Author Archives: Bill Kernan

Fall 2019 – News Update

Posted on by

[section=Computer Replacement]

The quantity of computers replaced in a fiscal year is based on the available computer replacement budget.

Computers are replaced in the same order they were purchased with the following exceptions:

  • If a computer is deemed inoperable by the desktop support team and is outside of the manufacturer’s maintenance period (currently 3 years), it will be moved to the front of the replacement queue.
  • Staff workstations:  If the computers for a whole department meet the replacement year criteria and the majority of the workstations are next in the replacement queue, all workstations in the department will be replaced at the same time.

Mac, PC, Desktop, and Laptops are all in the same replacement pool.

The Budget:

  • For the last 10 years there has been a $150,000 budget per year for faculty and staff replacement computers.  (recently reduced by $6,750 as a result of low enrollment)
  • When computers were purchased in 2013 there was an additional $150,000 that was used to purchase additional computers, for a total of $300,000.
    • Because of the additional dollars provided in 2013, it has taken several years to replace the 2013 computers.
    • When all the general fund 2013 computers have been replaced, 2014 computers will go into the replacement queue.

New hire computers are purchased from the replacement budget.

The Standard: 

  • There is a standard configuration for each type of computer, such as PC, Mac, Desktop, or Laptop.
  • The current standard includes the OS, the Microsoft Office Suite, and 16 gigabyte of RAM, except 8 gigabyte for the Mac laptop.
  • If additional memory, peripherals, or software is required, the faculty or staff member’s department will pickup the difference between the standard cost and the overage.

Additional Notes:

  • A computer that begins with a 2013 inventory number will have been purchased anywhere between July 2013 and June 2014.  The larger the number, the later the equipment was purchased.
  • The budget includes 1 primary workstation per user per position at the standard configuration level.
  • Tricia Flaherty will contact you when your computer reaches the top of the queue.
  • If your computer is failing, please contact the Service Request Desk at 88925 and submit a support ticket.
  • Computer Specifications can be found here: 

[endsection]

[section=Cybersecurity Training]

Information Security Training will be offered, beginning 12/2/19.  This tool, released via Portal, will deliver a new 3-5min lesson every 2 weeks to everyone at WOU.  It tracks who has taken which lessons, how long it took, etc…
Michael Ellis expects to begin working with UTAC in the near future to solicit feedback, and improve the consumability of the material we deliver to campus.
Best of all, the application is fully responsive.  UCS wants employees and students alike to access it on the device that is best for them!
If anyone has questions about these projects, Michael is happy to answer them by phone (88629) or email: ellism@wou.edu

[endsection]

[section=DUO – multi-factor authentication]

As of 11/25 2019, 555 of our 908 Employees are using DUO!  Michael Ellis continues to send bi-monthly emails to Directors and Division Chairs, offering assistance to help with those not yet in DUO.  Overall, feedback has been very positive.  This is WOU’s first big step forward toward changing the culture and making us more secure.  We continue to listen to users’ experience, and work with them to minimize any impact to teaching/learning in the classroom.
As we draw to the close of the Employee signup process, I’m hopeful we can open up DUO to students during Winter Term.

[endsection]

[section=Windows 10]

As of November 26, 2019 there are 1,300 computers running Windows 10 and just under 200 machines left to upgrade to Windows 10 by 1/14/2020!
If you still have a Windows 7 computer, Michael Ellis will be emailing your department with a reminder, and he will work with you to coordinate upgrades.  The “upgrade in place” option (vs re-image at UCS) is simple, quick and hasn’t had many problems.
If you have a computer that is required to stay on Windows 7, Michael will be working with you on how to secure your computer.

