff person in a student service office travels to a conference. Their laptop computer is stolen. It turns out that laptop has hundreds of reports in Excel pertaining to student financial aid and family incomes.

I don’t need to go on, there are headlines every week about new types of security and information breaches.

But now that you know, it is incumbent upon you to heed the warning. Be smart, do not travel or store private data on anything mobile. You have our peoples’ trust in your hands.

RIAA Means Business: Stop File Sharing

Posted on by

Every semester we provide a warning about sharing music and movie files over the PSU network. This activity is illegal and is being closely scrutinized by the Recording Industry of American (RIAA). They've filed legal action against students in the past and they plan to continue. That aside, file sharing of copyrighted material is wrong and we expect better from PSU students.

For many of you living on campus, the broadband connection for every student is quite a luxury. You have a world of information at your fingertips. But with that broadband comes responsibility.

PSU is an ISP (Internet service provider). You are a user on our network. We do not monitor your network use or where you go. However, if we see a network slowdown, and it points to your computer IP address, and it looks like a lot of file sharing activity, we’ll cut off that port until you stop. We do that because those network traffic jams tie up everyone around you.

You also make yourself vulnerable to the Recording Industry Association of America (RIAA). They look for their copyrighted material getting slung around the Internet. If they see it coming and going from your computer, they can file civil or criminal charges. First they would contact PSU and notify us that someone at a specific IP address is sharing their copyrighted material. We, in turn, must notify you to cease and desist the alleged behavior. If they want to bring charges, and they have, they will go right to you. At that point, you’re on your own.

PSU has an Acceptable Use Policy for computing on our network. It’s worth a read…you’re accountable to it. Please do not use our network to share files illegally or against copyright. Just because you can doesn’t mean you should.

For more information, see www.campusdownloading.com.

Balancing Security, Access & Services

Posted on by

The laws pertaining to networks and data—and those who provide them—are changing rapidly. Graham Leach Blighly. FERPA. HIPPA. BIPPA. (I made that last one up). But you get the point. There are the most common regulatory requirements for establishing security standards. They require PSU to act in a secure and responsible way with our data, the computers and devices that carry data, and the network upon which data travel.

Picture PSU as a virtual place. It's called the plymouth.edu domain. We own that territory, that space in the Internet. Think of it like a castle within which there is a community of groups and individuals. Some areas of our community are very secure; only those who have a legitimate reason to go there are allowed to pass.

We're also an open environment, where academic freedom and access to information is valued. We bring people to our domain. We make an attractive web and help outsiders find information about us. We splay ourselves and our ideas for all to see.

We have data that is used for a variety of online services, some for external viewers, some for internal viewing only through myPlymouth. Register for classes, pay bills, access syllabi and course materials, converse with classmates in discussion groups. Access a wealth of online research and reference materials. Email. Surf. And, if you’re inclined, give online.

PSU is a private ISP, or internet service provider. It is a closed network, opened only with a valid login from a PSU student, faculty, staff or recognized friend. We provide guest accounts for short-time use. Otherwise, our internal network is closed. That's good…you want us to do that. To protect the data that is transmitted for all those above services.

Last year, in a big step toward cleaning up our network, we started a new program where all students connecting on the network had to have computers that had current security and antivirus software (that we provided). That was also true of wireless users. Not only do you have to have a valid account to get on the PSU network, you have to have a clean machine.

It's like living in a community and having to show proof of inoculations. Sad but true. But once you come in, you get more than your money's worth.

That's because there's some serious talent under the PSU technology hood.

Note to Daughters on use of mySpace

Posted on by

Dear Daughters,

 

I know you like mySpace.com. It’s an online place to share things about yourself—your wit, charm and good looks—and to meet others. Tell a little bit about yourself, post a picture, and give just enough to let others want to know you. It’s also a place to scope out friends and what silly and provocative things they put out. So you’re attracted to the older high school guy, the one who seems so mild mannered and shy in person, but dons an entirely new profile online. I can (gulp!) live with the notion that you might be attracted to his shaved head, rippled stomach, half-mast pants, multiple nose studs and alluring tattoos that complement his wicked grin.

 

At least you can see this guy. I worry more about are the ones you can’t see. For everything cool about the online world, there is an equal and opposite seamy side. Your generation is so trusting, so quick to share details of yourselves and lives online. Yet while your intent is frolicsome, you’re often sharing yourselves with the world. Beware the dementors of the internet. Every generation has its share of lurkers, perverts and miscreants; it’s just that the online world provides them easy access to you.

 

You’re not alone. Facebook.com is the craze for college students. It’s cool to a point, but when students start posting pictures of themselves with kegs in the background, smoking a bong or showing some skin, they’re finding out quickly how things travel at the speed of internet. College officials and police find indisputable evidence of underage drinking. Students are sucked into their campus judicial systems for slandering faculty and fellow students. Racy pictures take on a life of their own. Busted!

 

Once you post things online, there’s no turning back. Web pages are searched and archived daily by internet robots. The pages are there forever, on someone’s server, whether you decide to delete it or not. You are suddenly Googleable!

 

It’s becoming common practice for employers to Google job applicants. Think about that. You spend a lot of time preparing for a job search by polishing your resume, dressing for success and planning your interview questions. Then, after you do so well, the hiring manager tells you they found your profile online. That little ditty you wrote 3 years ago, the one you thought was so cute and clever, especially by adding a picture from Girls Gone Wild. Well, they decided you weren’t quite the professional profile they were looking for.

 

Don’t roll your eyes at me, girls. It happens. Just remember this. Have fun, get to know others, but use this tool wisely. Don’t give out any information that would identify you, your address or other vitals. Your first name is fine, a nickname is better. Keep yourself mysterious. And on the internet, start with a position of distrust.

 

And like a very traditional notion of managing yourself in public, think about what your mother and father would think if they saw your postings online. In many cases, we will.