What was the name of your favorite childhood pet?
If you say XD90WP37, your answer is a good one.
While XD90WP37 makes no sense as a name for a real dog or cat, it makes a great answer to a common security question used for managing the password on your Eastern email, PAWS, Banner or other online university account – because it makes no sense.
Faculty, staff and students at Eastern can change their password or recover a forgotten one by logging in to https://password.eiu.edu There they can access their account either by entering their password or answering security questions that they have pre- chosen for themselves.
Most people write easy-to-answer security questions, such as “What is my favorite color?” or “What was the street on which I grew up?” or… “What was the name of my favorite childhood pet?”
If your answer is a common one, or a logical one, such as “blue” or “Maple” or “Spot,” it could easily be solved by a potential hacker trying to gain access to your account and steal your personal information, plant a computer virus or do other harm.
That’s why it’s important to create question/answer sets that aren’t obvious.
“They need to make some very obscure security questions,” said Information Technology Services’ Assistant Director of Information Security, Mike Gioia. “It’s hard because you want it to be easy enough to remember but difficult for others to guess. It has to be very random.”
People have tendencies to create security questions based on their personal lives, said Gioia – the names of family, pets, colors, locations, etc. These can be guessed by hackers using sophisticated algorithmic code-cracking software. Or, they also can be solved by a much simpler method: snooping through a potential victim’s posts on Facebook and other online sites.
“We as a society broadcast our personal information in social media, so hackers know it’s out there. Using that kind of information for security questions is not a safe way to do things,” Gioia said. “It’s only a Google search away.
Instead of using obvious question/answer sets, account holders would be safer by mixing things up:
“What food do I dislike the most?” “Purple.”
“What was my maternal grandmother’s first name?” “Spinach.”
Better yet, use some alpha-numeric combination for your answer:
“Which is my favorite football team?” “m2p4d8x3.”
A recent account hacking attempt at Eastern underscored the need for security question vigilance.
A student contacted ITS Campus Technology Support to say that he could no longer access his account. A check by a Help Desk technician of the student’s password management log-ins revealed that the account’s password had been changed the previous day. The student, however, did not make the change. A further review by ITS’s Information Security office of the account logs showed that the change was made via a computer with a non-Eastern IP address that traced to a location in Maryland. Further investigation of the IP address linked it to other stealthy attempts to gain access to Eastern accounts by changing passwords — and by guessing the simplistic answers to security questions to do so.
“You’re dealing with con artists,” Gioia warned. “Using obvious security questions is like giving people the key to your house.”
Turning desktop PCs off at the end of the workday and powering them down during periods of inactivity could save Eastern substantially in electricity costs as well as extend the lives of computers themselves.
Over the course of a year, one PC, powered up all the time, can cost $30 more to operate than one that is shut down during non-working hours and allowed to fall into sleep mode during periods of inactivity such as lunch, breaks and when the user is away from his or her desk.
Power can be saved on a number of levels. Turning a computer’s monitor off cuts about 20 percent of its power usage. PC users can set their monitors to fall into sleep mode after 15 minutes of non-use and the central processing unit, or CPU, after an hour to an hour and a half.
Another way to save IT costs is to run only those individual peripherals that are necessary. In classrooms, for example, speakers and amplifiers can be turned on only when needed, and projectors, too. In offices, having centralized printers is more cost effective than individual desktop printers. It reduces the cost per page to print and tends to reduce the overall amount of printing. You can also print on both sides of the paper.
The cost of printing with an ink-jet printer is about 10 cents per page. With laser printers, it’s in the two- to three-cent range. When your office is looking to buy a new printer, ask if you really need a color printer or if there is one nearby. The cost of black and white is substantially less than color.
Making a draft as a PDF, rather than on a piece of paper, allows for a real feel of what a document will look like while saving paper and ink and is a good way to e-mail documents. Anything you can do to cut the amount of printing to begin with is a real benefit to the university, especially in these financially critical times.
Clean classrooms and tidy offices at Eastern get clean and tidy thanks to the efforts of the university’s building service workers. But it’s not just brooms and mops and vacuum sweepers that let campus BSWs do their jobs well. A software program developed at Eastern helps ensure that their work meets the standards that are set for them.
The program is called “Room Rater.” Loaded onto a portable device such as an iPad, it allows BSW supervisors — who periodically visit classrooms, offices and other buildings across campus to inspect the work of BSWs — to record their findings and rate the BSWs’ performance. This, in turn, provides a database with which to provide feedback to the BSWs and to improve their performance, if needed, or credit them for work well done when the information recorded is shared with them.
The program replaced a similar application that had been used previously by Eastern’s Department of Facilities, Planning and Management, which oversees campus BSWs.
“That product was called ‘Inspections Are a Breeze,’” said Travis Gresens, FPM’s network support specialist. “That’s what had been used for BSW inspections and to rate the cleanliness of rooms and areas in various buildings.”
The previous product was cumbersome, however. Though an improvement over the paper forms that had once been employed, it required supervisors to download pre-configured scheduling information onto portable handheld devices (PDAs) before beginning an inspection and to follow restrictive procedures, and it limited their flexibility when performing inspections.
