National Cyber Security Awareness Month good time to protect against online threats

October is National Cyber Security Awareness Month, and Information Technology Services is urging students and employees at the university to follow the guidelines set out during the observance.

“This is the 11th year (of NCSAM) to raise awareness that cybersecurity is a shared responsibility for everyone in the nation and the world,” said ITS Assistant Director for Information Security Mike Gioia. “It’s a shared responsibility because we’re all connected now. Ninety percent of the population uses the Internet daily.”

ITS’s Information Security Web page notes that NCSAM was created at an effort between government and industry to ensure that every American has the resources they need to say safer and more secure online.

NCSAM focuses on a different cybersecurity issue for each week in October:

Week 1: Stop. Think. Connect.
Week 1 aims to raise online safety awareness among all Americans and reinforce stop, think, connect and the simple measures everyone should take to be safer and more secure online.

Week 2: Secure development of IT products
Building security into information technology products is key to enhanced cybersecurity. Security is an essential element of software design, development, testing and maintenance. The software we use everyday on our phones, tablets and computers may have vulnerabilities that can compromise our personal information and privacy. This week will target these stakeholders and educate others about what to do and look for in products.

Week 3: Critical infrastructure and the Internet of things
The Internet underlies nearly every facet of our daily lives and is the foundation for much of the critical infrastructure that keeps our nation running. The systems that support electricity, financial services, transportation and communications are increasingly interconnected. The Internet of Things—the ability of objects and devices to transfer data—is changing the way we use technology. Week 3 highlights the importance of protecting critical infrastructure and properly securing all devices that are connected to the Internet.

Week 4: Cybersecurity for small and medium-sized businesses and entrepreneurs
Small and medium-sized businesses are an important part of our nation’s economy, but they often do not see themselves as a target for a cyber attack. Strong cybersecurity practices are vital within these organization. Entrepreneurs are recognizing the cybersecurity field as a burgeoning marketplace. This week will focus on what emerging and established businesses can do to protect their organization, customers and employees, as well as cybersecurity as a business opportunity using tools such as the DHS C3 Voluntary Program.

Week 5: Cybercrime and jaw enforcement
This week will help draw awareness to cybercrime and educate law enforcement officers about how to assist their communities in combating cybercrime and educate the general public with ways to protect themselves from becoming victims of identity theft, fraud, phishing and other crimes.

Gioia said that taking proper safety precautions online is important “because hackers don’t care who you are, they just want access to your information, so you need to take steps to protect yourself.”

“Make sure your computer antivirus software is up to date,” he said. “Browse only to websites you know; don’t go to unknown sites. And practice safe social networking; don’t give up too much personal information online.”

Gioia said ITS’s Information Security group is constantly working to increase security measures at Eastern, searching for and implementing new security tools and working to increase cybersafety awareness.

“Compromised account are down, but that doesn’t mean we are going to stop informing and educating people,” he said.

The Information Security group Web page can be found at http://www.eiu.edu/its/security/index.php and the Stay Safe Online page can be accessed at http://staysafeonline.org/ncsam/landing-page/


Hardware, software list for student technology

While Eastern offers its student access to computers via several labs located across campus, many students find that bringing their own personal computer is more convenient and enhances their academic experience.

Most modern computers, laptops, tablets, or mobile devices will work on the campus network. The following guidelines will help with deciding which device to bring to campus. In addition to these specifications, students should check with the program they are enrolled in to be sure they do not have any other specific computing requirements.

Hardware
To ensure a better experience with the EIU network, Information Technology Services recommends the following specifications, regardless of which operating system you are using:
• Memory (RAM) : 2GB or more
• Wireless Card : 802.11 b/g/n
• Ethernet Card : 10/100 capable

Operating System
Eastern’s wireless network uses a network access management software to ensure our student computers are meeting some recommended standards to prevent campuswide virus outbreaks. This management software supports the following Operating Systems:
• Windows 7
• Windows 8
• Mac OS X 10.6
• Mac OS X 10.7
• Mac OS X 10.8

Although devices running iOS, Android, Chrome OS, and Windows RT are recognized on the network and will work, EIU Online’s lockdown browser will not work on the operating system. If you are bringing a tablet to EIU, you will need to plan on taking some online quizzes in an EIU Lab or on a full-fledged computer or laptop.

