- Replacing Remedy Incident Tickets possibly with Kayako
- Folder Redirection and Offline Files – By March
- Contact her if you’re looking for assistance with password resets.
- IPTV for Students and Staff – tv.brown.edu
David Sherry – Covering 3 Items
Item #1: Identity Finder – Department Managers already saw tho presentation.
What is the most sought after info?
- What we can do:
- Do not store unnecessary SSN.
- Have all necessary SSN approved by the DPCRM Committee.
- Install and run Identity Finder.
- Address and PII.
- Continue to run periodically.
When running Identity Finder, it almost always finds PII. There are a number of options for controlling PII once found.
- Focused awareness message on IDF throughout the spring.
- The goal is to have IDF on all faculty and staff machines.
- Support will be available from the Service Center and brown bag sessions by the ISG.
- One page checklist is available.
Item #2: Notification and action on compromised accounts!
Majority of compromised accounts were first year undergrads.
How does the ISG find out?
- End user is locked out of their account.
- Google locks account.
- User alerts ISG or Service Center
- Brown receives phishing emails from a Brown account.
- Google notifies of suspicious activity.
What does IGS do?
- Notifies the CAP to lock the account with a passkey.
- The CAP contacts the end user offline, or the end user calls the IT Service Center.
- The account is re-opened, passwords changed, and support is provided.
- Fast response to phishing attacks.
- Reduced phishing messages in our domains.
- Reduced amount of compromised accounts.
- Small battles with scammers.
- Some password change “collisions” with pro-active end users.
How can you help?
- If one of your end users contacts you about a compromise, let ISG know.
- IGS is pleased to see the quick and accurate response from the university technical community, but the collisions do occur.
- The end user is under enough duress, and the ISG doesn’t want to create more!
Item #3: Faculty access when departing!
What does this mean?
- The departing faculty member retains all access for six months after they depart.
- HR request for removal of certain services
- OGC request for removal of certain services
- Department Chair request for removal of certain services
- A ticket can be opened to the CAP, for routing to the CISO for review and approval.
ISG will once again celebrate Data Privacy Month!
January 28-Februrary 26: 3 movie screenings and 2 Brown Bag talks!
Microsoft Rep – Kofi Bawuah
Q&A about live tiles.
Windows Platform Convergence Journey
- One universal app platform
- One security model
- One management system
- One deployment approach
- One familiar experience
Touch will become more prevalent for every experience making live tiles a more pleasing experience.
Windows 10 will have a Start Menu (similar to Win 7) that features Live Tiles. If booting without keyboard and mouse, it can boot to regular Live Tile screen.
Ability to use modern apps in full screen or as standard windows.
Ability to use multiple desktops.
- Wipe-and-Load (Clean install)
- In-Place (Update)
- Apply a provisioning package to off the shelf hardware to setup with apps and settings.
3 Paths for updates: Consumer (standard updates), Business (delayed updates), Mission Critical (Long term updates).
For an audio presentation of the meeting please click here.
Here is the latest from Artist/Deputy CIO John Spadaro
No Announcements at today’s meeting. Joint DCC/Sys Admin meeting.
John Spadaro came to speak about IDM
OIM = Oracle Identity Manager
Oct 17th- Oct 20th – BRU goes down as well as Myaccount. Myaccount will resurface with a new look on the 20th. Much easier to use and much more useful!
Kerberos and Google systems will remain in place and be OK. No need to panic.
Listen to the recording for more detailed information. You may need to put the volume up a bit to hear properly.
See you next month!
Please feel free to download an audio recording of the meeting.
I. Stephanie Obodda is now reporting to Ravi. Christine Brown is now handling customer service concerns.
a. Stephanie is interested in hearing about common questions. Could CIS be providing more documentation or communication? Please forward these issues to Stephanie.
b. CIS is trying to be more proactive rather than re-active with regards to communicating and staffing.
c. IT documentation – New knowledgebase has been set up to be a documentation store. Links from service catalogue are being updated to point to this new site. Users can log in to leave feedback on articles or add favorites. http://brown.edu/go/kb
d. October 20th Identity management system will be replaced. Most people will experience this change as a facelift to My account and directory.brown.edu.
e. Stricter password policy for new accounts. Eventually everyone will have to update their passwords in the new system.