When changes and updates in the product proved cost-prohibitive, on top of its inflexibility, and the PDAs on which it was loaded began to deteriorate physically, FPM asked Information Technology Services to develop a replacement in-house.
“We looked at the overall process and thought this would be something that could be converted into a Web-based application that ITS programmers could write for us,” said Gresens. “We called Frank Kingery (ITS associate director of Information Systems) and explained the software we were using and its function and asked if they could develop a Web application that would free us from the limiting factors that Inspections Are a Breeze imposed.”
Programming for the product was done in Kingery’s unit of ITS by John Janosik and David Miller.
Convenience is a big selling point for Room Rater. Because the product is Web-based, it is hardware independent and gives users the ability to utilize it on a laptop, an iPad, a phone or other device. The application interface always looks and works the same. And rooms can be rated independently rather than in a pre-set order, as with the old system.
“Before, we could not do inspections on the fly, and with this we can go anywhere and pull up a building, a room or a person and rate them on a 1-5 scale of cleanliness and the job the BSW is doing,” said Travis Magee, custodial supervisor for FPM. “It helps us as a manager. If an area is getting lots of complaints, you can pull out the last two months of inspections and know what kind of problem you’re dealing with.”
“We see it as helping the BSWs,” said Gresens. “If they’re getting good scores they know they are doing what they are supposed to be doing, or if the scores are low, what they need to be working on.”
Future updates of the software are expected to allow customers – office workers and faculty – to add their own room ratings to the mix, and to improve the note-recording and sharing capabilities of the product.
“It is a good tool to help us better serve students, faculty and staff,” said Magee. “We are using the resources we have at this university to save money and fit our needs better.”
Room Rater has attracted the attention of other universities that have similar room-inspection regimens. Indiana University, for example, has been in contact with FPM to inquire about how it could be reproduced and used there.
The Room Rater application went into service in October.
An especially nefarious computer virus is making the rounds, and faculty, staff and students at Eastern are being cautioned to take extra care before opening links in email messages from unknown senders in order to avoid downloading it.
The virus is a form of “ransomware” called Cryptolocker, and unlike other viruses that can be neutralized through the use of restorative software such as Malwarebytes, Cryptolocker cannot be fixed once it locks up someone’s computer – unless the victim is willing to literally pay a ransom to the hackers who deployed it.
Cryptolocker works by encrypting files within an infected computer’s hard drive with an indecipherable level of code that cannot be broken. This locks those files and renders them inaccessible while leaving the computer itself still functioning, said Information Technology Services Assistant Director of Information Security Mike Gioia. After doing so, the virus displays a message from the hackers demanding money, usually a few hundred dollars, within a three- or four-day period of time to have the encryption removed. If the money is not paid, the solution key is destroyed, permanently locking the files. Thus, the virus is referred to as “ransomware.”
At Eastern, one computer was infected with the Cryptolocker virus during Fall Semester. Because it could not be unlocked, its hard drive had to be removed and replaced, and all files on it were rendered inaccessible. “They lost everything,” said Gioia.
Gioia said the Cryptolocker infection usually is disguised as a PDF attachment in an email message that purports to be sent from Fedex or UPS tracking a package shipment. If the link is clicked, the virus downloads from an executable file hidden in the PDF.
“It’s worse than the average virus because your data is pretty much lost,” said Gioia. “You can usually run Malwarebytes to clean up other viruses, but because this is encrypted, it’s either pay the money or rewrite the hard drive.”
Indeed, some victims have paid the ransom and had their files unlocked. “But then you’re giving your credit card number to hackers,” said Gioia.
“The likelihood of recovering files after (an infection) are pretty slim, unless you have a backup of them prior to the encryption,” said ITS Associate Director of User Services Dave Emmerich.
There are few ways of preventing Cryptolocker infections, said Emmerich.
“The current recommendation among many IT pros for preventing it is to utilize a software restriction policy via group policy,” Emmerich wrote in a recent email to ITS staff warning about the virus. “We have been testing the policy in ITS with no noticeable impacts for the past few weeks. The intent was to test here … and implement campuswide. However, a recent computer infection on campus has put us in a position where it would be best if we apply the policy to campus. If an application is impacted, the user will receive a popup window stating ‘Your system administrator has blocked this program. For more information, contact your system administrator.’”
Gioia said files on personal computers should always be backed up to prevent them from being lost. And links and attachments in emails from unknown senders should never be opened.
But he cautioned that the Cryptolocker virus makes such precautions especially critical. “Back up your files and never open attachments from people you don’t know. This is basic security for email,” he said. “Know what you’re opening.”
An Information Technology Services project to update and improve the interface between the campus network and the outside Internet will double the potential capacity of the university’s data pipeline for both administrative and residence hall users.
The edge refresh project – a reference to the “edge” between the internal and external networks – will double the potential capacity of the intranet serving administrative users (faculty and staff) from 500 megabits of throughput to 1 gigabit. It will provide the same potential increase for students in residence halls.
The improvements will be accomplished by replacing network traffic control components with newer technologies. Routers and firewall controls, used to direct campus network content and provide security filtering, will be replaced, and packet-shaper software, which makes the campus network work more efficiently by directing data traffic, will be updated.
