|
Archive for the ‘Security’ Category
Graduate Student Technology News
Sunday, November 15th, 2020
Summer Session: Updates on Zoom Security and Privacy
Monday, April 27th, 2020Memo distributed to Rice community on 4-27-20
Colleagues,
The Information Security Office (ISO) and the Office of Information Technology (OIT) have been closely watching security issues regarding Zoom, the online education and meeting tool. In an effort to address these concerns with Zoom, new default settings will be enabled before the start of summer sessions.
The following new default settings will go into effect on May 1, 2020 to prevent any disruptions on scheduled spring meetings:
- Meeting passwords will be required
- Meeting passwords will be embedded in meeting link
- Private chats will be disabled
- Participants will not be able to annotate
The new default settings should help improve security on Zoom sessions and prevent disruptions such as Zoombombing. To provide flexibility, these settings won’t be locked down but we encourage meeting hosts not to change them (learn more: https://kb.rice.edu/101344). Keeping your Zoom software updated (https://zoom.us/download) is another key component to securing your Zoom sessions (see also: https://kb.rice.edu/100275).
If you have any issues or concerns, or need assistance in safely setting up Zoom meetings, please contact the OIT Help Desk at 713-348-HELP or helpdesk@rice.edu.
Thank you.
Marc Scarborough
Chief Information Security Officer
Reminder: Importance of Protecting Private Information
Monday, October 7th, 2019This message was distributed to the Rice community on September 17, 2019.
Colleagues,
Recent headlines continue to show increased attacks designed to gain access to our accounts and internal resources, including the private information of members of our community.
As a reminder, University Policy 808, the Protection of University Data and Information, requires that all members of the community take appropriate precautions to protect the privacy of information entrusted to our care.
University Policy 808, Protection of University Data and Information
https://policy.rice.edu/808
We can reduce Rice’s risk of exposure by following a few simple guidelines:
- Only collect information needed to support the University. Keep the information only as long as necessary and then purge the information safely.
- Only grant access to private information to those with a need to know. Remove access when no longer needed.
- Develop and publish information handling procedures for your department. Train staff on these procedures. Review and update these procedures regularly. Provide refresher training annually.
- Use technology-based solutions to help protect information:
- Password protect devices storing private information.
- Use encryption on all devices, especially laptops, tablets, and phones.
- Only use Rice-approved cloud services like Rice’s Box.com and Google Drive to share files instead of sending them via email.
- For help with these solutions, contact the OIT Helpdesk by calling 713-348-4357 (HELP) or by emailing helpdesk@rice.edu.
More information about how to safely use information technology resources can be found here:
Guidelines for the Use of Information Technology
https://vpit.rice.edu/
Other general information on this topic is available on the Information Security Office Home page
https://vpit.rice.edu/
Protecting the privacy and security of institutional data is your responsibility, and a responsibility we all share as members of this community.
If you think that data has been or may have been compromised (e.g. a hacking attack, or an unencrypted lost laptop), you must notify the Information Security Office immediately by calling 713-348-6754 or by emailing itso-l@rice.edu.
Thank you for your help.
Marc Scarborough
Chief Information Security Officer
Ransomware Affecting Multiple Local Government Agencies in Texas
Wednesday, August 21st, 2019This message was distributed to the Rice community on August 20, 2019.
Colleagues,
Recent news articles have reported a coordinated, crippling ransomware attack against over 20 Texas local government entities. The goal of this attack is likely to hold information hostage and interrupt normal operations unless the attackers are paid. While the sources of the attack and the methods used by the attacker are under investigation, these situations can often be traced back to someone responding to a malicious email.
While Rice has not been affected, this is a stark reminder of the importance of carefully evaluating emails, especially those that ask for private information, have unexpected attachments or provide links to unfamiliar places. Here are some basic guidelines to follow:
- Do not download or open unexpected email attachments. Call the original sender of the email to ensure they actually sent it and ask what it should contain. If you are unsure, contact the Office of Information Technology (OIT) Help Desk.