II. Doug Wilkinson talks about Wireless
a. Hardware upgrades happening behind the scenes.
b. “Headless” devices such as apple TVs, wireless printers and wireless projectors will be able to connect.
III. Nancy Magers talks about the EMC Isilon Scalable NAS solution to replace the windows files servers.
a. Brown has purchased 5 nodes that are replicated to 5 nodes at a disaster recovery in New York.
b. We currently have half a petabyte of storage on the system.
c. CIS would like to see profile data backed up to the new storage system, rather than an external hard drive attached to a user’s computer.
d. CIS is not charging for this service, and they will now accept academic, administrative, and research data.
e. Profile folder redirection will be available soon.
f. Access Based Enumeration will ensure that you only see folders that you have access to.
g. This file system is recoverable at any time, and the failover is tested quarterly.
h. No backups are run. Only Data Replication and VSS snapshots that run every hour for 48 hours, every day for 6 weeks, and every month for 6 months. Right click and recover through previous version tab.
i. 100GB will be the standard quota for users using profile redirection.
j. Shared and User shares will have their own separate quota. This can expand up to multiple TB to accommodate needs. Automatic warning notifications when the quota is getting close to being reached.
k. Folder mapping for Windows machines can now be done automatically through group policy security groups rather than Kix and BAT files.
l. Files.brown.edu will still work as expected.
m. Departments can pick the date of the migration and coordinate with CIS/Nancy Magers.
n. The process for the migration includes taking down the existing windows file share at midnight the night before the migration, running final robocopy and file comparisons, dialing in to a phone bridge at 6am to verify the migration is good to go, turning on the new shares then testing access, permissions, and mapping. An email is then sent out to all affected users indicating that the migration is complete.
Kara Kelley – Emerging Technology Group
Last winter Ravi formed the emerging technology group featuring members of CIS to identify problems and priorities in IT.
They are currently looking for a new project to work on. Contact Kara for additional info.
The first identified project focused around safety and technology. Safety website aggregating information about transportation, campus life, student services, DPS. They also created a mobile application.
Site features short safety videos.
Bear Tips Program – Coins given out at safety talks that can be exchanged for credit at the Brown Bookstore.
Features links and info about transportation, security personnel, hotlines, etc.
Brown Guardian – 3 key features – Safety Timer, Emergency Calls, and Emergency Tips. IOS and Android only. When validated with Brown Email address, it links with Brown setup and will connect emergency calls/tips to the Brown DPS.
Having medical conditions listed could be helpful to emergency responders.
Safety timer will notify guardian (DPS is default) if the timer goes off before deactivation.
Kara Kelley is also working on proposal for digital signage for departments. Reach out to Kara for additional information.
ISG Status Report – Pat Falcon
-One central location for phishing attempts: brown.edu/go/phishbowl
-One address to notify when spotting a new phish: PhishBowl@brown.edu
-More rapid response in handling compromised accounts
Section on main IT page dedicated to Phish Bowl (just below alerts on right side column)
Phish Bowl Page shows current phishing subject lines in right column.
Phishing information and links about phishing and what to do when compromised.
What to do when spotting phishing.
What to do if you’re a victim of phishing.
-Announced on 8/25 and received 75 reports in the first week.
-Only a handful sent to ISG and service center.
-Identified and quickly handled 7 compromised accounts.
Fall Newsletter coming in September!
10/1 – National Cyber Security Awareness Month 2014 Kick-off them “SPOT the Phish / STOP the PHish”
10/8 – On the green at Public Safety’s “Be Safe Day”
10/9 – Brown Bag:phishing/social engineering
10/15 – Screening documentary Code2600 (view trailer)
10/16 – Brown Bag on safety when online, with focus on social media
10/23 – Brown Bag on mobile device security
10/31 – Drawing for raffle prizes (TBD)
CISO Update – David Sherry
One day last August – 5:30AM until 7:00AM – 500 phishing question emails
Recently implemented with Google – Alerts when Brown Accounts where logging in from RI area followed by immediate out of country log ins.