Antivirus Software
ITS requires all computers, Windows and Mac, to be running an up-to-date Antivirus software. EIU provides students with a free-for-student-use copy of Symantec Endpoint Protection (SEP), found on the ITS Software Download page. The version provided is supported on both Windows and Mac computers.

If you choose not to use EIU’s version of Symantec, the following antivirus software is free for personal use provided by other vendors:
• Avast Antivirus
• Microsoft Security Essentials
• Sophos Antivirus

Internet Browsers
We recommend having at least 2 web browsers installed on your computer. Occasionally, some web services provided do not offer the best experience between each browser. If you are using one browser and running into an issue, we suggest trying a different browser first, as a troubleshooting tip. Most EIU web based services support using the following browsers:
• Internet Explorer 9, 10, or 11
• Firefox (most current)
• Chrome(most current)
• Safari (most current)

Additional Software
Many courses require students to write papers, create spreadsheets, update websites, and more. You can find some additional recommended software, freely available for personal use at our Software Download page.

As a precaution, please check with your college or course instructor for additional software that may be required.
Printers

There are many printers in labs on campus that students have access to print to, for a fee. Some can even be printed to from your residence hall. However, if you choose to bring your own printer to campus be aware that EIU’s wireless and residence hall network do not support personal printers. If you bring your own printer, be sure that it can be plugged into your desktop or laptop via USB or other compatible printer cable.


ITS, private industry cooperate to improve IT security, cut costs

A cooperative initiative between Eastern and private industry may help improve IT security for both.

Information Technology Services’ Information Security unit, and Heartland Dental, an Effingham-based dental services company, are working together to share data about online security threats and other security issues that both entities confront on a regular basis.

“This is going to improve our security posture across the network,” said ITS Assistant Director for Information Security Mike Gioia. “Collaboration is key in this environment, and having knowledge of threats is always critical. Heartland may see threats we don’t and vice versa, so we can warn each other. That fact that they are a corporation and we are higher education means the threats will be different, so it’s good to have an expansive knowledge of what is going on.”

ITS Technical Associate for Security Administration Josh Awalt was employed in the security office of Heartland for several years before taking his current position at Eastern, and thus had a familiarity with the company and its assurance strategies. He reached out to Heartland and its network and security architect, Justin Henderson, about general security issues and learned that Heartland was installing an application called Security Onion, a set of Linux software components for intrusion detection, network security monitoring and log management.

Awalt and Gioia investigated Security Onion and decided the application might be useful to the university because it is effective and because, being open-source, it is available at no cost.

“With budget constraints, we were looking to replace an old intrusion detection system — that was no longer being supported by Cisco — as cost effectively as possible” Awalt said.

Because Security Onion is free of charge, being open source, the only major expense involved would be the server hardware on which to host it and interfacing it with the campus network.

Awalt spent two days at Heartland learning how to install, configure and administer the software, and saw it operating in a live environment. And later, Henderson visited Eastern to confer with Gioia and his security team – including Tim Lewis and Cathy Ashmore — about the product and its use.

“Collaboration is a general trend,” Gioia said. “We collaborate across the state with other universities on security through listservs and membership in organizations, and we collaborate with the federal government, as well. Having more inputs, more intelligence on what’s going on helps everyone.”

“Cross-pollination between Eastern and Heartland is only going to make both of us stronger,” said Heartland’s Henderson.

Gioia said the initiative is in its early stages.

“We have to figure out what it takes for supporting hardware and the associated network costs, but it’s tremendously cheaper than going out and buying products,” he said.


Switch to Office 365 email may be factor in reduction in compromised accounts at Eastern

The move this semester to Office 365 as Eastern’s student email utility may be a factor in a reduction in compromised accounts, says the university’s information security officer.

“It’s been pretty good since the start of the school year,” said Assistant Director of Information Security Mike Gioia. “We haven’t had any compromised accounts for a month or two now, and it seems like phishing attempts are down, too.