- Do not click on links in unsolicited or unexpected emails. If you are on a computer, you can use your mouse to hover over the link to see where it actually intends to send you. If you are on a phone, long press (or hold) the link and the phone will show you the link before actually visiting the site.
- Never provide private information, even about yourself or your password via email. If you need to share private information as part of your role at Rice, only use Rice’s Box.com or our Google Drive. The OIT Help Desk can help you with this.
If you open an attachment or visit a link from a suspicious email please contact the OIT Help Desk at 713-348-HELP or helpdesk@rice.edu immediately!
While our antispam Proofpoint system catches many of these email attacks, some may still make it through. We need your continued help to catch these attacks. If you receive an email that you have questions about, please ask the OIT Help Desk at 713-348-HELP or helpdesk@rice.edu.
Thank you for your continued vigilance in protecting yourself and the Rice community.
Marc Scarborough
Chief Information Security Officer
Migration to Windows 10 Operating System
Wednesday, May 8th, 2019This is a reposting of an email sent to Rice community on 5-6-19.
Dear Colleagues,
Just a reminder, Microsoft announced the end of support and security updates for computers running Windows 7 operating system after January 14, 2020. This presents a potential burden of risk to Rice’s computing environment.
As a result, all Rice faculty or staff members with Rice-owned computer(s) running Windows 7 will need to be upgraded to Windows 10. We need your assistance to complete the upgrade of your system(s) to Windows 10 by December 2019.
The Office of Information Technology provides Rice University users the ability to upgrade their Rice-owned Windows 7 computer(s) to Windows 10. In order to take advantage of this self-service upgrade:
- Your computer must be a member of Rice’s Active Directory (ADRICE).
- If your PC is not on ADRICE, OIT can schedule a time to facilitate this process and kick-start your Windows 10 upgrade.
For more on Windows 10 Migration, refer to the following Rice KB articles:
- Windows 7 to 10 General Information Sheet: https://kb.rice.edu/page.php?id=90265
- Windows 10 Self-service Upgrade Instructions: https://kb.rice.edu/page.php?id=90088
- Windows 7 to Windows 10 FAQ: https://kb.rice.edu/page.php?id=90025
To ensure the security and integrity of computer systems running at Rice, any computing device running unsupported operating systems or configured in an insecure manner are subject to restrictions when connecting to the Rice network.
If you have plans to be away for an extended period of time this summer, consider upgrading your computer system to Windows 10 before your departure.
If you need assistance, please contact the Help Desk at 713-348-4357 or submit a request by emailing: helpdesk@rice.edu.
Regards,
Diane Yee
Assistant Director, IT Customer Service
Office of Information Technology
Rice University
Self-Service Password Reset for Banner/Edgar Now Available
Thursday, April 11th, 2019This is a reposting of an email sent to Rice community on 4-5-19.
Greetings,
A new self-service password reset application is now available to all Banner/Edgar users. If you have a valid Rice NetID and have enrolled in Duo Security (Two-Factor Authentication), you will be able to use the new self-service application 24/7 to reset your Banner/Edgar password and unlock your Banner/Edgar account.
If you haven’t enrolled in Duo Security, please follow the Duo Enrollment Guide at https://kb.rice.edu/page.php?id=70779 to enroll in Duo at https://mynetid.rice.edu/ so that you can use it for two-factor authentication.
Please make sure you are on Rice campus network. If you are on Rice Visitor wireless or off campus, you will have to first log into Rice VPN (Virtual Private Network) in order to use the self-service password reset.
To access the self-service password reset application, please click the following link:
https://edgar.rice.edu/forgot.html
You will be prompted for login using your NetID and password. You will then be prompted with Duo Security. After you are authenticated, please follow the instructions on the screen to complete verification and password reset process.
If you experience any issues, please send an email to help@rice.edu or call 713-348-HELP(4357) for assistance.
Sincerely,
Administrative and Enterprise Systems and Services
Office of Information Technology
Rice University
Important Changes to the My NetID Portal
Wednesday, April 10th, 2019This is a reposting of an email sent to Rice community on 4-10-19.
