Security

NetID Modernization and Enhancement

All NetID users can be expecting some changes with the University’s authentication system at the end of June.

The University’s LDAP (Lightweight Directory Access Protocol) servers are being updated as a result of outdated infrastructure which poses a security risk to the University and its assets. The LDAP system that runs on the outdated infrastructure was designed some ten years ago and was built to support a much smaller user base than the University’s current approximately 34,700 users (combined sum of University faculty/staff, undergraduates, and postgraduates). University Information Technology Services (ITS) has taken this opportunity to redesign UConn’s NetID authentication system along with the architecture connecting the LDAP servers.

“We reorganized how the servers interact with each other — streamlined it and minimized its footprint and the cost to support it,” said Marc Jones, the Student Affairs IT Systems Architect.

“We’ve also rewritten the codebase so we can use more modern coding languages.”

While this project doesn’t affect how NetIDs are provisioned or terminated, it does affect the way individuals interact with the NetIDs themselves. The primary changes surrounding NetID include the elimination of secret security questions to reset a NetID password (e.g. “What is your mother’s maiden name?”), the ability to reset a NetID password through a secondary, non-UConn email address or text message, and compliance with the University’s password requirements.

The University requires that passwords expire every six months, and NetID passwords haven’t been expiring for several years now. All students, faculty, and staff who have a NetID account can expect a password change sometime in the coming Fall ‘13 semester. The NetID Modernization and Enhancement project is a sub-project of the IAM (Identity and Access Management) project, a larger initiative to streamline the University’s system processes of identifying and granting levels of clearance to users across networks.

The go-live date for the NetID Modernization and Enhancement project is June 26, and NetID users can expect an immediate change.

For further questions regarding the project, please contact Marc Jones.

 

This article, by Tim Williams, first appeared in the June 12, 2013 issue of the Project Weeklies newsletter of the ITS Project Management Office.

Failover Test Successful

University Information Technology Services conducted a  successful test of the secondary failover site on Sunday, May 19.  The goal was to verify that continuity of the services listed below could be maintained at the Chemistry Building secondary site, with the same functionality as provided in the primary site in the Math/Science Building Data Center. Tested were: networking, authentication, web pages, and email.  Once the services were cut-over from MSB to Chemistry, the services were exercised at the failover site for more than two hours.

The following web pages were tested successfully:

  • Alert.uconn.edu
  • Itstatus.uconn.edu
  • Today.uconn.edu
  • Uconn.edu

Authentication protocols were tested successfully:

  • Active Directory
  • CAS
  • Kerberos
  • LDAP
  • RADIUS

Employee Email (Exchange) and all components worked:

  • We did experience a few documentation issues related to the email cut-over that we have identified and corrected.
  • We also had an issue with listserv messages delivering more quickly than our spam appliances were able to accept, resulting in some of the test messages being denied delivery.  We will modify the spam appliances to address this scenario.

Collaboration and communication through each phase was successful

  • Command Center in M001
  • Check List – hand offs

A follow-up meeting will be scheduled to discuss some off the items that surfaced during this test to refine the processes.

Jason Pufahl, Chief Information Security Officer, extended his appreciation to everyone who came participated early Sunday morning, adding that “it’s very gratifying to know that we have the ability to run these services in another site if necessary.”

UCONN-PUBLIC Officially Closed for Business

Monday, May 20,  marked a milestone in the offerings of wireless network available at the University.

UCONN-PUBLIC, the outdated wireless network, is officially “closed for business”.

Guests of the University should use the new UCONN-GUEST wireless network for their wireless needs. Those who have University NetID’s should use UCONN-SECURE for wireless services.

Information on how to connect to all the wireless networks available at the University can be found online at:  www.wireless.uconn.edu.

In the Event of an Emergency….

In late October [2012], Hurricane Sandy devastated portions of the Northeast and was one of the costliest hurricanes recorded, second only to Hurricane Katrina. When it reached Storrs, Connecticut, the University treated the hurricane as a serious event and anticipated the worst.

While the University wasn’t adversely affected by the storm, the tempest acted as a real eye-opener for ITS, as it prompted the need for an effective Business Continuity / Disaster Recovery (BC/DR) plan to ensure adequate levels of communication and data protection for the perceived disaster that was Hurricane Sandy.

In response to the hurricane and to improve disaster response efficacy, ITS is currently in the process of implementing a multi-phased project that will ensure the functioning of the University during times of crises. The project addresses all BC/DR activities such as prevention, protection, response, mitigation, and recovery.

In the event of a minor or catastrophic incident, the proposed project will ensure that all University-sanctioned avenues of communication, such as internet, University email, and the myUConn app will remain functional. The project also will address and support the University’s public safety directives and other protective services that cannot be allowed to fail in the event of a disaster or other unpredictable events. The project also addresses other issues, such as preventing the loss of irreplaceable data that is not backed-up offsite, which would lead to the loss millions of dollars in research and years of work.

Currently, 35 to 50 percent of all University computing, including critical administrative systems, is centralized in the Math Sciences Building Data Center at the Storrs campus, which is in dire need of remediation in order to bring the dated Data Center up to current IT standards (which is currently being addressed through the Data Center Rescue project). In its current state, the Data Center is prone to even minor disasters, and the BC/DR project aims to make suitable back-ups by installing a new, secondary Data Center at a still-to-be-decided location.