Site being used to see attacks
Recent Threats Affecting Brown
– Targeted “salary update” phishing scam
– Widespread attack on 7/30/14 and additional attack on 8/26/14
– Appeared to have come from HR
– Had the Brown logo (though skewed)
– Had “sincerity”
When clicking the link, you would receive a Shibboleth looking Brown Page (with bad URL).
4 people fell for this Phish since January.
Another phishing attack:
– “Message from Brown Information Security. Your email account has been compromised”
– Common phishing scam with uncommon subject line
– Proof that the scammers were “in the box”
– Passwords – 10+ character strong password – only needs to be changed once by the end of February
– Hard Drive Crusher – just passed 500 crushes
– PCI-DSS (credit cards) Compliance – expecting 80%-90%, up from 5%
– CCV Stronghold – CCV is now part of CIS – HIPPA certification coming – Brown is singing first Business Associate Agreement
– Beyond Security scanning platform – Automated scanning featuring strong dashboard
– 2-Factor authentication – Strong for blocking phishing
– Laptop encryption – Chris Grossi and Scott Martin are working on native Mac and Microsoft encryption (every laptop encryption coming) – Will need backup in place before encrypting
– Mandatory security training – Securing the Human (SANS security training)
I. Chris Grossi – announcements
a. Geoff Greene is negotiating with Adobe with regards to getting an enterprise license for creative cloud.
b. Reminder: If you are running Matlab in the lab and connected to CFARM, be sure to change the license path.
II. Chris Grossi – Remedy Service Request updates
a. Remedy is under continuous service improvements.
b. Incident tickets get tied to the underlying problem ticket.
c. CIS is working on shibboleth for Remedy.
d. Requesting a new remedy account will become easier – Supervisor approval is being taken out of the business process, being replaced with supervisor notification
e. Student access requests to remedy will be denied unless requested by supervisor.
III. Chris Grossi – Files Services Update
a. Migrations to the back end EMC Isilon storage have begun – 100 TBs of storage available, and more will be available for growth as the need arises.
b. Migrations from Files A, B, C, D, E, G, and H will be starting in the next few weeks.
c. Downtime will be midnight – 7am cutover, but a new path will be used.
d. Department shares will be located under a new pat: \\files.brown.edu\dfs\departmentshare
e. Volume shadow copies will be available for 6 months on Isilon
f. Folder and Profile redirection for Windows is now a possibility with the Isilon storage system. This will make user folders, including my documents, available from any computer on the network. Technical documents to come
g. 50GB soft quota per user, with a 100GB hard quota.
h. Ravi intends this storage to be for general Brown use.
i. CCV will still be a go to for high performance and research computing, but CIS will no longer have a problem with research data or even personal data being kept on CIS storage.
j. Students will eventually have their own profiles created
IV. Chris Grossi – Laptop Encryption – Bitlocker available
a. Can be tied in with AD group/SCCM management – can encrypt laptop on the fly
b. Data would live on CIS storage, making DRUVA no longer necessary for most.
c. Druva licenses will be repurposed for people who still need them.
V. Pat Zudeck – Courses.brown.edu update
a. First Friday of every month, an instructional technology session for Staff from 12-1. Time to share ideas and projects with regards to academic technology.
b. Faculty can upload syllabus to the courses system for their students.
c. Will be integrated with the Academic Technology Gateway – which was used to request campus sites and other course tools (blogs, wikis). The gateway is going away when courses goes into production.
d. Students will be able to see class information, and Faculty will be using this site as a one stop shop for tools and services that are available for them to manage their courses.
Audio and slides can be found here.
