OIT News – September 2014

OIT News
Monthly news briefs, information and announcements
Office of Information Technology, NC State University
Issue 83, September 2014

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Follow OIT on Twitter @NCStateOIT
For up-to-the-minute reports on OIT systems, see SysNews
For help with computing problems, contact the NC State Help Desk

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

01: University warns students and employees of illegal peer-to-peer file sharing
02: Data center maintenance to impact major campus services Sept. 20-21
03: NC State to develop Cyber Security Roadmap to protect against security threats
04: October is National Cyber Security Awareness Month: Protect Yourself! Protect the Pack
05: Captioning Grant available
06: OIT provides public access to NC State course offerings
07: Update your office and research locations in MyPack Portal by Oct. 1
08: Uncover the “To” secret in Gmail
09: OIT to offer Google Apps and WordPress training
10: SAR training scheduled for Nov. 5
11: OIT initiates security efforts to foil cyber attacks

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

01: University warns students and employees of illegal peer-to-peer file sharing
University students, faculty and staff are expected to respect the intellectual property rights of others and refrain from the unauthorized distribution of copyrighted materials —  including illegal peer-to-peer file sharing —  which has personal risks and legal consequences.

Music, movies, videos, games, and other online media are protected by (or subject to) copyright laws. It is usually illegal to share them via peer-to-peer applications. In most situations, downloading or uploading even one small portion of a copyrighted work without permission constitutes copyright infringement. File sharing also increases the likelihood that others could gain access to confidential data on your computer or install destructive computer viruses that could spread across the university’s network.

If you illegally download, upload, copy, or distribute copyrighted content, even unintentionally, you risk legal action and criminal prosecution, which could result in severe fines, personal financial loss or even imprisonment. For example, the U.S. Court of Appeals for the First Circuit recently affirmed a lower court’s decision to fine a former Boston University graduate student $675,000 for illegally downloading and sharing 30 digital songs online (see Sony BMG Music Entertainment, et al. v. Joel Tenenbaum). Violating a copyright while using any university network or equipment may:

  • Result in a permanent record at the university.
  • Serve as evidence in court.
  • Adversely affect your academic status and employment, up to and including discharge.

Be aware that copyright holders such as the Recording Industry Association of America (RIAA) and the Motion Picture Association of America (MPAA) are using automated systems to detect even small amounts of file sharing, and they are aggressively pursuing infringements. In addition, the university is increasing the logging and analysis of its wireless network activity to include monitoring of peer-to-peer file sharing.

The university acts quickly when notified of alleged copyright infringements. It refers incidents to appropriate campus officials and takes steps to stop any unauthorized download or distribution of copyrighted materials.

The following resources can help you become better informed about copyright and copyright law:

For assistance with removing P2P file sharing applications and copyright infringing materials, contact the NC State Help Desk at 919.515.HELP (4357).

Back to top

02: Data center maintenance to impact major campus services Sept. 20-21
OIT will perform maintenance on the infrastructure of the university’s primary data centers from 7 a.m. Saturday, Sept. 20 through 6 p.m. Sunday, Sept. 21.

OIT services with dependencies on Data Center 1 and Data Center 2 may be degraded or unavailable for extended periods during this time. Impacted services include, but are not limited to the:

  • MyPack Portal
  • Human Resources, Financial and Student systems
  • Hosted systems
  • cPanel Service: MySQL upgrade
  • Networked Attached Storage (NAS) shares and exports
  • Backup services

For more information, contact the NC State Help Desk at help@ncsu.edu or 919.515.HELP (4357) or see the SysNews announcement.

Back to top

03: NC State to develop Cyber Security Roadmap to protect against security threats
Security threats, such as phishing attacks, not only attempt to steal NC State’s data and interrupt its business processes but also threaten the university’s ability to deliver core functions of teaching, research and outreach. Cyber criminals and hacktivists are organized in their efforts to penetrate campus defenses, and by many measures, they are winning.

The distributed nature of the university computing environment adds more complexities to the fight against cyber threats. Individual IT units, already stretched for resources, typically do not stand a chance against the threats of today. In fact, many do not have the tools and resources to monitor their computing systems to detect breaches when they occur. In addition, NC State also has a myriad of external compliance mandates that dictate the security controls that must be implemented to protect various data types.

