IT@Brown: News & Resources

By and for technology-minded folks at Brown

DCC Meeting Notes – Wednesday September 14th, 2011

An audio recording of this meeting is available.

Announcements – Pat Kinghorn

Next week’s TechForum meeting (Wednesday 21 Sept 2011) is focused on FileMaker Go. Our new FileMaker technical rep will be here doing a demo. Also, Brown is leading the creation of global higher-ed FileMaker listserv. If you’re interested, contact Pat Kinghorn.

Next month’s DCC meeting will be held in the List Art Center, room 110.

Announcements – Chris Grossi

We all got through the Back-to-School rush pretty well; it was as quiet a BTS period as in the last 10 years. The Cloudpath wifi auto configuration service was a big part of that: 2450 people auto-configured the Brown-Secure SSID since 8/30. Walk-ins were down 50% at Help Desk, as there was no need for walk-in wifi configuration.

Banner’s recent ‘Error 404’/cookie problems were been patched on Monday. If anyone has further troubles, contact Help Desk.

Tom Flood from Facilities is making a bulk purchase of Dell laptops and desktops – if you want to join in contact Tom immediately.

AV migration is coming along … CIS is testing a ForeFront installer. They are assembling a steering committee to manage the migration project. More information is coming soon, please contact Pat Kinghorn if you’re interested in participating.

Software Services release EndNote X5 for Windows immediately. EndNote X5 for Mac is waiting for receipt of installation media from the vendor, and will be released within a month. X4 is available directly in a pinch, but does not work on Lion.

CIS is still planning to formally support Office 2010 in October.

In the past, Help Desk has had Windows XP and Windows 7 licenses available for student use via MSDN-AA, but these have been discontinued by Microsoft starting this semester. CIS is working with interested parties to determine ways to address this.

CIS will be sending a survey regarding the software portfolio to the campus later this month. This is intended to identify stakeholders for software licenses and establish best practices for long-term management of our software portfolio.

Also, CIS released a wifi survey by Morning Mail and hopes to have a good response rate. Please solicit responses to this survey from your department members.

The top half of the 128.16.128.0/24 subnet has been converted from ResNet to part of the admin network. Correction: The 138.16.128.0/17 subnet is now being used for staff/admin networks. Departments running local firewalls may need to adjust their rulesets.

David Sherry – All Things ISG

PowerPoint deck available

ISG has a staff of 4 including CISO, handling all information security, not just IT.

State of the Information Security Union at Brown:

  • Staffing: Now hiring for an additional IT Security Engineer

  • Network Security Zone (NSZ) moves continuing – still working with departments who ask for it, not mandated at this time

  • Scanning service maturing

  • Deeper involvement with privacy, records, compliance, and identity (governance)

  • Increasing tickets and DMCA notices

  • National Syber Security Awareness Month

  • “Securing the Human” being prepped – Video awareness campaign from SANS

Ran an external scan by Dell/SecureWorks for auditing purposes. Full report due Friday 16 Sept. 2011. No urgent or critical vulnerabilities were found.

“There are many, many vulnerabilities that can be removed by simply patching the software on systems, and/or upgrading the software to its latest version.”

Google Security

New infrastructure transition last July, many users complained about ‘new’ terms of service allowing administrator access, which was not new at Brown.

Google Image Search malware attacks are getting shut down by Google as best they can. It seems that few people actually got infected by these.

Vanity attacks via Google News alerts – spear phishing. Usually targets high-ranking officials, CEOs, etc.

Virus Proliferation

Phishing and link attacks are growing. Smartphone attacks are coming soon. Increase in attacks on Macs as well, as market share grows.

VPN Status

The new F5 VPN (SSL and Fat Client released) was released as a soft launch on 8/18 and a full launch on 9/12. The obsolete Cisco VPN will be decommissioned on 10/31. ISG is working with Hospital technical staff and other affiliates to iron out bugs and ensure continuity.

Protecting PII

Identity Finder, an automated tool to find personally-identifiable information on your own computer, is targeted for implementation by 10/14/11. If you want to try it at home you can get to at the Identity Finder website.

Guardian Eagle laptop encryption is targeted for 11/23/11 with 1000 licenses to start. Implementation will be targeted at known users of confidential/PII data. ISG is also working on server PII discovery using Veronas.

Firewall Thoughts

Current core firewall servers are aging, ISG is targeting replacement just after commencement next year. They are looking into next generation equipment that moves beyond port-based security for content, user, and application security.

Other Projects

Enterprise Certificates through Comodo: SSL certificates will be available in any number we need, including personal certificates. This should become available before Spring 2012.

Eduroam – new SSID for cross-institutional use by all members of Eduroam (3700 schools in the world, 3600 are in Europe). Login to wifi at participating institutions using your Brown credentials; visitors from other Eduroam universities can login to wifi at Brown with their home credentials.

Brown will soon be archiving mail using Postini for staff members at level 12 or above, for the purposes of data retention and retrieval for legal records.

Coming soon: terminal server for vendor access; developing Domain Trust Security Guidance.

Written by Don Rogers

20 September 2011 at 1:33pm

Posted in Announcements,DCC Program,Meetings,Security

«
»