Chris Grossi –
- Filemaker 13.1 and 13.2 vulnerable to Heartbleed, upgrades to 13.3 coming soon
- Bulk storage is now in place – Departmental file services moving to new space – Windows users will be unaffected, Mac users will need an updated path
- CIS is going to offer a “cloud based” My Documents – 25GB Soft Limit, 100GB Hard Limit – Supporting offline files
- Hoping to offer a sync and share service for Macs as well, but not here yet
- Virutalization project is moving along well – Citrix infrastructure with HP storeage – Starting with engineering labs allowing remote access to lab for ~300 people
- 7440’s image going through QA with Dell
- Software survey moving to Spring
- Matlab update is available
- Jeff Clarke is overseeing the Service Center
- Media Services is moving
- SAS JMP is almost complete
- Adobe pricing is still too high, but trying to work out a better price – $20,000 to $133,000 price increase – Need to know number of licenses needed per department
- Office for mobile – $20/year for 3 year subscription with .edu address, we offered $8
- Rosetta Stone is University Site License – Eventually to alumni as well
Jamie Combariza – CCV HIPPA compliant servers – stronghold.ccv.brown.edu
- Been working on gaining the compliance for ~1 year
- HIPPA Omnibus Rule
o Heavy Penalties and random audits in 2014
- Need to know
o A single clinical researcher in your system
o “Did not know” will not work. Government will not accept this.
o Must be proactive
o Environment must be secure (compliance) independently of use
- What is needed
o End to end security
- At the user level (most difficult to enforce/implement)
- Our end
- Disposal (data management)
o Entire workflow needs to be considered
o Risk assessment
o Risk management
o Security is part of the process
o Security rule: Protect electronic PHI data in any form: at rest, in transit, under analysis, access, etc
o PHI: identifiable patient data with one or more of 18 identifiers
- Does HIPPA apply to ALL
o At universities, anyone providing IT support can be accountable
o No Certification
- Coalition of Advanced Scientific Computing
o Casc.org (presentations, Spring 2014)
o Working group (50 schools)
Pat Zudeck – ITSF Initiative (Instructional Support for Faculty@Brown) – Reaching out to anyone interested in instructional technology
- Open meeting
- Front lines of faculty to find out what technology is supported
- We can provide info about faculty needs
- Site will include one stop shop for faculty for Instructional Technology Requests – June 6 soft-launch
Emerging Technologies Group – Kara Kelly, Stephanie Obodda, Paulo Baptista, Marc Doughty, Jennifer Lane, and Ravi Pendse
- 7 person group based in CIS
- Possible enterprise service for digital signage
- Need for safety technology
o Identified need for safety website/portal – release in fall
o Mobile safety app – Currently getting information from vendors
o Personal safety videos
- More of a solutions group than just emerging technologies
DCC Meeting notes for 4/09/14
For Audio and Presentations please go to this link here.
This month’s meeting featured Julie Lirot, Instructional Designer with ATG.
John Spadaro, Deputy CIO of CIS.
Michael Romauld, Elliot Flemming and Elizabeth Sylvia of the Bookstore.
First up: Chris Grossi with announcements-
• LabView is complete now and ready to go
•Refund for Druva and SAS licenses for those departments that paid for their licenses
•XP support and updates expired April 8th – remaining machines will be removed from network access or placed in a restricted zone this summer
•Office for iPad- working on lower fee for staff & faculty $24 per year is in the works
•Wolfram Alpha went live
• The Service Center launched “Chat” with demo from Christine Brown
•Remedy Service Requests – new process – should be easier
Julie Lirot from Academic Technology Group-
She gave a lovely presentation on “Turnitin”- Anti –plagiarism software that is currently only used with Canvas. Brown is working on expanding the site licenses. For more into go to http://www.turnitin.com.
John Spadaro, Deputy CIO of CIS
• Wireless- CIS is working on authentication issues, headless devices, and AP drops.
• Research Network- 10 GB going into Labs. Fixing bandwith issues.
•Windows file service is changing. Get ready!
• Virtual Desktop – Lab in Engineering using a pilot program
• Digital signage- central digital signage service for departments in the works.
•Courses.brown- Big upgrade coming in the summer and will include summer courses.
•VIVO- Live now
•CCV Secure File Service that is HIPAA compliant- rolling out possibly end of spring.
• Identity Management- on track for October 2014 (alumni/ae included in this)
• For more information please listen to the audio
Michael Romauld & Staff: Bookstore
• New Process of ordering Apple computers on-line
• Elizabeth Sylvia new PC point person for orders.
• Lenovo coming on board for on-line orders
• Bear Care Program- covers fixes for broken Macs/PC’s, tablets, phones and you get a loaner during the repair.
• Cartridge World- eco friendly ink 30% saving from brand names.
• XICO Products
•Online Technology Store
Notes by pm