Recognizing the magnitude of this problem, the university made a strategic decision to protect against cyber threats through a comprehensive and orchestrated approach, where all constituents play a key role in defending systems, processes and business functions. As part of the University Strategic IT Plan, OIT Security and Compliance is developing the NC State Cyber Security Roadmap, a framework that will consist of the right set of policies and procedures, tools and technologies, trained IT support personnel, and knowledgeable users to enable the campus community to succeed in protecting personal and university assets. This roadmap leverages the National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity (NIST CSF), which divides security into five core areas to identify functional security needs:

  • Identify
    Inventory and develop an understanding of systems, assets, data, and capabilities to effectively address cybersecurity risks.
  • Protect
    Develop and implement appropriate safeguards to ensure delivery of critical services, protection of sensitive data and compliance with mandates.
  • Detect
    Develop and implement appropriate monitoring activities to identify and address the occurrence of a cyber security event in a timely manner.
  • Respond
    Implement appropriate activities in response to detected cyber security events.
  • Recover
    Develop and implement appropriate activities to restore impaired capabilities or services due to cyber security events. Recognize that, even with a comprehensive and orchestrated security strategy, cyber security events will occur and cause disruption.

The cyber security roadmap will help the university prioritize its investment to fight cyber threats in a manner that addresses top risks and ensures its security program aligns with its needs. The roadmap will:

  • identify gaps in current cyber security practices and capabilities.
  • provide a prioritized listing of desired improvements, tools, capabilities, and resources as well as a timeline to achieve the desired state.
  • provide financial investment projections to plan and budget adequately to achieve cybersecurity goals.

OIT Security and Compliance will solicit assistance from major stakeholders across the university to ensure the roadmap truly captures the university’s needs. Look for opportunities to provide input into the development of the roadmap in the coming months.

Back to top

04: October is National Cyber Security Awareness Month: Protect Yourself! Protect the Pack
More than 65,000 computer-related devices connect daily to the NC State network. This connectivity enables the campus community to teach, learn, conduct business processes, and tap into innumerable resources around the world.

It also presents many opportunities for cyber criminals to penetrate campus security defenses. You can help foil these attacks by employing simple yet important measures to keep yourself and the campus safe.

Learn how during National Cyber Security Awareness Month in October. This year, OIT will sponsor “Protect Yourself! Protect the Pack,” a month-long event to inform campus IT users about security measures, including mobile device security, antivirus protection, 2-step verification, password protection and security updates.

October 2014 marks the 11th annual event sponsored by the Department of Homeland Security in cooperation with the National Cyber Security Alliance “to increase the awareness and prevention of online security problems.”

During this month, OIT invites you to participate in several activities:

  • Mobile Device Security Checkpoint
    Co-sponsored with NC State Department of Computer Science, ePartners Program and NC State Engineering Foundation
    11 a.m. to 3 p.m., Wednesday, Oct. 22 (Rain date, Thursday, Oct. 23)
    The Brickyard
    OIT Security and Compliance staff will run a very quick diagnostic check on your iPhone, Android or BlackBerry phone, or on your Windows or Mac laptop or iPad to see if your device is protected against the most common risks. Light refreshments will be available, and you will have the opportunity to play great games and win prizes.
  • Mobile Device Security presentations
    Campus IT experts will take you step-by-step through measures recommended — and required if you have a university-owned device — to secure your iOS and Android devices. You’ll leave the session with the peace of mind gained by knowing your devices are secure. Light refreshments will be provided. Sessions include:

  • Benefits of Google’s 2-Step Verification
    Noon, Friday, Oct. 17
    216 Scott Hall
    Google’s 2-Step Verification can help prevent your Google account from being compromised by phishing attacks. You will receive an overview of 2-Step, benefits of activation, and step-by-step instructions for enabling 2-Step on your account. Light refreshments will be available.

Register for the presentations via Classmate. Visit OIT’s Cyber Security Awareness Month website for more information on this year’s events, including the upcoming SANS Securing the Human Video contest.

Back to top

05: Captioning Grant available
NC State has established a Captioning Grant to assist faculty in creating captions for videos. The grant provides funding for captioned video when:

  • a student with a disability requiring this accommodation registers in a course that uses video.
  • an instructor wants to proactively create captions for a video.

To apply for the grant, faculty should complete the application form available via the Captioning Grant website. Grants are awarded in September, February and June.

For the current award period, grant applications are due by 5 p.m. Friday, Sept. 19. Remember that applications:

  • can be submitted at any time during the academic year.
  • to meet the needs of a student with a disability will be processed immediately.
  • for proactive captioning will be processed only in September, February and June.

You may direct all questions to it-access@ncsu.edu.