The installation of the new technology is expected to take place over Christmas Break and be in place in time for the start of spring semester 2014, pending approval of contracts by the state of Illinois and purchase and delivery of equipment.
The end result will be a doubling of potential bandwidth capacity, said Randy Ethridge, network systems engineer in the Infrastructure Technologies unit of ITS.
“This project will give multi-gig capacity to the campus network,” said Ethridge. “We now have a 1-gig pipe shared between the residence halls, which is through Consolidated Communications, and the administrative side, which is through the Illinois Century Network, so after the refresh, it will be 2 gig total capacity, 1 gig to each ISP provider.”
The project will increase potential bandwidth and thus its effect may not be immediately noticeable to users of the campus network because the maximum capacity of the network is not usually tested. On any given day, the administrative side of campus, for example, utilizes only about half of its availability. However, in times of peak demand the refresh means that extra capacity will be there.
“Users will get more bandwidth, which means capacity will be higher, which means more people as a group can be on the network at the same time rather than faster speeds for an individual user,” Ethridge said.
Perhaps more importantly, Ethridge said, the project lays groundwork for the future.
“It gives the university the option to look at more ‘cloud’ services if it chooses to do so because the network will have more bandwidth,” he said. That translates to applications hosted off site such as Desire 2 Learn, Microsoft Office 365 and website pages. For students in residence halls, it means greater availability of high-demand features such as streaming video (which accounts for the majority of network utilization in the residence halls) and video gaming.
While the new router and packet shaping technologies that are part of the project are significant, the firewall upgrade portion of the refresh is especially noteworthy, Ethridge said.
“It’s next generation and is application-aware,” he said. That means that instead of just looking at a port number or an IP address (as is now the case), it can see what kind of applications are running so it can block a particular application rather than just a ip address. “If I am a spammer and I have the name ‘spam.com,’ the new firewall will be able to block out ‘spam.com,’ not just an IP address. It will help to keep more exploits out.”
Equipment for the project will reside in the Data Center in the Student Services Building, replacing old devices located in a wiring closet in the Financial Aid office in the SSB.
As Microsoft rolled out the new and improved version of its Windows 8 operating system – Windows 8.1 – Oct. 18, Information Technology Services’ User Services unit was gearing up to make the software update available to PC users at EIU.
Microsoft debuted Windows 8 in October 2012, but the OS proved controversial among some users because changes to its tablet- and mobile-oriented touch interface made its appearance and functionality significantly different from that of its predecessor, Windows 7. Windows 8.1 will address some of the issues that consumers had with Windows 8.
User Services has been previewing Windows 8.1 to become familiar with its operation and evaluating the modifications it brings, said User Services Manager Dave Emmerich.
Windows 8.1 eventually will be an available option for Eastern faculty and staff who wish to have it installed on existing computers. However, it will not be loaded on newly purchased computers because Windows 8 itself is not being installed as the default operating system (OS) on administrative machines on campus. Instead, Windows 7 will remain the default OS used to power university-owned PCs. (Another Windows version, XP, is still used on a few administrative computers but is nearing end of support and is being phased out.)
“We will be getting (Windows 8.1) installation software when it becomes available and then be working with campus technology personnel in November to test it,” said Emmerich. “Our goal would be to have it ready as an option for installation by the end of the (fall) semester.”
Major changes in Windows 8.1 include a return of the traditional Windows start button in place of a “tiled” startup screen and the ability to boot up directly to the desktop.
Emmerich said faculty and staff will not be required to have Windows 8.1 installed on either new or existing computers. “We will not force it on anyone,” he said. “Even on new machines, we will still use Windows 7 as the default operating system. Not a lot of people have Windows 8 because we haven’t been installing it. If you’re used to Windows 7, it’s a big change.”
Eventually, Windows 8 and its updated versions will become standard installation, when support, training and demand dictate – but not yet at Eastern. “We want it to be not such a drastic change,” Emmerich said.
Currently, ITS provides “best effort support” for Windows 8.
Microsoft Office 2013 is coming to Eastern Illinois University.
The User Services unit of Information Technology Services currently is testing Office 2013 and will begin working with technology personnel across campus to implement the updated product on administrative computers. ITS Help Desk personnel are already utilizing the new version in order to become acquainted with it so they can support other campus employees in the use of the software in the future, and some personnel in information technology roles already have asked to have it installed on their computers.
Although upgrading to Office 2013 will not be required on existing computers, it will be available to employees who request it, and new computers purchased during Eastern’s annual “bulk order” of computers during spring semester of 2014 will be loaded with the new version automatically.
“We will schedule installations if faculty and staff would like, and this can be done remotely,” said User Services Manager Dave Emmerich.
Most users will not see a great deal of difference between the two versions, Emmerich said. He described the new version as having a “flatter” appearance, with graphical changes in the Outlook email client in particular, adding that Office 2013’s version of Outlook seems to mesh well with Eastern’s own email application, PantherMail.
Office 2013 is supported on Windows 7 and Windows 8. It is not supported on Windows XP and Windows Vista.