Friday, November 16, 2018

Today, Life IS a game!

Our IT friends at Texas A&M University have shared an online game, "Aggie LIFE," to enhance cybersecurity skills on campus.  Their Division of Information Technology creates an online game each October in recognition of National Cybersecurity Awareness Month. 

This year's game, tested players' knowledge on phishing, online shopping, identity theft and more.




Partially reposted from Thousands Test Cybersecurity Skills with Aggie LIFE

Thursday, November 15, 2018

Invite people to an ongoing Hangouts Meet meeting

Google is adding a new way to invite people to an ongoing meeting directly within Hangouts Meet. When you’re in a Meet meeting, you’ll now see an option to “Add people” at the top of the participant list.

Add people directly from the call

Clicking on this option will open a dialog box to send them an email invite to join as a full participant or call them into the meeting by phone.

To invite someone into your meeting, simply input their email address or lookup by name from the company directory.The invited participant will receive an email with instructions to join your meeting.

Enter the person's name, email address, or phone number

As always, inviting someone using their phone number will immediately call the phone number to to add them to the meeting. They will join as an audio only participant and will not see any video or the screenshare.

For more information on inviting people to Meet meetings, check out the Help Center.

Manhattan College has video conferencing set up with Google Hangouts Meet in the following rooms:
De La Salle Hall:    Room 209
Memorial Hall:       Charter Room

Please consult 25Live to book these rooms for your video conference.

Note you don't have to be in these rooms to hold or participate in a video meeting. You can initiate or participate in a video meeting  from your desktop/laptop/mobile device meet app.(Hangouts Meet.)



More Information:

Help Center: Invite peopleBest Practices for Video ConferencesGoogle Hangouts

Partially reposted from:  Invite people to an ongoing Hangouts Meet meeting

Wednesday, November 14, 2018

CANCELLED: MCS, ProDev, and LMSCourseDev Moodle Maintenance - Saturday 11/17 8AM

11/16 3:30pm Update: This maintenance will be on hold until the new features are tested further. New date will be announced soon.

Cancelled: MCS, ProDev, and LMSCourseDev Moodle systems will be OFFLINE for system maintenance starting at 8AM on Saturday 11/17 to apply system updates. We anticipate that the maintenance will be completed between 8AM-10AM during which time only these Moodle systems will be unavailable. 

The main Moodle system (lms.manhattan.edu) will not be affected.

Tips for Shopping Safely Online - Even on Black Friday!


Tips for Shopping Safely Online

In 2016, for the first time ever, shoppers bought more online than in stores. All Internet-connected devices are vulnerable, especially when being used for purchases. You need to be aware of ways to protect yourself as you shop online.
The holiday season is the perfect time for cybercriminals to take advantage of unsuspecting online shoppers. When you go to the grocery store or local shop, it's habit to grab your reusable bags, lock the car, and make sure you've safely put away your credit card or cash before heading home with the day's purchases. Similar precautions need to be taken when you're shopping online from the comfort of your own home. If you make these simple precautions regular online shopping habits, you'll be protecting your purchases and personal information.
The National Cyber Security Alliance recommends following these basic steps so you'll be ready to cybershop safely and securely.
  • Lock down your login. One of the most critical things you can do in preparation for the online shopping season is to fortify your online accounts by enabling the strongest authentication tools available, such as biometrics, security keys or a unique one-time code through an app on your mobile device, lastpass.com is a recommended site.  Your usernames and passwords are not enough to protect key accounts like e-mail, banking, and social media.
  • Keep clean machines. Before searching for that perfect gift, be sure that all web-connected devices—including PCs, mobile phones, smartphones, and tablets—are free from malware and infections by running only the most current versions of software and apps. Please review this Manhattan College Knowledge Base Article:  Basic Malware Removal.
  • Shop reliable websites online. Use the sites of retailers you trust. If it sounds too good to be true, it probably is!
  • Conduct research. When using a new website for your holiday purchases, read reviews and see if other customers have had a positive or negative experience with the site.
  • Personal information is like money: value it and protect it. When making a purchase online, be alert to the kinds of information being collected to complete the transaction. Make sure you think it is necessary for the vendor to request that information. Remember that you only need to fill out required fields at checkout.
  • Get savvy about Wi-Fi hotspots. If you are out and about, limit the type of business you conduct over open public Wi-Fi connections, including logging in to key accounts, such as e-mail and banking. Adjust the security settings on your device to limit who can access your phone. 
  • Check the address bar. Look for the green lock icon and https:// in the URL before using your credit card online.
  • Manhattan College has the following information available for additional support on personally owned devices:  Resources for Personal Devices
Be a Cybersmart Holiday Shopper. Conduct Research, Get Two Steps Ahead, Get Saavy About Wi-Fi Hotspots, When in Doubt Throw it Out, Protect Your Money. stopthinkconnect.org