Back to top

06: OIT provides public access to NC State course offerings
If you’re an existing student or one who’s interested in joining the WolfPack family, NC State now offers an open-door experience, whether you are committing to one class, a career or life-long learning.

During the summer, OIT and Registration and Records gave Class Search, the online schedule of available classes, a more user-friendly public interface. Now anyone can search and retrieve available or scheduled classes by term.

The university Course Catalog was also integrated with Class Search this summer. Like the printed version, the digital course catalog lists all university courses, including scheduled and nonscheduled courses.

This fall, OIT and Registration and Records will add a third functionality, Degree Audit, to Class Search so that individuals can view course requirements for a particular degree. Once enrolled students select their classes, they can then register for them via the MyPack Portal.

Back to top

07: Update your office and research locations in MyPack Portal by Oct. 1
In accordance with the university’s current Strategic Planning initiatives and ongoing efforts to develop a space plan, the University Space Committee has charged the Office of the University Architect, Human Resources and OIT with “linking” university personnel to their offices and research spaces. This effort:

  • aligns with the university’s commitment to promote the most effective and efficient use of campus space by becoming more strategic in use and allocation of space.
  • will result in better data for emergency response teams.
  • will improve notification of building-related projects and utility outages.

All university employees should log in to the MyPack Portal to confirm or update their office and research locations by Wednesday, Oct. 1. For more information, including instructions to update your work location, see Updating Personnel Office and Research Locations in MyPack Portal.

Back to top

08: Uncover the “To” secret in Gmail
Inside your Gmail compose window, there’s an inconspicuous yet helpful shortcut to add contacts to your messages. To do so:

  • Click directly on “To,” “CC” or “BCC” to display the “Select contacts” dialog box.
  • To locate personal, group and NC State Directory contacts, select the “My contacts” drop-down menu. You also have the option to search for a contact or check “Select all” in the “Select contacts” dialog box.
  • Choose contacts.

Want to create a personal contact group? Select “Save as group” at the bottom of the “Select contacts” window.

 

Back to top

09: OIT to offer Google Apps and WordPress training
Upcoming OIT training workshops include:

  • Google Slides will be offered on Tuesday, Sept. 16 from 9 a.m. to 11 a.m. in ITTC Lab 2 of D.H. Hill Library. This session will focus on how to create, edit and share presentations. It will also include themes, transitions, animations, and more. If you would prefer to use your own laptop, feel free to bring it. To register, visit Classmate.
  • Google Sheets will be offered on Friday, Sept. 19 from 10 a.m. to noon in Room 110 of the Avent Ferry Technology Center. During this two-hour workshop, you will be given an overview of Sheets and learn how it differs from Microsoft Excel. You will also learn about features, including formatting options, find and replace, and notifications. To register, visit Classmate.
  • Gmail: Advanced Tools, Tips & Tricks will be offered on Wednesday, Sept. 24 from 9 a.m. to noon in ITTC Lab 2 of D.H. Hill Library and again on Wednesday, Oct. 15 from 9 a.m. to noon in Room 110 of the Avent Ferry Technology Center. If you’re comfortable with the basics of Gmail and are ready to take it to the next level, this more advanced hands-on workshop is for you. You will learn more about creating labels, filters and canned responses, scheduling Google Calendar Events, and using Google Drive through Gmail, along with any planned or newly released Google features. To register, visit Classmate.
  • Create and Collaborate with Google Drive will be offered on Friday, Sept. 26 from 10 a.m. to noon in ITTC Lab 2 of D.H. Hill Library. In this hands-on workshop, you will learn how to use Drive in a collaborative environment, including editing a file simultaneously with other people, securing a document through file-sharing permissions, and creating files for use by a group of colleagues or friends. For this workshop, you will need to have an active NC State Unity account with access to Google Apps at NC State. If you would prefer using your own laptop or other mobile device, feel free to bring it. To register, visit Classmate.
  • Gmail: Beyond the Basics will be offered on Wednesday, Oct. 1 from 9 a.m. to noon in ITTC Lab 2 of D.H. Hill Library. This workshop will provide an in-depth overview of Gmail features, including Labels, Search tools, Contacts management, Chat, Tasks, Settings, Labs, and new features. If time permits, a brief introduction to Google Hangouts will be provided. To register, visit Classmate.
  • Google Calendar will be offered on Wednesday, Oct. 8 from 9 a.m. to noon in Room 110 of the Avent Ferry Technology Center. If you’re comfortable with the basics of Google Calendar and are ready to use some more of its features, this hands-on workshop is for you. This workshop will focus on features such as appointment slots, event attachments, maps and directions, sharing and embedding calendars, labs, quick add, search options, mobile notifications, scheduling online meetings, and more. For prerequisite information and to register for this event, visit Classmate.
  • Introduction to Google Hangouts – Laptop/Desktop Application will be offered on Thursday, Oct. 9 from noon to 1:30 p.m. in Room 110 of the Avent Ferry Technology Complex. Come to this fun and interactive workshop to learn about Google Hangouts, Google’s free Web conferencing tool that allows you to communicate with others on campus or around the globe via video, audio and text messaging.  Learn how to use the Hangouts platform to share your screen and documents, add a personalized banner, and download apps that offer additional helpful features. This session will cover using Hangouts on your laptop or desktop only. You are encouraged to bring a laptop to the session or feel free to just observe. To register, visit Classmate.
  • Introduction to Google Sites will be offered on Friday, Oct. 10 from 10 a.m. to noon in ITTC Lab 2 of D.H. Hill Library. In this class, students will learn how to create a website using Google Sites, control access, and embed Docs, videos, images, and links. The workshop will also cover some customization and basic Web design principles. To register, visit Classmate.
  • Basics of WordPress will be offered on Tuesday, Oct. 14 from 10 a.m. to noon in Room 110 of the Avent Ferry Technology Center. Learn everything you need to know to get started using WordPress here at NC State. The workshop will cover topics including setup, configuration, themes, plug-ins, settings, options, and management of WordPress. To register, visit Classmate.
  • Google Forms will be offered on Tuesday, Oct. 21 from 9 a.m. to 11 a.m. in Room 110 of the Avent Ferry Technology Center. Are you looking for a way to easily create surveys, plan events or gather data? Are you interested in learning more about specific apps available in Google Drive? If so, don’t miss this interactive session on the basics of creating forms and viewing responses. You will also learn several advanced features, such as embedding forms in websites, adding page breaks and incorporating question validation. If you would prefer to use your own laptop, feel free to bring it. To register, visit Classmate.