[endsection]

 

Replacement Computers

Posted on by

[section=PC Desktop]

Dell OptiPlex 7060 Small Form Factor PC desktop & Monitor

  • Windows 10 Pro License 64 bit
  • Intel Core i5-9500 9thGEN(6 Cores/9MB/6T/3.0GHz)
  • 16GB (1X16GB) DDR4 2666MHz UDIMM Non-ECC Memory
  • 8X DVD+/-RW Drive
  • AMD Radeon R5 430, 2GB, HH (DP/DP)
  • 2.5 inch 500GB 7200RPM SATA Drive with 16GB Optane Memory
  • 3 Year Basic Hardware Service with 3 Year Onsite Service After Remote Diagnosis
  • Dell KB216 Wired Multi-Media Keyboard English Black
  • Dell MS116 USB wired Mouse
  • Dell P2418HZ(1920X1080) 23.8 inch monitor (with webcam and speaker)
  • Microsoft Office Pro Plus 2019 license(WORD, EXCEL, POWERPOINT and ACCESS)

[endsection]

[section=Apple Desktop]

Apple iMac 21.5-inch, 4K Intel Core i5

  • 3.0GHz 6-core 8th-generation Intel Core i5
  • 21.5″ 4096 x 2304 IPS Retina 4K Display [ upgrading at time of purchase to 27inch Retina 5k is additional approx. $300.00 ]
  • 16GB 2666MHz DDR4 Onboard Memory
  • 1TB Fusion Drive storage
  • AMD Radeon Pro 560X with 4GB GDDR5 memory
  • NO CD/DVD Drive and no Retina display
  • Wired Apple Mouse  [wireless only upon request as set and may cost additional]
  • Apple Keyboard with Numeric Keypad (English)- (wired) [wireless only upon request as set and may cost additional]
  • macOS Mojave (10.14) with built-in iLife Apps
  • 3 yr Apple Protection Plan
  • Microsoft Office for MAC license (WORD, EXCEL, POWERPOINT)

[endsection]

[section=14″ PC Laptop]

Dell Latitude 5401 PC laptop

  • 9th Generation IntelCore i5-9400H Processor (4 Core, 8MB Cache, 2.5 GHz, 4.3GHz Turbo, 35W vPro) Windows 10/Linux only   
  • 14″ FHD (1920 x 1080) Anti-Glare Non Touch, RGB Camera & Microphone, WLAN/WWAN Capable
  • Integrated Intel UHD Graphics 630 with Thunderbolt3  for i5-9400H
  • Windows 10 Pro License 64 bit
  • 16GB, 1x16GB, DDR4 Non-ECC Memory
  • M.2 256GB PCIe NVMe Class 40 Solid State Drive
  • Intel® Dual Band Wireless AC 9560 (802.11ac) WiFi + Bluetooth 4.2
  • NO ON BOARD CD/DVD DRIVE( external USB version available at additional cost)
  • 130W E5 Type C Power Adapter
  • Primary 4 Cell 68Whr ExpressCharge Capable Battery
  • Monoprice Consul Series USB-C VGA Adapter with USB 3.0, USB-C 100W PD 3.0 
  • Dell 14in Professional Sleeve 14 Carrying Case 
  • starting at 3.37lbs; Dimensions- Width: 12.72”, Height: 0.80” front -0.90″ rear, Depth: 8.5”
  • 3 year hardware support warranty
  • Microsoft Office Pro Plus 2019 license(WORD, EXCEL, POWERPOINT and ACCESS)

[endsection]

[section=13″ PC Laptop – travel friendly]

Dell Latitude 7300 PC laptop

  • 8th Generation Intel Core i5-8365U Processor (4 Core,6MB Cache,1.6GHz,15W)
  • Windows 10 Pro 64bit English
  • M.2 256GB PCIe NVMe Class 40 Solid State Drive
  • 13.3″ FHD (1920 x 1080) AG, Non-Touch, SLP, 6.0mm Cam/Mic, WLAN/WWAN Capable, Carbon Fiber
  • Integrated Intel UHD 620 Graphics for i5-8365U Processor
  • 16GB, (1x6GB, DDR4 Non-ECC from DELL)
  • Internal English, single Pointing Backlit Keyboard

  • Intel Dual Band Wireless Driver 9560 (802.11ac)WiFi + Bluetooth 5.0
  • 65W E5 Type-C Power Adapter
  • NO ON BOARD CD/DVD DRIVE( external USB version available at additional cost)

  • 4 Cell 60Whr Battery
  • Dell Adapter – USB-C to HDMI/VGA 1 /Ethernet/USB 3.0
  • Dell Professional Sleeve 13in Carrying Case
  • 3 Year Basic Hardware Service with 3 Year NBD Limited Onsite Service After Remote Diagnosis
  • starting at 2.75lbs; Dimensions- Width: 12.06”, Height: 0.67” front – 0.73 rear, Depth: 8.14”
  • Microsoft Office Pro Plus 2019 license(WORD, EXCEL, POWERPOINT and ACCESS)