Partially re posted from: November 2018: Shop Safe Online, Even on Black Friday!

Tuesday, November 13, 2018

Phishing Infographics

Let's all review the following phishing infographics and share them. The holiday season is a good time to discuss information security with family & friends.

The above infographic is from Wombat Security.


The above infographic is from Rapid7.


The first infographic shows a flow chart of the decision process that we should all do our best to follow.  The second scrutinizes an email, which we should consider. Remember that phishing attacks can also use SMS, social media, etc.

Friday, November 9, 2018

Electrical Maintenance Leo Hall November 13th/14th from 6am-8am

There will be some electrical maintenance being conducted in Leo Hall 3rd Floor on Tuesday November 13th and Wednesday, November 14th, from 6am-8am.

This maintenance will shut power off to the networking equipment that services both the wired and wireless networks on the 3rd floor of Leo Hall. No other floors should be impacted by this maintenance.

We apologize for any inconvenience that this may cause.

Manhattan College enhances student and faculty support with Google Cloud

Check out the below video where ITS Leadership discusses how Manhattan College ITS utilizes the Google Cloud platform.

Featuring:
Jake Holmquist, CIO
Cindy Duggan, Director of Web Applications
Robert Moran, Director of Enterprise Architecture

Thursday, November 8, 2018

RESOLVED: Banner: Slow Response Time

Dear Manhattan College Community,

UPDATE: The root cause was isolated to the BANNER Admin Pages.  Once a "restart" was conducted on the Banner Admin Pages, the system's response time was back to normal.
Thanks for your patience.

Information Technology Services



Information Technology Services has received several reports regarding slow network response time.  The ITS Network Team is in the process of identifying the cause and will update the community once the issue is resolved.

Thank you for your patience.

Information Technology Services

Tuesday, November 6, 2018

Campus Wireless Upgrade

We, here at Manhattan College IT Services Department, strive to meet the growing demand for wireless accessibility. We do our best to be at the forefront of technology throughout campus. Our goal is to provide students, faculty, and staff with the best tools to facilitate learning. This includes updated computer labs, learning classrooms, and wireless throughout all buildings, both academic and dorm rooms. One way we are meeting this goal is to deploy a robust wireless network providing enough reliability and stability throughout campus.

The Networking Department within ITS will be working diligently to upgrade all wireless access points across campus starting the week of November 12th. We will complete this work with as little down time as possible, but please be patient as some down time may be inevitable. The upgrade process will be completed in the following order. Please note, this may be subject to change based off of building, classroom, and office availability:

  • Hayden Hall - complete
  • Thomas Hall - complete
  • Alumni Hall - complete
  • Leo Engineering Building
  • Research and Learning Center
  • De La Salle Hall
  • Memorial Hall
  • Miguel Hall
  • Smith Hall
  • O'Malley Library
  • Kelly Student Commons

We will be working closely with Resident Life to upgrade the wireless access points in the dorms. Most of the access points are located in students' rooms, so in order to upgrade, we will need access to these rooms. Work in the dorms will commence during winter break according to the following tentative schedule:

  • Overlook Manor - complete
  • Jasper Hall
  • Chrysostom Hall
  • Lee Hall
  • Horan Hall

With the cooperation of the Manhattan College community, IT Services hopes to meet our goal of making seamless wireless connectivity the goal throughout campus.

If you have any questions or concerns, please contact ITS at its@manhattan.edu or at extension x-7973.