For other available training sessions, see Classmate Scheduled Workshops. If you’re interested in custom software training for your department, unit or classroom, complete the Custom Training form. If you have any questions about OIT training, contact Katie McInerney, OIT training coordinator, at 919.513.4091 or via email at classreg@ncsu.edu.

Back to top

10: SAR training scheduled for Nov. 5
Security Access Request (SAR) training for campus requestors and approvers of access to secured university data will be held Wednesday, Nov. 5 from 9:30 a.m. to noon in Room 108 of the Avent Ferry Technology Center. Visit Classmate to sign up for training.

Back to top

11: OIT initiates security efforts to foil cyber attacks
OIT Security and Compliance is taking proactive steps to protect campus users and the university from potentially devastating impacts of cyber security breaches.

OIT is seeing significant increases in the number of users who fall victim to phishing attacks that trick them into divulging their university usernames and passwords. Their credentials are then used for malicious actions, such as attempts to gain unauthorized access to personal information or sensitive university systems and data as well as transmission of potentially embarrassing or damaging emails.

OIT is also noticing an increase in hacked websites that could be used to gain access to backend servers with potentially sensitive university data. Websites that accept payments (e.g., via PayPal and Yahoo Stores) are especially important, since they may impact the university’s Payment Card Industry (PCI) compliance program.

In addition, attackers are targeting older systems (e.g., Windows XP) on the network with known security weaknesses. While some of these machines may be low value targets, or void of any sensitive data, they can be used as launch points to higher value target systems that store sensitive data.

To address these issues, Security and Compliance is eliminating vulnerabilities identified on the campus network, including:

  • Disabling suspected compromised user accounts until the user takes recommended security actions (e.g., contacting the NC State Help Desk to reset passwords).
  • Blocking all Windows XP computers identified on the network. For more information, see OIT blocks Windows XP machines from the campus network.
  • Disabling websites that are not registered with Merchant Services but are accepting credit payments.

For more information, contact the NC State Help Desk at 919.515.4357 (HELP) or help@ncsu.edu.

Back to top

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Subscribe to OIT News:

To subscribe or cancel your subscription online, go to  http://go.ncsu.edu/subscribe-oitnews

To subscribe by email, send the following message to mj2@lists.ncsu.edu: subscribe oitnews

To unsubscribe by email, send the following message to mj2@lists.ncsu.edu: unsubscribe oitnews