[endsection]

[section=MacBook Pro]

Apple 13″ MacBook Pro with Touch Bar: 1.4GHz quad-core 8th-gen Intel Core i5, 256GB – Space Gray 

 

  • 1.4GHz quad-core 8th‑generation Intel Core i5
  • 8GB 2133MHz LPDDR3 SDRAM  on board memory 
  • 256GB  SSD Storage
  • Intel Iris Plus Graphics 645
  • Force Touch trackpad, Touch Bar and Touch ID
  • Two Thunderbolt 3 ports(USB-C ports)
  • Backlit Keyboard (English)
  • 13.3″ LED-backlit display with IPS technology; 2560-by-1600 native resolution
  • external display – Supports One 5K or Dual 4K Displays
  • 802.11ac Wi-Fi & Bluetooth 5.0
  • 3.5mm Headphones Jack | Stereo Speakers and three microphones
  • macOS Catalina(10.15)
  • NO ONBOARD CD/DVD Drive
  • 61W USB-C Power Adapter & USB-C Charge Cable (2m)

  • cabling for connecting to DP displays – USB-C to DisplayPort Adapter #13234
  • cabling for Ethernet and USB X 3- Monoprice USB-C to 2x USB-A 3.0, Gigabit Ethernet & USB-C (F) Adapter #15250
  • cabling for connecting to HDMI or VGA in Smart Classroom/projectors or external monitor- MonoPrice USB-C to 4KHDMI, DVI, VGA adapter #21607
  • Height: 0.59 in, Width: 11.97 in, Depth: 8.36 in, Weight: 3.02Lbs 

  • AppleCare+ (3yr warranty) 

  • Microsoft Office 2019 for MAC (WORD, EXCEL, POWERPOINT)

  • Basic 14 inch laptop bag

[endsection]

[section=Options]

The cost of optional items must be covered by your department.

  • Dell Ultrasharp 27″ monitor:  ~ $510 as second monitor ~$295 as an upgrade [4K 3840 x 2160 at 60 Hz, & LED-backlit LCD monitor / TFT active matrix, with 99.9% sRGB color gamut, 99.98% Rec 709 color gamut]
  • Mac desktop: ~$300 [ upgrading at time of purchase to 27″ Retina 5k 
  • Mac laptop: ~$180 [ upgrading at time of purchase to 16GB ]

[endsection]

University Computing Services – Fall 2018

Posted on by

University Computing Solutions’ electronic newsletter highlighting technology services & initiatives

 

[section=Banner 9 / Cloud]

  • WOU teamed with Ellucian to move our Banner information system to the AWS cloud.  Banner 8 became live in the cloud February 2018.  The underlying technology of Banner 8 will not be supported past December 30, 2018.  Thus an urgent move towards fully implementing Banner 9.  For several years, the programmers have been training and preparing for Banner 9.  The programmers are up to speed on the new technology and have been programming necessary modifications to Banner 9 forms.  There was a committee process in place that included all 8 Oregon public universities, discussing which Banner 8 modifications needed to carry over to Banner 9.  WOU ended up with 63 modifications, of which 2/3 have been completed.  Ellucian began setting up a non-production Banner 9 environment for WOU at the end of February 2018.  Progress was slow at best. In April, a specialized Banner 9 installation team came on board.  In June we had a partially working non-production and production Banner 9 environment.
  • Below are links to Banner 8 and Banner 9 forms.  As you can see, they are quit different and will be a learning curve for end users.  Despite the same name (Banner), the technology is a complete makeover.  If you are a Banner user, be prepared to dedicate your time to training in the new environment.  The training schedule is found here.