The switchover from Zimbra to Office 365 to handle student email could be a reason why, he said.

When Eastern administered its own student email service, it had limited information about the most current email hacks and scams. But Microsoft, which operates Office 365, has comprehensive, up-to-the-minute information about email security threats and so is better able to protect against them, Gioia said.

“With the move to Office 365, under Microsoft’s phishing rules, which could be stricter than ours, they could more easily identify what’s phishing and what’s not,” he said.

Payment card breaches, such as those at Home Depot and Target, have been grabbing national headlines when it comes to security concerns in recent months, he said.

“There is a lot of money to be made in accessing someone else’s banking and credit card information,” he said.

The black market price for credit card account numbers can be as high as $100. Hackers sell them in bulk after obtaining them through fraudulent means, then buyers use them to make big-ticket purchases. When they are found out and a card is shut down, they simply move on to the next one.

There is little consumers can do to protect themselves against such breaches and identity theft, Gioia said.

“Unfortunately, unless you go back to using cash to buy everything, there’s nothing you can do about breaches. They focus on payment devices to capture information, so it’s hard to determine if a system is affected or not,” Gioia said.

It is better to use credit cards rather than debit cards for most transactions, he said, because purchases made on credit cards are dependent upon the issuing bank’s funds, whereas those made with debit cards draw on the user’s account.

“The banks are more apt to fight fraudulent charges because it is their money, not your money. It’s a lot less hassle for the owner of the account because it’s not their money they’re trying to get back,” Gioia said.

With the fall semester getting underway, Gioia urged Eastern students to be vigilant in protecting their email and account passwords.

“You want to protect your ID at all costs,” he said. “Make sure not to give out too much information to friends on social media sites. Don’t ever give your passwords or credentials or your Social Security number to people you don’t trust. As a student, make sure you are always backing up your data and information so that if your computer crashes, you have copies.”


Migration of employee email to Office365 gets under way at Eastern

Information Technology Services began migrating the campus email accounts of ITS personnel to Office 365 this week, in preparation for the eventual transfer of all employee email accounts at Eastern this semester.

The switch in email service providers used to power PantherMail, Eastern’s campus email service for faculty, staff and students, from Zimbra to Microsoft, is being made to provide improved functionality and reduce service costs. “ITS personnel will be moved over first, then the rest of Business Affairs employees along with employees of the Center for Academic Technology Support, the general idea being to work out the process and any issues before the remainder of campus being migrated in October,” said ITS Director of Infrastructure Technologies Brian Murphy.

Student email accounts were migrated to the new system last spring.

Murphy said email users will notice a new Microsoft Outlook graphic interface when they sign into their PantherMail accounts but that the new system is intuitive and easily navigated. Many of the features and capabilities of the existing PantherMail client are included in Office 365, including regular email, contacts and address books, a calendar, tasks, and folders.

New benefits of Office 365 include full Windows and Mac support, 50 gigabytes of email storage and one full terabyte of OneDrive storage, collaboration ability between faculty, staff and students, as well as reduced licensing costs that enable the university to save money.

A review of the Office 365 migration and product functionality can be accessed by going to the PantherMail log-on page (a link available at the top of the Eastern home page) or by going directly to http://www.eiu.edu/its/helpdesk/o365fs/

Following the migration of early adopters, ITS will migrate remaining active employee, annuitant, and group account mailboxes to Office 365. When that schedule is available, it will be posted on the ITS Office 365 Web page, and departments, which will be migrated as units, will be notified. Two days prior to migrating, a reminder email will go out to departments to make their personnel aware of the pending move.

The following items will be moved to Office 365 for most faculty and staff.

  • Email
  • Contacts
  • Calendars
  • Tasks
  • Email folders
  • Email aliases
  • Forwards

Below is a list of known items that will not be migrated automatically.

