Rice University logo
 
Top blue bar image OIT News
Office of Information Technology
 

Archive for the ‘Security’ Category

Faculty, staff, and students email notice: Two-Factor Authentication

Tuesday, March 20th, 2018

This article is a reposting of an email message.

To: Rice Faculty, Staff, and Students

From: Mike Dewey, Director of OIT Campus Services

Sent: March 19, 2018

Subject: Participation in Two-Factor Authentication (2FA)

Dear Rice Faculty, Staff, and Students –

The Office of Information Technology (OIT) is pleased to announce plans for general availability of our two-factor authentication (2FA) system, Duo, to active Rice faculty, staff and students. 2FA adds a second layer of protection to Rice accounts on top of your password, by verifying your identity using a smart phone or mobile device. To learn more about two-factor authentication, please visit https://oit.rice.edu/projects-and-initiatives/two-factor-authentication. This website contains important information about why we are implementing two-factor authentication (2FA) at Rice, what systems are protected, and how to get help if needed.

Accounts belonging to active faculty, staff and students will be enabled for 2FA on Monday, 3/26/2018. Once enabled, you will be able to use the Duo Enrollment Guide to complete your enrollment. Initially, two-factor authentication is enabled to protect MyNetID access. In the near future, this protection will be added to other applications that may grant access to sensitive information, such as VPN and Banner9.

If you have issues completing your 2FA enrollment after Monday 3/26/2018, or connecting to any system using Duo, contact the OIT Help Desk at 713-348-HELP (4357), or email helpdesk@rice.edu with “Duo” in the subject line.

Sincerely,
Mike

Mike Dewey
Director – Campus Services
Rice University – Office of Information Technology (OIT)

OIT Automatic Account Lockout Policy Beginning June 1st

Thursday, June 1st, 2017

 

Beginning June 1, 2017, OIT will begin locking Rice accounts after ten consecutive failed login attempts on OIT managed systems in order to reduce brute force attacks on NetID passwords. Two independent authentication systems will have this protection:

  • Active Directory

    • RiceNet Wireless
    • Rice Exchange Mail
    • Workstation/Kiosk Logins (Windows, Mac)
  • LDAP / Kerberos / Web Single Sign-On
    • Rice Campus Mail
    • Rice Authenticated Web Sites (Canvas, Box, Subversion,  Webmail, etc)
    • Server/Desktop Logins (Linux)

Preventing Auto-lockout

Auto-lockout is commonly triggered by saved old passwords in an application or device, like WiFi, Email, iOS/Android keychains, and cached credentials in browsers. Once it occurs, it affects access to everything within an authentication system. Students can prevent unexpected lockouts when changing passwords by forgetting wireless networks and keeping track of which devices have saved passwords or are logged into certain accounts.

 

For more information on this, please see the KB article on the Rice Knowledgebase website.

 

Cyberattacks in the News

Monday, May 15th, 2017

The latest media reports of the massive ransomware cyberattacks should be a reminder to always practice safe computing habits. Keep your computer system updated with the latest patches. Be cautious of email attachments. Read about some other best practices on the Rice IT Security Office pages: https://vpit.rice.edu/it-security/

graphic of shield

Thresher: Phishing attacks on Rice community increasingly sophisticated, IT office warns

Thursday, February 2nd, 2017

This article is a reposting of a Rice Thresher article.

by Elizabeth Rasich, Rice Thresher

January 10, 2017

“Schemes to steal usernames and passwords are another part of the Rice University experience. Students, faculty and staff alike are falling victim to attacks that direct Rice email users to sites that almost exactly resemble legitimate, Rice-sponsored sites. Phishing scams are now more frequent and more technologically advanced, prompting the Office of Information Technology recently to direct its IT representatives to warn their residential colleges about this increasing sophistication.”

Read the entire Thresher article.

 

abstract graphic protecting data

Increase in Online Security Attacks

Tuesday, December 20th, 2016

Macro computer screen shot with binary code and password tex, great concept for computer, technology and online security.

