Wednesday, October 17, 2018

Step Up to Stronger Passwords

Weak and reused passwords continue to be a common entry point for account or identity takeover and network intrusions. Simple steps and tools exist to help your end users achieve unique, strong passwords for their dozens of accounts. Help your community members improve their individual and collective security by sharing the following tips.
A password is often all that stands between you and sensitive data. It’s also often all that stands between a cybercriminal and your account. Below are tips to help you create stronger passwords, manage them more easily, and take one further step to protect against account theft.
  • Always: Use a unique password for each account so one compromised password does not put all of your accounts at risk of takeover.
  • Good: A good password is 10 or more characters in length, with a combination of uppercase and lowercase letters, plus numbers and/or symbols — such as pAMPh$3let. Complex passwords can be challenging to remember for even one site, let alone using multiple passwords for multiple sites; strong passwords are also difficult to type on a smartphone keyboard (for an easy password management option, see “best” below).
  • Better: A passphrase uses a combination of words to achieve a length of 20 or more characters. That additional length makes its exponentially harder for hackers to crack, yet a passphrase is easier for you to remember and more natural to type. To create a passphrase, generate four or more random words from a dictionary, mix in uppercase letters, and add a number or symbol to make it even stronger — such as rubbishconsiderGREENSwim$3. You’ll still find it challenging to remember multiple passphrases, though, so read on.
  • Best: The strongest passwords are created by password managers — software that generates and keeps track of complex and unique passwords for all of your accounts. All you need to remember is one complex password or passphrase to access your password manager. With a password manager, you can look up passwords when you need them, copy and paste from the vault, or use functionality within the software to log you in automatically. Best practice is to add two-step verification to your password manager account. Keep reading!
  • Step it up! When you use two-step verification (a.k.a., two-factor authentication or login approval), a stolen password doesn’t result in a stolen account. Anytime your account is logged into from a new device, you receive an authorization check on your smartphone or other registered device. Without that second piece, a password thief can’t get into your account. It’s the single best way to protect your account from cybercriminals.
Please note: this option is not available for Manhattan College accounts but should be considered for external accounts.


How to pick a proper password.

Partially reposted from http://er.educause.edu/blogs/2016/11/may-2017-step-up-to-stronger-passwords

Tuesday, October 16, 2018

Horan Hall - Brief Network Outage 10/19 at 2pm

Physical Plant will be conducting a generator test in Horan Hall Friday, October 19th at approximately 2pm. 

There will be two brief outages, one while switching to generator power, the other while switching back to main power.

This will not affect the rest of campus.

If you have any questions, please contact ITS at its@manhattan.edu or at extension x-7973. We apologize for this inconvenience. 

Monday, October 15, 2018

Beef up IT Physical Security


Employing good physical security practices is just as important as strong passwords and refusing phishing bait.  Getting the word out to our campus about the importance of a few basic physical security tips can substantially improve Manhattan College's security risk profile.
Below are some tips to raise awareness:
  • Prevent tailgating. In the physical security world, tailgating is when an unauthorized person follows someone into a restricted space. Be aware of anyone attempting to slip in behind you when entering an area with restricted access.
  • Don't offer piggyback rides. Like tailgating, piggybacking refers to an unauthorized person attempting to gain access to a restricted area by using social engineering techniques to convince the person with access to let them in. Confront unfamiliar faces! If you're uncomfortable confronting them, contact campus safety.
  • Put that shredder to work! Make sure to shred documents with any personal, medical, financial, or other sensitive data before throwing away. Organizing campus-wide or smaller-scale shred days can be a fun way to motivate your community to properly dispose of paper waste.
  • Be smart about recycling or disposing of old computers and mobile devices. Make sure to properly destroy your computer's hard drive. Use the factory reset option on your mobile devices and erase or remove SIM and SD cards.
  • Lock your devices. Protecting your mobile devices and computers with a strong password or PIN provides an additional layer of protection to your data in the event of theft. Set your devices to lock after a short period of inactivity; lock your computer whenever you walk away. If possible, take your mobile devices and/or laptop with you. Don't leave them unattended, even for a minute!
  • Lock those doors and drawers. Stepping out of the room? Make sure you lock any drawers containing sensitive information and/or devices and lock the door behind you.
  • Encrypt sensitive information. Add an additional layer of protection to your files by using the built-in encryption tools included on your computer's operating system.
  • Back up, back up, back up! Keeping only one copy of important files, especially on a location such as your computer's hard drive, is a disaster waiting to happen. Make sure your files will still be accessible in case they're stolen or lost by backing them up on a regular basis to multiple secure storage solutions.
  • Don't leave sensitive data in plain sight. Keeping sensitive documents or removable storage media on your desk, passwords taped to your monitor, or other sensitive information in visible locations puts the data at risk to be stolen by those who would do you or your institution harm. Keep it securely locked in your drawer when not in use.
  • Put the laptop in your trunk. Need to leave your laptop or other device in your car? Lock it in your trunk (before arriving at your destination). Don't invite criminals to break your car windows by leaving it on the seat.
  • Install a remote location tracking app on your mobile device and laptop. If your smartphone, tablet, or laptop is lost or stolen, applications such as Find My iPhone/iPad/Mac or Find My Device (Android) can help you to locate your devices or remotely lock and wipe them.
Physical Security Awareness:

Partially reposted from Educause:  Beef Up Your Physical Security

Friday, October 12, 2018

License Server Maintenance starting Friday, October 19th, at 10:00PM

ITS will be performing license server maintenance on Friday, October 19th at 10:00PM. This maintenance will effect the following software:

1. SAP2000
2. MATHEMATICA
3. COMSOL
4. ABAQUS

The maintenance is expected to be done by 12:00 AM on Saturday, October 20th. The maintenance will effect all users that are on the Manhattan College network and that use the software that have been listed above.

We apologize for any inconvenience that this may cause. If you have any questions, please contact ITS at its@manhattan.edu or at extension x-7973.
Computer Lab Software Request Deadline for Spring 2019 is November 9, 2018
If you would like to request an upgrade of a software already installed in the computer labs or if you would like us to install a new software in the computer labs on campus, please fully read through the information on the link provided and fill out the Software Request form here. (click the big green box that says “Request Service”)

Note that software listed here is already scheduled to be installed, it is not necessary to submit requests for software, unless updating to a new version.

Please note that fully completed forms are required for any change to the labs, even for free software. All software installation media and licenses are also required by the due date.

Requests for the Spring 2019 semester should be submitted by November 9, 2018. Requests submitted after the deadline may not be installed in the labs for the Spring 2019 semester. This is because we need time to develop an installation procedure and test the software in the lab environment before deploying the software. We also require a number of weeks to deploy the lab images across campus, which means our solutions need to be complete and tested several weeks prior to classes beginning.


Please submit your Software Request forms ASAP.

RESOLVED: JasperNet SSO Authentication Issue

RESOLVED:

ITS is currently investigating an issue affecting JasperNet SSO authentication.  Users attempting to access JasperNet services may be receiving the following error message:







Windows 7 End of Life Schedule

Every Windows product has a life cycle. The life cycle begins when a product is released and ends when it's no longer supported. Knowing key dates in this life cycle helps you make informed decisions about when to update, upgrade or make other changes to your software. 
Windows 7 Support will end January 14, 2020.
Microsoft Support Reference to determine: Which Windows operating system am I running?

Solution

Manhattan College ITS loads Windows 10 on all ITS supported compatible devices.

Next Steps

If you happen to have a computer with Windows 7 please upgrade your computer before January 14, 2020.  You can contact ITS for assistance.

Further details:  Windows 7 End of Life Schedule