[endsection]

[section=Banner, New Initiatives]

  • Financial Aid
    • UCS is working with the Financial Aid office to bring up Banner Financial Aid during the coming year. We have installed the modules on a test system and are working on configuring it to meet WOU’s needs. A few weeks ago we met with the Oregon State University office of Financial Aid (they also run the Banner module), and they had some good suggestions for configuration. They are also interested in providing consulting to help us implement it.
  • Web Time Entry
    • This Banner module should be a big time saver, both for our Payroll office and the many employees at Western. We have downloaded and built the Banner 9 Time Entry application from the Ellucian source code. Next, we will apply several upgrades to the test database to bring it up to the required versions to run Web Time Entry. These upgrades will be done and it will be ready to begin configuration and testing by Sept 17, 2018.
  • Ellucian Mobile
    • The WOU Mobile App, powered by Ellucian Mobile, will provide faculty, prospects, students, staff, and other constituents with access to key campus information and services from their mobile devices. Once launched, the app will be available in the Google Play Store, iTunes, and also on the Amazon Appstore. Initial development will be for Android. Once we have the development environment set up and tested on Android, we will attempt to build both Android and iOS versions simultaneously if possible.

[endsection]

[section=Child Care Center Project]

  • The Child Development Center is being relocated from Todd Hall to the University Park and Conference Center buildings. This requires some remodeling of Units A, B, and C, and will join all three buildings together. The ROTC was moved from unit A to APSC 201, the Forensics Lab and smart classroom was moved from Unit B to HSS 329, and the computer lab smart classroom in Unit C is being moved to OMA 101. We will be upgrading all of the network infrastructure cabling and equipment in the new CDC. Completion of the project is scheduled for the end of the summer 2018.

[endsection]

[section=Cyber Security]

  • Special Agent Samantha Baltzersen from the FBI will present a cyber security session on September 19 at 2:00pm in RWEC 105.  This will be an excellent informative and eye-opening presentation.
  • A security overview can be found here.

[endsection]

[section=Data Center]

  • This summer, 11 aging blade servers were refreshed with 3 new high performance blades.  The SpecMark rating for the new servers is 12 – 22 times greater than the old servers.  In addition, we have added 240TB of disk storage to meet our growing need for digital storage.
  • When you save data to H:, I:, or J: drives, it is backed up to remote disk storage every 24 hours.  In addition, every two hours a snapshot is taken of all changes that have been made.  The snapshots are directly available to you for about two weeks.  If you need to recover one of your old files, watch this instructional video.

[endsection]

[section=Document Management]

  • Do you need help with the office “paper shuffle”?  Go here for help.

[endsection]

[section=Email Bulk Senders]

[endsection]

[section=Emergency Alert]

  • Everbridge is our emergency notification system.  In the upper right hand of the Portal you will find an icon labeled WOU Alert.  Clicking on that icon will take you to a site that allows you to edit your emergency contact paths.
  • Besides sending notifications directly to you, everbridge can send messages to any WOU computer, the emClocks, and the Carillon bells.  In the future, it will also send messages to the smart classrooms and digital signage.

[endsection]

[section=Moodle Upgrade]

  • For this Fall we are upgrading the Moodle LMS server from 3.2.4 to the latest stable release of 3.5. Moodle.org has a video that explains some of their new features of 3.5, on Youtube –  https://www.youtube.com/playlist?list=PLxcO_MFWQBDcnwHQwhHZtObHNMHoONx-C   The Moodle software runs on top of the latest Redhat 7 operating system,  Apache 2.4 web server and MariaDB 10.X SQL database. There are 9 web servers –  6 student web servers and 3 Faculty course development web servers that are handed out through our load balancer, giving the end user the best performance. This allows the Faculty their own servers to develop their course material and not take away from the performance of the student pages. This is only the systems side of the upgrade. There are 14 new and 21 upgraded plug-ins added to Moodle software. Some of the major titles are Turnitin, Web Ex, Poodll, and TurningTech.

[endsection]

[section=Natural Science Project]

  • After nearly two years of planning for the Natural Science remodel project, construction work began on June 25, 2018, and it is well underway. Phase 1 of the project will be focused on the basement, 2nd floor, and green house. The remainder of the 1st floor work will happen summer 2019. The project will include HVAC upgrades, electrical and lighting upgrades, network infrastructure replacement, bathroom upgrades, and some of the lab classrooms will also be completely re-designed. All of the network cabling will be upgraded to Cat6a, and new telecommunications closets are being built to support all new network hardware. Cat6a wire will allow faster data speeds to be transmitted over the wiring.  Wireless access points are being replaced with higher capacity models, and the density of the access points has been increased to support many more clients. Work will continue on the second floor throughout the fall term.