Rice’s Chief Information Security Officer Marc Scarborough warned the campus about online security issues in an email on December 16:

Members of the campus community,

Rice is facing an increased level of sophistication in online security attacks that aim to compromise University accounts and services.  With this in mind, the Information Security Office would like to remind the Rice community of steps everyone can take to protect against these attacks:

1. Be vigilant and make sure internet addresses for Rice services are actually Rice domains.  Check the email or web address and confirm it includes “.rice.edu” before the first “/”.  Also, all Rice systems, like Esther, that ask you to log on will begin with “https” — verify that the web address begins with that before entering any information on a website.

2. If an email asks you to click on a URL to go to Esther — or any other university portal — do not simply click on the link in your email. Instead type the URL in your web browser.

3. If you receive an email attachment you are not expecting, call the sender of the email to confirm it is really from them.  Do not open attachments sent from people or email addresses you do not know.  Email attachments may contain viruses that can install Trojan software or spy on your online activities.

4. Contact the Information Security Office at 713-348-5735 if you observe any suspicious activity.

In addition to these precautions, the Office of Information Technology will be making upgrades over the winter break to further secure Rice’s email communications. Additional protections will be implemented this spring.

Please let us know if you have any questions or concerns.

Thank you,

Marc Scarborough
Chief Information Security Officer

Beware of Spear Phishing

Tuesday, December 20th, 2016

Excerpt from the 2015-2016 OIT Annual Report

It seemed like an ordinary request: A Rice employee got an email from a  colleague asking for university bank account numbers. Fortunately, rather than simply hit reply, the employee picked up the phone—and that’s when the jig was up.

The email was a convincing spear-phishing attack targeted at stealing financial information.

“What made the email look so convincing was that it appeared to come from someone the victim knew and someone from whom the request would seem normal,” said Marc Scarborough, chief information security officer for Rice’s Office of Information Technology. “The attacker in this case actually took the time to learn Rice’s reporting structure and crafted a targeted email message to a single person.”

The “From” address on an email is easily forged. It’s essentially the same as a return address on a postal envelope. People generally write an accurate return address, but anything can be written there. That’s true for emails as well. And it’s even harder to detect a forged “From” address on a mobile device since less information is shown on smaller screens.

“We should be aware that not all emails we receive are from whom they say they are,” Scarborough said. “If an email requesting information appears unusual, even if it appears to be coming from someone you know, take the time to investigate. Call the person who supposedly sent the message. Find out if they really did request the information before you send it, whether it’s baking information or any other type of private information—account information, student information, or general information about your department’s operations.

“Not all phishing emails are the same. Some are more than the poorly worded emails asking for our passwords that we’re used to. Attackers are getting much better at learning about us to make their attacks more successful.”21196724

Don’t take the bait:

  • If you’re at all suspicious about an email, it’s probably a scam. No one at Rice will ever ask you to verify your NetID account or ask for your password, ID number, credit card information or other personal details by email.
  • If you fall for a phasing message, Immediately contact the Help Desk at helpdesk@rice.edu or 713-348-HELP (4357) to reset your password.

For more information about Rice IT security, visit http://it.rice.edu/security/

OIT 2015-2016 Annual Report

Wednesday, June 8th, 2016

OIT Annual Report Cover

The Office of Information Technology 2015-2016 Annual Report is online and highlights our support for a few campus projects.

The Office of Information Technology (OIT) is the university’s central technology provider, supporting research, academic and administrative systems, other core applications and voice, network, computing infrastructure for the Rice community. OIT is an integral part of Rice committed to supporting the university mission through innovative uses of technology and service excellence.

Where Did our Data Go? Information Security at Rice

Monday, November 30th, 2015
Chief Information Security Officer Marc Scarborough at the November Administrators Forum

Chief Information Security Officer Marc Scarborough at the November Administrators Forum

“Where did our data go?” is a question Rice University Chief Information Security Officer Marc Scarborough receives several times each year. When employees transfer to another department or leave the university, their data may also go missing. Scarborough used three different scenarios as case studies during the November Administrators Forum, to help department representatives learn how to avoid data loss in the future.