Additionally, the project also proposes to establish two active-active critical infrastructure protection sites, which will act as back-ups for critical key systems. One is already established inside the Chemistry building at the Storrs Campus, as it is on its own power grid, and the other is to be installed at the UConn Health Center (UCHC).

The BC/DR plan will be implemented in multiple stages. The first stage consisted of establishing a back-up system at the Chemistry Building. The second stage will consist of establishing a remote site at UCHC, and the third stage will consist of the final establishment of a secondary datacenter.

For any additional questions, please email Victor Font Jr., the ITS BC/DR Coordinator, at victor.font_jr@uconn.edu.

This article, by Tim Williams,  first appeared in the January 9, 2013 issue of Project Weeklies, the newsletter of the ITS Project Management Office.

 

In the Spotlight… An Introduction to CHERIS

CHERIS, the Connecticut Higher Education Roundtable on Information Security, is the brain child of the University’s Information Security Officer, Jason Pufahl.

The forum is a state-wide information security initiative that is open to all Connecticut higher education institutions. It is currently composed of 23 colleges and universities and the forum has had two meetings to date — the first one being here, at the University, and the second one at Quinnipiac, who co-founded the forum with UConn. The next meeting will be at Southern Connecticut State University.

The main purpose of the forum is for information security leaders, from the respective universities, to tackle  new and emerging security threats in the IT field, as well as exchange new ideas and practices to best combat such threats. For example, UConn’s ISO is currently working with Eastern Connecticut State University on security awareness through CHERIS.

For more information on CHERIS, email Jason Pufahl, the Information Security Officer, at jason.pufahl@uconn.edu.

 

This article, by Tim Williams, first appeared in the February 20, 2013 issue of the Project Weeklies newsletter of the ITS Project Management Office.

SafeConnect Performance Improvements Have Begun

The Information Security Office (ISO) has taken steps to address some of the problems associated with the SafeConnect application (i.e. repeated re-authentication and policy key download requirements). Impulse Point, the application vendor, has worked with the ISO to address the problems and determine solutions.

Users began to see an improvement in SafeConnect performance once it was re-enabled on Monday, April 22, 2013 AND only after one of the following situations occurred:

  • Wired network connections users will need to authenticate.
  • Wireless users on UCONN-SECURE will not need to authenticate.
  • Mobile devices on wireless, as well as devices without the policy key software, will likely need to open a web browser and browse to an external website if they lose connectivity, this action will restore network service.

SafeConnect policies will be enforced beginning  today, Tuesday, April 23, 2013.

  • Policies, in addition to authentication (such as antivirus requirements), will be assessed as they were the last time SafeConnect was online.

Users should contact the Technology Support Center 860.486.4357 for assistance/questions.

For more information, contact: Information Security Office at security@uconn.edu

UConn Information Security Officer Speaks at Cyber Security Forum

Jason Pufahl, UConn’s Chief Information Security Officer, was asked to testify before the state public safety and security committee at the State Capitol on April 18th. He spoke at the Informational Forum on Meeting the Need for a Cyber Security Workforce. The discussion and his testimony were televised on the Connecticut Network (CT-N), which provides television and webcast coverage of Connecticut state government and public policy.

 

Information Security Tip: Lock It When You Leave It

Never leave your computer logged in when you walk away, not even for a minute. Make it a habit to log off your workstation whenever you get up.

Remember to always leave your Windows computer locked by:

  • Pressing the keyboard shortcut combination of the Windows logo key and the letter “L” on a Microsoft natural keyboard. Get it? Leave Windows by pressing the Windows logo + L keys together to lock it up; or,
  • Ctrl+Alt+Delete keys together, and then press <ENTER>.

Remember to always leave your Mac computer locked by:

  • Using the keyboard shortcut of holding down the Control+Shift+Eject keys together. This will lock the Mac screen if you have enabled this setting under “System Preferences”.

If you do not have the password required feature enabled, then follow these simple steps to set this up on any Mac:

  1. Launch “System Preferences”.
  2. Open the “Security & Privacy” preference pane and select the “General” tab.
  3. Click the checkbox next to “Require password after sleep and screen saver” – you can select either immediately or a preferred time interval.
  4. Close “System Preferences”.

For more information, contact: Information Security Office at security@uconn.edu

HuskyHunt in Retrospect

In October 2012, the Internet Security Office (ISO) organized a university-wide scavenger hunt in order to increase internet security awareness among students. The initiative was dubbed HuskyHunt, and with over 1500 registered participants and positive reception of the program, the scavenger hunt was deemed a huge success.

Security topics covered throughout the game included password security, vPC (a virtual computer lab at UConn), phishing (act of obtaining information by masquerading as a trustworthy entity), the dangers of downloading media illegally, ecommerce safety, and privacy protection. Feedback from participants demonstrated that 90% of students found the topics relevant and another 63% stated they learned something new about internet security.

ISO plans to roll-out another HuskyHunt-esque game come Fall 2013, and students can expect new incentives to entice their participation, among other improvements. For more information, please contact Jason Pufahl, the Chief Information Security Officer, at jason.pufahl@uconn.edu.

 

This article, by Tim Williams,  first appeared in the January 16, 2013 issue of Project Weeklies, the newsletter of the ITS Project Management Office.