[endsection]

[section=Remodel of Wolf Express]

  • The area which previously housed the Wolf Express in the Werner University Center, is being remodeled for new office space, and a new conference room. The conference room will have a touch panel controlled audio / video system, as well as video conferencing capabilities. New network jacks, and wireless access points are being installed to support the functions of this area. Completion is scheduled for September 7, 2018.

[endsection]

[section=Resident Hall Security Initiative / Video Streaming Service]

  • To improve network security, UCS has added a login to our wireless and residence hall networks.  When you connect to these WOU networks, beginning 9/4, you will be prompted for your network login.  Once you connect, you’ll gain network access for 90 days — at which point you’ll be asked to login again.
  • SWANK will be available this fall term for Resident Hall students.
    • Resident Hall students will have a new service available to them this fall, allowing them to stream free movies from any of their devices, while on campus.  They will be able to choose from a vast collection of television shows and movies, including new releases and classic favorites.

[endsection]

[section=Service Request Desk]

  • Summer is always a busy time for Desktop Support but this year we had the NS remodel so we were extra busy. We started our summer out by moving out most all of our equipment out of NS and into the Old Ed building. This included getting a lab setup, getting faculty setup and updating all our inventory so we know where equipment moved too. We also had to get the first floor of NS and part of the basement setup ready for fall term courses. As a team, we started on the Sophos push out which was our first real test using SCCM and we had lots of success but a handful of one off’s that didn’t have an SCCM client or errored out during installation. We are still going through and finding stations to fix but for the most part, its done! SCCM has been something that has taken up a lot of time but we are able to image both Windows 7 and 10. We can push out certain software from our office to a CPU across campus. We have installed 27 new student tech funded printers across campus this summer. Working on moving to a new print server. We have upgraded two labs in DeVolder and reimaged all the other labs on campus both Mac and PC labs. Desktop Support took the lab from UPCC C130 and got it set up in OMA 101 for fall term courses. Our team also added a few new students  All this was accomplished while staying on top of our daily service request tickets and tasks.

[endsection]

[section=Smart Classroom Upgrades]

  • Classroom Services has been very busy upgrading Smart Classrooms this summer. We have upgraded 18 different rooms across campus this past year with new equipment and technology. The upgrades include: new laser projectors, which are more energy efficient and do not require lamp replacements, digital video monitors, video processors, digital input capabilities, and new sound systems. Many of the smart classroom upgrades have included new teaching consoles, which are ADA compliant and are height adjustable. The touch panel control systems are also being updated to our new user interface, which simplifies how the systems are controlled.  In addition 10 smart classrooms will be upgraded by the time the Natural Science remodel is completed.

[endsection]

[section=Sophos / Intercept X]

  • Sophos, our enterprise antivirus system, has undergone a refresh! You may see the new, blue Sophos icon hanging out in your System Tray (Windows). If you double click on this icon, it will open the Sophos Console. From here, if you’d like, you can run a scan on your computer. Scans are scheduled to occur both in real-time (this means a light scan over the duration of your work day) and a deeper, more thorough scan on certain days of the week. There are multiple great new features to this version of Sophos. One of the highlights is ransomware protection. When Sophos detects something encrypting (locking) files on your computer, it will stop and quarantine this process, then roll back your computer to a state prior to the encrypting process. It will then notify UCS of the ransomware it detected. Another feature you may see is Web Threat Protection. In essence, if you’re visiting a webpage or downloading something from the internet that belongs to a category Sophos thinks is risky, Sophos will warn you and ask if you wish to proceed. If you’d like Sophos antivirus on your home computer, Sophos offers a free home edition. Simply download and install, and you’re set!  The installation instructions for the Mac home version is found here and the PC home version is found here.  The download page is found here.  Please see the CyberSecurity section for additional information.