Dear colleagues,
As you may know, attackers were able to steal the usernames and passwords of employees with access to admissions portals at several higher education institutions. The attackers took advantage of flaws in those institutions’ password recovery process. Once they had access, the attackers were able to download private admissions data.
While our password recovery process does not have the same flaws and is not susceptible to the same type of attack, this incident illustrates that attackers are targeting our account passwords and the tools that manage them.
What we are doing to protect Rice
Two weeks ago, we enhanced our account portal, My NetID, to send email notifications when certain key changes are made. This includes updates to your password, contact information, and email addresses. The notifications will be sent to your Rice email address along with the external contact email address listed in the My NetID portal. If you receive an email notification and you did not make any changes, you should contact the OIT Help Desk at 713-348-HELP or helpdesk@rice.edu.
Additionally, on April 22nd, we will begin requiring Duo, our multi-factor authentication (MFA) system, to access the My NetID portal. Anyone that has not already set up Duo will be required to do so upon login to https://mynetid.rice.edu. This change will make it more difficult for attackers to use stolen usernames and passwords to access the account portal and make changes to our accounts.
This enhanced protection will soon be available on other services on campus, starting with those that store or process sensitive, confidential, or other private information, including Slate, our admissions portal, and general access to employee payroll and direct deposit information.
More Information
If you would like to enable this protection now, simply log into https://mynetid.rice.edu and click on “Two-Factor Authentication” in the left hand menu and then click on “Enable Two-Factor Authentication” to start the Duo setup process.
You can also set up or change your external contact address, the one that will receive account change notifications, while logged into the portal. You can do this by clicking on the menu option titled “Contact Information” in the left hand menu of the page.
A full walk through of this process can be found here:
https://kb.rice.edu/duoguide
For information about managing your Duo devices visit:
https://kb.rice.edu/manageduo
For information about traveling with Duo visit:
https://kb.rice.edu/duotravel
For information about Multi-Factor Authentication visit:
https://kb.rice.edu/whatismfa
Thank you for helping us protect our resources and the privacy of our data. If you have any questions, please contact the OIT Help Desk at 713-348-HELP or helpdesk@rice.edu.
Thank you,
Marc Scarborough
Chief Information Security Officer
Migration to Windows 10
Monday, March 4th, 2019This is a reposting of an email sent to Rice community on 3-1-19.
Dear colleagues,
Since December 2017, OIT has been deploying all new PC computers with the Windows 10 operating system. In August of 2018, OIT migrated all classroom and podium machines to Windows 10 and Office 2016 in order to ensure compatibility with new hardware and software, and take advantage of new features and security improvements.
As you may be aware, Microsoft announced it will no longer support or provide security updates to Windows 7 after January 14, 2020. This presents a potential burden of risk to Rice’s computing environment.
As a result, any Rice faculty or staff members’ systems running Windows 7, will need to be upgraded to Windows 10. We are asking for your assistance to complete an upgrade of your PC system(s) to Windows 10 by December 2019.
Rice OIT has prepared an automated way for you to upgrade your machine(s) to Windows 10 at your convenience. In order to take advantage of the self-service upgrade, your machine must be a member of the Rice’s Active Directory (ADRICE). If your PC is not on ADRICE or you are not sure, OIT can schedule a time with you to facilitate this process and help kick start your Windows 10 upgrade. Once you are running Windows 10, OIT will also have a self-service upgrade available for use of Office 2016.
OIT representatives will be following up and visiting each department over the next couple of months to ensure your migrations are going as smoothly as possible.
If you are ready to upgrade your machine to Windows 10, please contact the Help Desk at 713-348-4357 or submit a request by emailing helpdesk@rice.edu and we will get you started. For more specifics on the migration process and its requirements as well as additional information on features of Windows 10, please refer to the following Rice KB articles.
- Windows 10 Self-service Upgrade Instructions: https://kb.rice.edu/page.php?id=90088
- Windows 7 to Windows 10 FAQ: https://kb.rice.edu/page.php?id=90025
In order to ensure the security and integrity of computer systems running at Rice, any computing device running unsupported operating systems or configured in an insecure manner are subject to restrictions when connecting to the Rice network.