-Network Engineer, ITS

Monday, November 5, 2018

IT Staff from St. Olaf College and Carleton College welcomed at Manhattan College


Left to right: R. Musal, A. Robinson, G. Quaglieni, K. Strode, J. Moberg, H. Malecha, A. McCarthy
IT Staff from St. Olaf College and Carleton College welcomed at Manhattan College 


Manhattan College IT Services Client Services & Operations team hosted IT staff from St. Olaf College and Carleton College in Minnesota. These two colleges are considering choosing TeamDynamix (TDX) service management system to manage their Helpdesk.
The IT staff from the two colleges made a trip out East to learn best practices of how Manhattan College utilizes TDX. As an early adopter of TeamDynamix and a success story for the seamless implementation and deployment of TDX, Manhattan College IT Services serves as a resource for other colleges and universities implementing this system.
Manhattan College ITS has been using TDX since 2013 to successfully manage our IT supports services to meet client requests across campus.  The ITS Helpdesk is able to leverage TDX to handle 9,000+ tickets per year.

Friday, November 2, 2018

ITS Ticketing System Upgrade Saturday November 3rd 2018

The ITS Ticketing System used to manage all service requests will be inaccessible on Saturday November 3rd, 2018.  ITS is closed on weekends so we do not believe this will impact service.  As per usual, requests that come in over the weekend will be attended to Monday November 5th, 2018.

Friday, October 26, 2018

Check out the Recent Quadrangle Article about MC ITS STARS!!!

View the recent quadrangle article about the ITS STARS.

Extortion Emails Did Not Stop




Did you forget our July 2018 extortion email blog post? We didn't. Extortion emails including an old breached password from a non Manhattan College affiliated computer service (e.g., LinkedIn, Tumblr, Adobe, etc.) have been continuing to arrive to Manhattan College community email inboxes demanding money or else the extortionists will release risqué videos.


From September 17th until October 16th, we received 32,474 emails with a subject that began with Your password is. They were aimed at 576 different manhattan.edu accounts and used 977 throwaway email accounts to send the messages.


  • Several password best practices to consider: Use a password manager to store a distinct, random password per company you do business with.
  • Never use your JasperNet password elsewhere.
  • If you know that one of your accounts has been breached, whatever password was used is now compromised and can never be used again.
  • Do not use passwords such as Homework2 or password123 and instead use passwords that are longer & are not mostly dictionary words.
  • Always reach out to ITS when a dialogue is desired.
             Email:  its@manhattan.edu  or  TEL: 718-862-7973

Also consider signing up for password breach alerts. You can use a website such as Have I Been Pwned or a browser-based solution such as Firefox Monitor.


A few popular password managers are on the market. Remember that you can use distinct, random passwords using the following sites: LastPass (free), DashLane (free), or 1Password (30 day free trial). You must make sure that your master password to your password manager is never lost and that you must do regular backups of your password vaults. If you lose your master password, you will not be able to access your password vault.


How to Protect Yourself From Scams Like This:

Step up to Stronger Passwords

I Clicked on a Phishing Scam Email... What now?

Partially reposted from:  10/25/18 Harvested Passwords Used in Email Extortion | AT&T ThreatTraq

Thursday, October 25, 2018

IT Services Staff tours Crestron Headquarters

In our effort to meet the demand for high performance technology in our classrooms, Manhattan College IT Services Client Services & Operations (CS&O) team visited the Crestron headquarters in Rockleigh, New Jersey.  Crestron is a leader in classroom technology and their products are found in leading universities around the globe.
Our CS&O staff toured the Crestron headquarters in order to gain more knowledge on how to optimize our current podium units and view new options for Crestron's easy to use tools for our campus classrooms.
Further details on Crestron products.
Feel free to reach out to ITS with any questions or support on the Crestron control units in our classrooms:
its@manhattan.edu      TEL:  718-862-7973

Monday, October 22, 2018

Jamboard Training O'Malley Library Nov 2 & Nov 7

IT Services is presenting Jamboard Training Sessions on the following dates:
  • November 2 from 1:00 to 2:00 pm
  • November 7 from noon to 1:00 pm
Location:  O’Malley Library Jamboard Room #401

The following topics will be covered:
  • Demo a Jamboard and its features 
  • Overview of the system of ownership and collaborators
  • Using the Tool Set
  • Pushing a Jam to the Jamboard
  • Ending a Jamboard session
We will be able to address any Jamboard Related questions you may have.