[endsection]

[section=Telecommunications]

  • Campus Directory Voice Recognition at 8-9555
    • Western has featured a friendly Campus Operator for many years. The public and campus community reached this service by dialing Western’s main line or toll-free line. In Spring 2018, we activated an automated menu with the most common destinations offered before callers connected to the Operator. And now, we have implemented a voice recognition system that can answer and transfer simultaneous queries via speech recognition. Callers are immediately transferred after speaking the name of a department or person. If the system can’t match the caller’s request following a couple retries, it will then transfer the caller to a friendly Campus Operator. The new voice recognition directory may be directly called at extension 8-9555. Hint: you can speak your request as soon as the ‘chime’ sound plays- you don’t need to listen to the entire prompt.
  • edu-roam is available now.  More information can be found here.

[endsection]

[section=Video Production Services]

  • WouTV is Western Oregon University’s digital production service for campus events, athletics and marketing.  WouTV is a full service HD production studio featuring state-of-the-art broadcast  equipment.  We record lectures for online viewing, produce university promotional videos and provide multi-camera, live streaming for campus events and athletics.  WouTV is run by one full-time UCS employee and facilitated by student workers.  Students have the opportunity to be a videographer, editor, graphic designer, technical director and director.
  • WouTV is currently producing promotional videos for Admissions, Marcom and The Drive for 325. To view the WouTV archive of digital media go to:  wou.edu/woutv   Through August 30, go to: wou.edu/livestream and watch the weekday improvements to WOU Softbll Field.  On 10/17, watch the live stream of the WOU Board of Trustees.
  • WouTV videos and live events can also be seen on Minet cable channel 717.

[endsection]

[section=Warehouse]

  • Cognos

    • Cognos is a web-based reporting tool from IBM.  It allows you to create and run reports based on data from our Data Warehouse, which is populated from Banner on a nightly basis.  There is an existing library of reports available for you to utilize.  Additional reports can be developed for departments or individuals and placed in the library.  Users can also learn how to create their own reports, for either quick ad-hoc data analysis or for ingoing use.

      In order to use Cognos, you need to be granted access, just as you would for Banner.  Information on how to request access, as well as training options, can be found on the following webpage: https://dev.wou.edu/datawarehouse/

  • A look underneath
    • A Data Warehouse is a system that collects and organizes business data for reporting purposes. WOU has been developing its own Data Warehouse based on the data from our main ERP system, Banner. By developing the Data Warehouse in house, we have been able to customize it to match our business practices.Every night, our Data Warehouse records new data and tracks changes to existing data from Banner. This allows us to capture historical information that Banner doesn’t track natively. Once the data is loaded, it can be accessed via Cognos.To learn more about the Data Warehouse, including how to get access to cognos, go here.

[endsection]

eduroam – Global WiFi roaming for Academia

Posted on by

What is eduroam (“educational roaming”) and where can I use it?

  • It is a secure, encrypted, Wi-Fi network that utilizes 802.1X technology to provide unified access across campus. It also allows users from WOU to securely access the Internet from any eduroam-enabled institution throughout the world.
  • In addition, eduroam provides visitors from participating institutions access to WOU’s wireless network and the Internet, without needing guest credentials or additional configuration by the user.
  • Eduroam is available at more than 12,000 locations worldwide, including more than 450 colleges, universities, and research facilities in the United States.
  • Additional information about eduroam can be found here.
  • A list of participating subscribers can be found here

How do I connect to eduroam at WOU?

  • Go to your wireless configuration page.
  • Select eduroam from the list of available SSIDs.
  • Enter your WOU e-mail address in the userid field.  example@wou.edu
  • Enter your Pawprint password in the password field.
  • If you are from a visiting university, use your universities login credentials.
    • If you previously configured your device at your home university, no further configuration will be required to connect to eduroam at WOU.

Connection tool:

  • The eduroam connection tool can be downloaded here.

Password Compromise Report

Posted on by

Many of you will find a new channel in your Portal labeled “Password Security”.

This channel will include a list of sites where your password has been compromised.

You may have placed your WOU credentials at risk under the following conditions:

For example:

  • your WOU account is johnDoe, with an e-mail of johnDoe@wou.edu and a password of theSaltShaker
  • your Amazon account is johnDoe and your password is theSaltShaker

The Portal report displays all sites where you have compromised accounts, resulting in your userid and password being published on the Dark Web.  Even though your password wasn’t initially compromised at WOU, you run the risk of someone picking up the userid/password pair and trying it at WOU.