  • Contact groups (distribution lists)
  • Calendar and folder shares
  • Mail filters
  • Signatures
  • Briefcase items
  • Tags
  • Categories
  • Trash
  • Notes
  • Large emails (25MB or more)

Prior to the migration, employees should take the following steps in preparation:

  • Export Zimbra briefcase items, if you wish to save them.
  • Make note of any folder or calendar shares.
  • Make a backup of your address book, including contact groups/distribution lists.
  • Make note of what mail filters you have in place.
  • Identify and download email attachments and emails larger than 25MB.
  • Save a copy of your signature.

After their accounts are migrated, employees will continue to go to https://www.eiu.edu/panthermail to log in to the Web interface to access their email. If an employee is using additional software or a mobile device to check their email, the software or device will need to be reconfigured.

If email users have question about the transition, ITS, CATS, ISS’s and other technical staff on campus will be coordinating efforts and schedules to assist in the transition for faculty, staff, and annuitants.

A list of frequently asked questions relating to the migration project is available at http://www.eiu.edu/its/helpdesk/o365fs/


EIU Union Tech Zone offers hardware services/repairs for student-owned computers

The Union Bookstore is now providing personal computer hardware support for students at Eastern.

 The resource, new this semester, is called the Union Tech Zone and provides walk-up help desk support for many technology-related issues. The Union Tech Zone also is an authorized repair center for Apple, Dell, HP, and other brands of computers, performing warranty work for Apple products and non-warranty repairs for HP, Dell and others.

The Union Tech Zone provides service to student personal computers.  Services and repairs for EIU-owned computers used by faculty and staff still are provided by Information Technology Services. 

Union Tech Zone services include:

  • Troubleshooting hardware and software issues.
  • Operating system repair/virus removal for student-owned computers.
  • Backing up, restoring and setting up new machines for EIU students.
  • Most repairs done on-site from certified technicians.

 Rental computers are available if computers must be sent off-site for repairs.

 Services offered at no charge include:

  •  Spyware/malware cleanup and removal.
  • Assistance connecting to the EIU wireless network.
  • Answers to software questions.
  • Warranty repairs for Union Tech Zone vendor (Apple) parts purchased in the Union Bookstore will be installed at no additional cost.

 Services offered for a fee include:

  •  Memory (RAM) installation, $25 (Student must provide memory).
  • Hardware, accessory, peripheral or software installations, $35.
  • Computer operating system and software reinstallation’s (Deletion of all data, installation of OS, all drivers, Windows updates and EIU virus protection), $50.
  • Data back-ups and restorations, $25.
  • Hard drive replacements, $69 – $89.

Hours are 8 a.m. to 7 p.m. Monday through Thursday, 8 a.m. to 4:30 p.m. Fridays and 10 a.m. to 4 p.m. Saturdays.

 For information, call 581-5960 or email uniontechzone@eiu.edu.


Campus Technology Support Help Desk moves down the hall in Student Services Building

Construction activity in the Student Services Building on the campus of Eastern Illinois University has prompted relocation of walkup Help Desk facilities beginning with Fall Semester 2014.

Work related to the installation of an elevator to improve access to upper floors of the Student Services Building has necessitated moving the walkup location of Campus Technology Support’s Help Desk to Room 1040 — just a few feet down the lower level hallway of the Student Services Building — from Room 1014, in which the Help Desk had been located. Students, faculty and staff can still walk in at the new location to receive in-person assistance with their technology issues.

Campus Technology Support continues to provide assistance with your technology-related questions. You may receive assistance by Live Chat (http://www.eiu.edu/its/helpdesk/livechat/), email (itshelp@eiu.edu), by walking in to the lower level of the Student Services Building or by calling 217 581-4357. You also may follow on Twitter, @eiu_itshelp

Staff members will be able to assist you with troubleshooting and how-to questions on a variety of computer, application and connectivity issues related to accessing EIU services. Staff members also have the ability to assist you remotely using an application called LogMeIn. This is a very helpful tool and often times allows first-call resolution.

When contacting Campus Technology Support, please have the following information available:

  • Name and E-number
  • If an employee, the EIU red tag number on your computer
  • Location
  • Phone number
  • Full description of the problem and nature of the error message

 


Follow

Get every new post delivered to your Inbox.