An ITS student worker will be presenting the training.



image of a Jamboard


Jamboards are for student use and a Jamboard is located in:
O'Malley Library Study Room 401 & O'Malley Library Study Room 314

Thursday, October 18, 2018

Step Up to Stronger Passwords

Weak and reused passwords continue to be a common entry point for account or identity takeover and network intrusions. Simple steps and tools exist to help your end users achieve unique, strong passwords for their dozens of accounts. Help your community members improve their individual and collective security by sharing the following tips.
A password is often all that stands between you and sensitive data. It’s also often all that stands between a cybercriminal and your account. Below are tips to help you create stronger passwords, manage them more easily, and take one further step to protect against account theft.
  • Always: Use a unique password for each account so one compromised password does not put all of your accounts at risk of takeover.
  • Good: A good password is 10 or more characters in length, with a combination of uppercase and lowercase letters, plus numbers and/or symbols — such as pAMPh$3let. Complex passwords can be challenging to remember for even one site, let alone using multiple passwords for multiple sites; strong passwords are also difficult to type on a smartphone keyboard (for an easy password management option, see “best” below).
  • Better: A passphrase uses a combination of words to achieve a length of 20 or more characters. That additional length makes its exponentially harder for hackers to crack, yet a passphrase is easier for you to remember and more natural to type. To create a passphrase, generate four or more random words from a dictionary, mix in uppercase letters, and add a number or symbol to make it even stronger — such as rubbishconsiderGREENSwim$3. You’ll still find it challenging to remember multiple passphrases, though, so read on.
  • Best: The strongest passwords are created by password managers — software that generates and keeps track of complex and unique passwords for all of your accounts. All you need to remember is one complex password or passphrase to access your password manager. With a password manager, you can look up passwords when you need them, copy and paste from the vault, or use functionality within the software to log you in automatically. Best practice is to add two-step verification to your password manager account. Keep reading!
  • Step it up! When you use two-step verification** (a.k.a., two-factor authentication or login approval), a stolen password doesn’t result in a stolen account. Anytime your account is logged into from a new device, you receive an authorization check on your smartphone or other registered device. Without that second piece, a password thief can’t get into your account. It’s the single best way to protect your account from cybercriminals.
**Please note: this option is not available for Manhattan College accounts but should be considered for external (personal) accounts.


How to pick a proper password.

Partially reposted from http://er.educause.edu/blogs/2016/11/may-2017-step-up-to-stronger-passwords

Tuesday, October 16, 2018

COMPLETE: Horan Hall - Brief Network Outage 10/19 at 2pm

COMPLETE: As of 3:40pm, this generator test has been completed.

Physical Plant will be conducting a generator test in Horan Hall Friday, October 19th at approximately 2pm. 

There will be two brief outages, one while switching to generator power, the other while switching back to main power.

This will not affect the rest of campus.

If you have any questions, please contact ITS at its@manhattan.edu or at extension x-7973. We apologize for this inconvenience. 

Monday, October 15, 2018

Beef up IT Physical Security


Employing good physical security practices is just as important as strong passwords and refusing phishing bait.  Getting the word out to our campus about the importance of a few basic physical security tips can substantially improve Manhattan College's security risk profile.
Below are some tips to raise awareness:
  • Prevent tailgating. In the physical security world, tailgating is when an unauthorized person follows someone into a restricted space. Be aware of anyone attempting to slip in behind you when entering an area with restricted access.
  • Don't offer piggyback rides. Like tailgating, piggybacking refers to an unauthorized person attempting to gain access to a restricted area by using social engineering techniques to convince the person with access to let them in. Confront unfamiliar faces! If you're uncomfortable confronting them, contact campus safety.
  • Put that shredder to work! Make sure to shred documents with any personal, medical, financial, or other sensitive data before throwing away. Organizing campus-wide or smaller-scale shred days can be a fun way to motivate your community to properly dispose of paper waste.
  • Be smart about recycling or disposing of old computers and mobile devices. Make sure to properly destroy your computer's hard drive. Use the factory reset option on your mobile devices and erase or remove SIM and SD cards.
  • Lock your devices. Protecting your mobile devices and computers with a strong password or PIN provides an additional layer of protection to your data in the event of theft. Set your devices to lock after a short period of inactivity; lock your computer whenever you walk away. If possible, take your mobile devices and/or laptop with you. Don't leave them unattended, even for a minute!
  • Lock those doors and drawers. Stepping out of the room? Make sure you lock any drawers containing sensitive information and/or devices and lock the door behind you.
  • Encrypt sensitive information. Add an additional layer of protection to your files by using the built-in encryption tools included on your computer's operating system.
  • Back up, back up, back up! Keeping only one copy of important files, especially on a location such as your computer's hard drive, is a disaster waiting to happen. Make sure your files will still be accessible in case they're stolen or lost by backing them up on a regular basis to multiple secure storage solutions.
  • Don't leave sensitive data in plain sight. Keeping sensitive documents or removable storage media on your desk, passwords taped to your monitor, or other sensitive information in visible locations puts the data at risk to be stolen by those who would do you or your institution harm. Keep it securely locked in your drawer when not in use.
  • Put the laptop in your trunk. Need to leave your laptop or other device in your car? Lock it in your trunk (before arriving at your destination). Don't invite criminals to break your car windows by leaving it on the seat.
  • Install a remote location tracking app on your mobile device and laptop. If your smartphone, tablet, or laptop is lost or stolen, applications such as Find My iPhone/iPad/Mac or Find My Device (Android) can help you to locate your devices or remotely lock and wipe them.
Physical Security Awareness:

Partially reposted from Educause:  Beef Up Your Physical Security

Friday, October 12, 2018

Computer Lab Software Request Deadline for Spring 2019 is November 9, 2018
If you would like to request an upgrade of a software already installed in the computer labs or if you would like us to install a new software in the computer labs on campus, please fully read through the information on the link provided and fill out the Software Request form here. (click the big green box that says “Request Service”)

Note that software listed here is already scheduled to be installed, it is not necessary to submit requests for software, unless updating to a new version.

Please note that fully completed forms are required for any change to the labs, even for free software. All software installation media and licenses are also required by the due date.

Requests for the Spring 2019 semester should be submitted by November 9, 2018. Requests submitted after the deadline may not be installed in the labs for the Spring 2019 semester. This is because we need time to develop an installation procedure and test the software in the lab environment before deploying the software. We also require a number of weeks to deploy the lab images across campus, which means our solutions need to be complete and tested several weeks prior to classes beginning.


Please submit your Software Request forms ASAP.

RESOLVED: JasperNet SSO Authentication Issue

RESOLVED:

ITS is currently investigating an issue affecting JasperNet SSO authentication.  Users attempting to access JasperNet services may be receiving the following error message:







Windows 7 End of Life Schedule

Every Windows product has a life cycle. The life cycle begins when a product is released and ends when it's no longer supported. Knowing key dates in this life cycle helps you make informed decisions about when to update, upgrade or make other changes to your software. 
Windows 7 Support will end January 14, 2020.
Microsoft Support Reference to determine: Which Windows operating system am I running?

Solution

Manhattan College ITS loads Windows 10 on all ITS supported compatible devices.

Next Steps

If you happen to have a computer with Windows 7 please upgrade your computer before January 14, 2020.  You can contact ITS for assistance.

Further details:  Windows 7 End of Life Schedule 

Thursday, October 11, 2018

Jamboard Training O'Malley Library Nov 2 & Nov 7

IT Services is presenting Jamboard Training Sessions on the following dates:
  • November 2 from 1:00 to 2:00 pm
  • November 7 from noon to 1:00 pm
Location:  O’Malley Library Jamboard Room #401

The following topics will be covered:
  • Demo a Jamboard and its features 
  • Overview of the system of ownership and collaborators
  • Using the Tool Set
  • Pushing a Jam to the Jamboard
  • Ending a Jamboard session
We will be able to address any Jamboard Related questions you may have.

An ITS student worker will be presenting the training.



image of a Jamboard


Jamboards are for student use and a Jamboard is located in:
O'Malley Library Study Room 401 & O'Malley Library Study Room 314



Wednesday, October 10, 2018

Phishing: An Introduction


Chances are good that at some point you’ve received a suspicious email urging you to click on a link or open an attachment. This email was most likely an example of the cybercrime known as phishing. This article serves as an introduction to phishing: what it means, how it affects individuals and organizations, and how security awareness and training tools can be used to reduce the threat of these attacks.
What is Phishing?
Phishing is when cybercriminals send malicious emails designed to trick people into falling for a scam. The intent is often to get users to reveal financial information, system credentials, or other sensitive data.
The term “phishing” came about in the mid-1990s, when hackers began using fraudulent emails to “fish for” information from unsuspecting users. Since these early hackers were often referred to as “phreaks,” the term became known as “phishing,” with a “ph.” Phishing emails try to lure you in and get you to take the bait. And once you’re hooked, you’re in trouble.
Phishing is an example of social engineering: a collection of techniques scam artists use to manipulate human psychology. Social engineering techniques include forgery, misdirection, and lying, all of which can play a part in phishing attacks. On a basic level, phishing emails use social engineering to encourage you to act without thinking things through.