(more…)

Celebrate Data Privacy Day by Improving Your Cyber Awareness

Wednesday, January 28th, 2015

January 28 is Data Privacy Day, which is an international effort with the theme “Respecting Privacy, Safeguarding Data, and Enabling Trust.” Invest a bit of your time to acquire the skills to prevent a cyber disaster in your life. A variety of online resources can help educate you on how to protect your personal information as well as how to be a good data steward within the Rice community.

https://infosecurity.rice.edu  –   Visit Rice’s information security awareness site to learn how to prevent data theft or breaches from occurring at our university. Every member of the Rice community has the responsibility to protect confidential data. You’ll also find tips on how you can protect your private data at home and on your personal technology devices.

http://www.staysafeonline.org  –   Packed full of privacy tips, you can learn how to change your privacy settings for online services, pick strong passwords, and secure your accounts.

http://www.securingthehuman.org/resources/posters/   –   You can view informative posters that explain how to create a cyber secure home, why you are a target to be hacked, and how to not become a victim of phishing.

 

Phishing poster from Securing the Human's web site

2014 Annual Report of the VPIT

Wednesday, December 24th, 2014

The juncture of a calendar year end with the midpoint of an academic year provides an ideal opportunity to review and preview IT projects developed at the request of our customers, or in collaboration with our colleagues. Originally written as a high-level IT overview for Rice’s executive leadership team, the Annual Report of the Vice Provost for Information Technology is now publicly available online.  Some of the report highlights include:

Multi-media,  High & Low Tech Tools for Teaching and Learning
From media assets  like digital film clips and audio files to class participation from a mobile device to storytelling as a course project, Rice faculty and students continue using both high and low technologies in active learning environments.  However, Rice instructors also engage their students in active learning with little or no technology.  The teaching and learning stories in this report illustrate how IT’s Academic Technology Services staff members help Rice instructors find solutions for learning activities that have become time-consuming and detract from the actual learning goals of the course.  Read more on pages 4-5.

BlueGene P & Q, Power8, and BiRD Cloud Support for Researchers
IT supports research computing clusters like the BlueGene P & Q clusters, the IBM Power8, and BiRD Cloud, where Rice researchers and their external colleagues are working on a variety of problems related to energy, geophysics, life sciences, and cancer research, how to extrapolate solutions for medical research and clinical practices from big data and analytics technologies, as well as how to best use hybrid cloud environments to enhance code development and interactive data analysis with tools like Matlab, R, and Hadoop. Read more on pages 6-7.

Training Opportunities for Instructors and Researchers
From helping postdocs with their high performance computing (HPC) code to introducing new instructors to the tools on their classroom podium computers and the many features of OWL-Space, IT staff members provide multiple workshops for Rice community members. Read more on pages 8-9.

Campus-wide Initiatives Improve Network, Systems, and Security
How Rice faculty, staff and students access the university’s vast array of digital resources depends on a highly available and efficient infrastructure composed of a quick network with a hearty bandwidth and robust systems that can manage torrential surges of traffic and data on an hourly basis.  This infrastructure must also be able to identify, withstand, and rebuff cyber attacks designed to usurp university resources and data and slow down competitive research.  The 2014 report does an especially good job of explaining the infrastructure and security improvements currently underway across the campus.  Read more on pages 10-12.

Collaboration Results that Solve Administrative Process Challenges 
From improvements to blogging tools used by faculty, staff and students to radios used by RUPD, IT has continues to partner with colleagues across the university to help solve administrative process or equipment challenges that prevent Rice community members from achieving their daily tasks in an effective way.  Several of these interdepartmental collaborations are featured in this report, including an interim solution for the faculty hiring process and a system that helped a committee use big data analytics in a presentation on corporate partnership trends for the Board of Trustees. Read more on pages 13-15.

Kamran Khan
Vice Provost for Information Technology,
Rice University