Sincerely,
Mike
Mike Dewey
Director – Campus Services
Office of Information Technology
Traveling with Technology
Monday, September 24th, 2018
by JoAnna Parker Martin
You may not be aware that traveling internationally greatly increases the risk of your information and device data being compromised, whether through theft or intrusion. These risks need to be evaluated, mitigated, and wherever possible avoided. The best way to do this is to plan ahead! In order to protect you, our community, and Rice resources from the risks associated with traveling internationally, the Information Security Office (ISO) recommends that the following specific precautions be taken.
Before the Trip
- Research the international requirements for each country you plan to visit. The State Department has travel safety information for every country on their website. Some countries have restrictions on encrypted devices. Familiarize yourself with your destination’s laws about technology and check especially for encryption import restrictions. Violating these restrictions can result in your devices being confiscated!
- Plan to take only what you absolutely need. Leave all unnecessary devices or equipment in the US.
- If you must take your data/device with you, follow these guidelines.
- Make sure the operating systems and all applications are patched with the latest available versions.
- Make sure devices have OS appropriate anti-malware packages installed.
- Uninstall unused applications and turn off any unneeded background services since those can be used as possible “back doors” to get into your system.
- Remove sensitive or confidential information from your devices before traveling. You can safely store data on university servers for later access.
- Check if your device or devices, including externals such as thumb drives are encrypted.
- Make sure that the password you use to get into your computer is different from the one you use with your Net ID and different from any other services you use. This will protect you in the event you are required to give up your encryption password at a border check.
- If your destination country allows the use of VPN, use it when you connect to Rice resources. This will create a secure tunnel protecting your information. As of August 1st, 2018 AnyConnect VPN is the software to use for this purpose.
- Change your NetID password before traveling and change it again upon return by visiting https://mynetid.rice.edu/.
All of these things can be done with the assistance of your divisional representative or by contacting the OIT Help Desk. Many of these steps require preparation and planning. The sooner you contact us before your trip, the better!
While Traveling
- Disable all wireless communication technology when not in use. This means Wi-Fi, Bluetooth, NFC, RFID, etc. The simplest and fastest way to accomplish this is by putting your device in airplane mode.
- Power off systems when not in use.
- Turn off “join wireless networks automatically” on all mobile devices. Avoid internet cafes and any wireless hot spots that ask to install any programs or certificates in order to use it.
- Use web-based resources while traveling when available (webmail, rice.app.box, etc.) using AnyConnect VPN.
- Make notes of anything that appears odd or unusual while using your devices.
- Whether using someone else’s or your own computer, never accept patches or updates while in foreign countries.
Upon Return
- If you traveled with your own mobile device or laptop, check for and install any OS or program updates before connecting back onto Rice campus systems.
- If you experienced any anomalies or suspicious activity, report it to the Information Security Office or the OIT Help Desk so that we can help you investigate. Please provide an itinerary or log of when during your trip these occurred. This can aid with investigation.
- Change any passwords used while abroad using a secure and trusted machine. Remember, sometimes a complex and unique password is the only thing preventing someone access to your information.
Ultimately you are responsible for keeping your risk low and the information and devices you use protected, as laid out by Rice University Policy No. 832. You can set your mind at ease about your devices and your data, both personal and university owned, by following these steps.
If you have any questions regarding these recommendations, please contact your department OIT representative, the ISO, or call the OIT Help Desk (713-348-HELP).
Tips for Good Password Security Practice
Thursday, July 12th, 2018
The passwords that secure our accounts guard some of our most important personal information. As part of good password security practice:
DON’T….
1. Use birthdays, names, or dictionary words
2. Reuse passwords across multiple accounts
3. Make passwords too short (6 characters is not enough)
4. Tell anyone else your passwords
5. Store passwords in plaintext
6. Use keyboard patterns, like “qwertyasdf”
DO….
1. Create a unique, complex password for every account
2. Make passwords 12-16 characters in length
3. Use truly RANDOM sequences of characters!!!
4. Use a password manager, such as 1Password
5. Keep your passwords secret, even from trusted friends and family
But rules were made to be broken, you say!
So were passwords.