It is suggested that you have a separate userid/password pair for each authenticated service you utilize.

What should I do to increase my level of security?

  • You will notice that in a recent blog tilted “Digital Identity Guidelines“, you now have the ability to enter up to 64 character passwords at WOU.   I would take advantage of the longer password ability.
  • For each site you login to, I would have a separate userid/password pair.
  • Never share your credentials.

Digital Identity Guidelines

Posted on by

The National Institute of Standards and Technology (NIST) provided updated guidelines for memorized secrets (passwords) in June, 2017. (special publication 800-63B)

The new guidelines include the following language:

“Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).

However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.”

“Verifiers SHALL require subscriber-chosen memorized secrets to be at least 8 characters in length.  Verifiers SHOULD permit subscriber-chosen memorized secrets at least 64 characters in length.”

“When processing requests to establish and change memorized secrets, verifiers SHALL compare the prospective secrets against a list that contains values known to be commonly-used, expected, or compromised.  For example, the list MAY include, but is not limited to:  Passwords obtained from previous breach corpuses, dictionary words, repetitive or sequential characters (e.g. ‘aaaaa’, ‘1234abcd’), or context-specific words, such as the name of the service, the username, and derivatives thereof.”

The account lookup code will be changed to bring WOU credentials in alignment with the new NIST standards.

Forcing users to change their password frequently could actually make systems less secure.  In most cases, passwords are exploited immediately.  It is typical for a user to use a weaker password if they are required to change it often.

A long password is stronger.  A 6-character password can be cracked in 11 hours, while a 9-character password takes 10 years, based on using the ASCII character set.  The new account lookup system will contain the ability to use UNICODE characters also, making a password virtually impossible to break in a lifetime.

Account lookup will be modified during January / February, bringing it in compliance with the current NIST guidelines.

February 5, Banner will be production in the cloud.  Banner authentication will be via SSO, which aligns Banner access with the memorized secrets set with account lookup.

Banner in the Ellucian Cloud

Posted on by

Banner is currently hosted at University Shared Services Enterprise (USSE) on the Oregon State University campus.

Eastern Oregon University, Oregon Tech, Southern Oregon University, and Western Oregon University have all made the decision to move to the Ellucian Cloud (EC).  Ellucian is the company that owns Banner.

EC is hosted on Amazon Web Services (AWS).  WOU’s instance of Banner will be hosted on an Oregon AWS site.

Why move Banner to another hosting site?

  • Oracle and Ellucian are no longer supporting Banner 8, effective December 30, 2018.  EC resources are sufficient to successfully implement the Banner 9 infrastructure that is required to meet the deadline.  (more on Banner 9 in a future post)
  • EC provides us with a Disaster Recovery plan that includes failover to one of two other Oregon AWS sites.  If all three Oregon AWS sites are inoperable, then WOU Banner will be failed over to one of the Virginia AWS sites.

When will WOU go production on EC?

  • Access to Banner at USSE will be terminated at 5:00pm on Friday, February 2, 2018 and WOU will be live on Banner at EC at 7:00am on Monday, February 5, 2018.

How will I access Banner on EC?

  • Both WolfWeb and Banner INB will continue to be accessed though the Portal.  UCS will change the links to each system during the go-live weekend.
  • WolfWeb can be accessed from any browser, while Banner INB requires Internet Explorer (IE) or Firefox ESR (extended support release)
  • In an effort to strengthen security, off campus access to Banner INB will be available only through VDI.  (https://wouvdi.wou.edu)  There will be no changes to off-campus access to WolfWeb.
  • If you have shortcuts saved to your browser, those will no longer work, post migration weekend.

How is the migration going?

  • The migration effort includes modifying many integrations and job submission server parameters.  A team of technical and functional staff have been working with Ellucian on the cloud migration project since the third week of August.  All this effort is coming together and we expect a successful transition.

Schedule for functional testers:

  • Another test export of both Degree Works and the Banner database will occur on December 19, 2017.  Ellucian will have the refresh ready for us the following morning, December 20, 2017.
  • The final test export will be performed January 12, 2018.  Ellucian will have refresh completed the following morning, January 13, 2018.
  • A code freeze will occur on January 12, 2018 and will be in effect until go-live weekend.