Why Is Phishing a Problem?

Cybercriminals use phishing because it’s easy, cheap, and effective. Email addresses are easy to obtain, and emails are virtually free to send. With little effort and little cost, attackers can quickly gain access to valuable data. Those who fall for phishing scams may end up with malware infections (including ransomware), identity theft, and data loss.

The data cybercriminals go after includes personal information — like financial account data, credit card numbers, and tax and medical records — as well as sensitive business data, like customer names and contact information, proprietary product secrets, and confidential communications.
Cybercriminals also use phishing attacks to gain direct access to email, social media, and other accounts — or to obtain permissions to modify and compromise connected systems, like point of sale terminals and order processing systems. Many of the biggest data breaches — like the headline-grabbing 2013 Target breach — start with a phishing email. Using a seemingly innocent email, cybercriminals can gain a small foothold and build on it.
Cybercriminals use three primary mechanisms within phishing emails to steal your information: malicious web links, malicious attachments, and fraudulent data-entry forms. 
Example of Malicious Web Links:
Image of an example of a Malicious Link

Links, also known as URLs, are common in emails in general, and also in phishing emails. Malicious links will take you to imposter websites or to sites infected with malicious software, also known as malware. Malicious links can be disguised to look like trusted links, and embedded in logos and other images inside an email.
Here is an example of an email received by users at Cornell University, an American college.  It is a simple message that showed "Help Desk" as the name of the sender (though the email did not originate from the university’s help desk, but the @connect.ust.hk domain). According to Cornell’s IT team, the link embedded in the email took clickers to a page that looked like the Office 365 login page. This phishing email attempted to steal user credentials.
Example of a Malicious Attachment:
Image of an example of a Malicious Attachment








These look like legitimate file attachments, but are infected with malware that can compromise your computer and the files on it. In the case of ransomware — a type of malware — all of the files on your PC could become locked and inaccessible. Or, a keystroke logger could be installed to track everything you type, including your passwords. It’s also important to realize that ransomware and malware infections can spread from your PC to other networked devices, such as external hard drives, servers, and even cloud systems.

Here is an example of phishing email text shared by international shipper FedEx on its website. This email encouraged recipients to print out a copy of an attached postal receipt and take it to a FedEx location to get a parcel that could not be delivered. Unfortunately, the attachment contained a virus that infected recipients’ computers. Variations of these types of shipping scams are particularly common during the Christmas shopping season, though they are seen year-round.
Fraudulent Data Entry Forms
image of an example of a fraudulent tax data from

These emails prompt you to fill in sensitive information — like user IDs, passwords, credit card data, and phone numbers. Once you submit that information, it can be used by cybercriminals for their personal gain.
The above image is an example of a fake landing page shared on the gov.uk website. After clicking on a link in a phishing email, users would be routed to this fraudulent page that appears to be part of the HMRC tax collection agency. Users are told they are eligible for a refund but must complete the form. This type of personal information can be used by cybercriminals for a number of fraudulent activities, including identity theft.
It’s important to recognize the consequences of falling for a phishing attack, either at home or at work. Here are just a few of the problems that can arise from falling for a phish:

In Your Personal Life

  • Money stolen from your bank account
  • Fraudulent charges on credit cards
  • Tax returns filed in your name
  • Loans and mortgages opened in your name
  • Lost access to photos, videos, files, etc.
  • Fake social media posts made in your accounts.

60 Seconds to Better Security video
Partially reposted from Wombat Security: Phishing: An Introduction

At Work


  • Loss of corporate funds
  • Exposed personal information of customers and coworkers
  • Outsiders access to confidential communications, files, and systems
  • Files become locked and inaccessible
  • Damage to employer's reputation