Schedule for go-live weekend:

  • Friday, February 2, 2018 at 5:00pm, Banner will become unavailable.
  • Friday, February 2, 2018 at 5:30pm, Degree Works exported and sent to Ellucian Cloud for import
  • Friday, February 2, 2018 at 7:30pm, Banner exported and sent to Ellucian Cloud for import
  • Saturday, February 3, 2018 at 9:00am, UCS technical team work through checklist and perform initial testing.
  • Saturday, February 3, 2018 at 1:00pm, Functional team begins their testing and UCS technical resolve any outstanding issues.
  • Sunday, February 4, 2018 at 9:00am, Functional and technical teams complete outstanding issues.
  • Monday, February 5, 2018 at 7:00am, Banner production is available in the Ellucian Cloud

Where do I find additional information for Banner Cloud?

Two-Factor authentication

Posted on by

Account security can be enhanced with 2-factor authentication.

 

Why would I want to use 2-factor authentication?

If you use the same password for many of your accounts, your credentials are probably published on the dark web.   Several years ago, I was approached by a questionable vendor that provided me with many of your passwords.   I alerted campus when this occurred. My password was included on the list.

Lessons learned:

Use a different password for each of your accounts.

Change your password frequently.  (https://dev.wou.edu/accountlookup)

Use a long password.

Utilize 2-factor authentication when it is available.

2-factor authentication provides an extra layer of security.  After you successfully enter your userid and password, the system will ask you for some type of token.  Google Authenticator is a great place to get your token.  You can run Google Authenticator on your iPhone or Android device, providing you the token.  New tokens are produced every 30 seconds.

Google Authenticator can be found here:

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en

https://itunes.apple.com/us/app/google-authenticator/id388497605?mt=8

Amazon, Amazon AWS and Google all provide support for 2-factor authentication.  That means you can turn on 2-factor authentication for all your Google Apps.

Google help can be found here:

https://support.google.com/accounts/answer/185839?hl=en

Amazon help can be found here:

https://www.amazon.com/gp/help/customer/display.html?nodeId=201962420

 

 

Phishing and other e-mail traps

Posted on by

Always view e-mail suspiciously!

 

E-mail security infrastructure  (On-campus and off-campus)

  • Every day, the WOU anti-virus, anti-spam filter stops 200,000+ e-mails from being delivered  (true for both on-campus and off-campus viewing of e-mail)
  • When the WOU intrusion protection system detects “Ransom-ware”, it sends a note to the border firewall and tells it to no longer allow the “Ransom-ware” intruder onto the campus network, thus protecting your computer.
    • The one case of “Ransom-ware” that was not stopped by the IPS this year, encrypted the users local computer and 70,000 files on his departmental drive.
    • We had snapshots of all the files on the departmental drive and were able to recover the encrypted files.
  • When reading your e-mail outside of WOU, if you were to click on a bad link that connects you to “Ransom-ware”, you are no longer under the protection of the IPS.
    • A member of the local Monmouth community was asked to pay $1,000 to un-encrypt his files after being hit by “Ransom-ware”.
  • Another common scheme is to ask you do perform some task, posing as someone you know and trust.

Recommendations:

  • Don’t click on URLs before you know where they will lead.
    • Shortened URLs can be dangerous  http://goo.gl/fPKDds
      • unshorten.it can be used to expand a shortened URL, also providing the site’s trustworthiness
      • Best practice is to:
        • Hover over the link and verify the link is legitimate OR
        • Type the link in manually
        • Never click on the link, the URL that is displayed, may not be the underlying URL
    • Watch for slight differences in URLs  (ex:  www_wou.edu instead of wou.edu
  • UCS will not ask you for your password or SSN in an e-mail
  • When in doubt about the source of an e-mail, full headers will provide you further data in regards to the legitimacy of the e-mail  (partial headers)
    • To display full headers:
      • Google mail: open message, select the icon that provides you with the option to reply-all.  Select “Show original”
      • Thunderbird:  open message, select view, select headers, select all
      • Outlook:  open message, select tags. The Message Options dialog box is displayed. The internet headers are shown in the Internet headers field at the bottom of the dialog box.

Additional references: