OIT News – September 2016

OIT News
Monthly news briefs, information and announcements
Office of Information Technology, NC State University
Issue 107, September 2016

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Follow OIT on Twitter @ncsu_oit
For up-to-the-minute reports on OIT systems, see SysNews
For help with computing problems, contact the NC State Help Desk

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

01: NC State to celebrate National Cyber Security Awareness Month 2016
02: University warns students and employees of illegal peer-to-peer file sharing
03: OIT continues to enforce Google 2-Step Verification for purple data users
04: Save the date! Celebrating 5 Years of Google at NC State
05: Duo pilot for Shibboleth logins is in full swing
06: New security measures in Gmail
07: IT Accessibility Office offers workshops
08: Be imaginative with Adobe Creative Cloud
09: Become a WordPress pro at WordCamp Raleigh!
10: OIT offers Google Apps, WordPress Security, Cisco WebEx, and ServiceNow training
11: SAR training scheduled for Oct. 26
12: Will your password be unbroken?
13: Central IT extended maintenance planned this weekend

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

01: NC State to celebrate National Cyber Security Awareness Month 2016
It’s the simple truth: phishing attacks are increasing on NC State’s campus, and no one can better protect you or the university against these types of cyber crimes than you!

Phishing attacks often come in the form of malicious email links and attachments that, when opened, allow phishers to access your personal information. Phishers can then use this information against you in a number of ways. By impersonating you, phishers can send scam emails to your contacts list in your Google Apps account, luring unsuspecting co-workers, family and friends into phishing scams. Remember, once they have your account information, anything you can do, they can do: read and delete emails, download attachments, and even access other accounts you use, like Amazon, Facebook and Twitter. If phishers steal your account information or other personal data, the possibilities to do you harm are endless, so don’t take the bait!

During National Cyber Security Awareness Month (NCSAM) in October, the Office of Information Technology (OIT), along with the NC State Department of Computer Science, ePartners Program, and NC State Engineering Foundation, will co-sponsor “Protect the Pack: Don’t Get Phished!” This month-long event will help campus users learn how to identity and stop the spread of phishing attacks on campus. October 2016 marks the 13th annual event sponsored by the Department of Homeland Security in cooperation with the National Cyber Security Alliance “to increase the awareness and prevention of online security problems.”

This year’s activities will highlight the Make it Your Mission to Stop Phishing Fair, a carnival-style event featuring a variety of games, a phish-themed photo booth, phish tattoos, and great prizes. Plus, you’ll learn great tips to keep your data safe from phishing attacks, all while enjoying tasty fair food, including Howling Cow ice cream and buttered popcorn. Play all of the games and enroll in Google 2-Step Verification to increase your chances to win the grand prize! The event will be held on Tuesday, Oct. 4 from 11 a.m. to 3 p.m. in the Talley Student Union Mountains Ballroom.

Come face-to-face with the FBI Cybersquad on Tuesday, Oct. 25 from 10 a.m. to 12:30 p.m. in Stewart Theater in the Talley Student Union. Dedicated to investigating and preventing cybercrime, special agents John Maser and Scott Bennett will present on cyber threats and trends that are seen nationally as well as those that target higher education. Agents will examine personal computer safety and provide recommendations to protect yourself online. They also will provide an overview of FBI cyber careers and internship opportunities and will meet one-on-one with participants, following the presentation. Participants will have the opportunity to win great prizes. To register, visit Classmate.

Other events include five security presentations:

Secure Your Android Devices
Noon to 1 p.m. Thursday, Oct. 13
216 Scott Hall

Do you know if your Android is really secure? Have you implemented the right security measures? No worries. Josh Snapp of Information Technology and Engineering Computer Services (ITECS) will take you through step-by-step recommendations — and requirements if you have a university-owned device — to secure your Android devices. Leave his session with a secure mindset. There will be a pizza luncheon and the opportunity to win great prizes. To register, visit Classmate.

Secure Your iOS Devices (iPhone and iPad)
Noon to 1 p.m. Wednesday, Oct. 19
216 Scott Hall

At their core, Apple mobile devices are generally designed with the best security available, but there are simple security measures you must enable to protect your personal and valuable data. Darren Fallis of OIT Security and Compliance will show you how to use a screen lock passcode, encrypt and back up your data, locate your device if it’s lost, and much more. There will be a pizza luncheon and the opportunity to win great prizes. To register, visit Classmate.

Phishing 101 and Google 2-Step Verification
Noon to 1:30 p.m. Thursday, Oct. 20
Room 110, Avent Ferry Technology Center

Do you know what phishing is or what a phishing scam looks like? Nik Davlantis of OIT Technology Support Services will show you recent examples of phishing attempts on campus and share valuable tips, so you will be able to identify a phishing scam on the spot. You’ll also learn how Google 2-Step Verification can further protect your Google Apps account from being compromised, and you will have the option to set up your account with 2-Step. Bring your mobile device to complete the setup process. There will be a pizza luncheon and the opportunity to win great prizes. To register, visit Classmate.

Tool Talk I: Identity Finder and CloudLock
Noon to 1:30 p.m. Thursday, Oct. 27
Room 106, Avent Ferry Technology Center

Protecting your data on campus is a very sensitive topic — one that needs further discussion. Campus system administrators are invited to learn more about the scanning tools in the Sensitive Information Identification and Response (SIIR) project, as well as the methods OIT Security and Compliance employs to remediate the findings. During this Tool Talk, Jason Maners of OIT Shared Services and Kerry Digou of OIT Security and Compliance will demo Identity Finder, a discovery tool that searches for sensitive data on personal computers, network drives and servers, and CloudLock, a cloud-based solution that searches for sensitive information in Google Drive, ServiceNow, Office 365, and other cloud-based services. Join us for a pizza luncheon and the opportunity to win great prizes. To register, visit Classmate.

Tool Talk II: Protect Your Services With Duo 2-Factor Authentication
Noon to 1 p.m. Monday, Oct. 31
Room 106, Avent Ferry Technology Center

Multi-factor authentication is becoming more commonplace as well as a requirement for many university systems. Using Duo 2-Factor Authentication, Darren Fallis and Kerry Digou of OIT Security and Compliance will demonstrate to campus IT staff how multi-factor authentication plays a role in the administration of various campus services and will discuss preferred strategies to integrate Duo into their campus systems. There will be a pizza luncheon and the opportunity to win great prizes. To register, visit Classmate.

For more event information, visit NC State’s Cyber Security Awareness Month 2016 website.

Back to top

02: University warns students and employees of illegal peer-to-peer file sharing
NC State University students, faculty and staff are reminded of the personal risks and legal consequences of unauthorized distribution of copyrighted materials, including illegal peer-to-peer file sharing.

Music, movies, videos, games, and other online media are protected by (or subject to) copyright laws. It is usually illegal to share them via peer-to-peer applications.

All students, faculty and staff are expected to respect the intellectual property rights of others and refrain from copyright infringement. In many situations, downloading or uploading even one small portion of a copyrighted work without permission constitutes copyright infringement. File sharing also increases the likelihood that others could gain access to confidential data on your computer or install destructive computer viruses that could spread across the university’s network.

If you illegally download, upload, copy, or distribute copyrighted content, even unintentionally, you risk legal action and criminal prosecution, which could result in severe fines, personal financial loss or even imprisonment. For example, a former Boston University graduate student was fined $675,000 for illegally downloading and sharing 30 digital songs online. See Sony BMG Music Entertainment, et al. v. Joel Tenenbaum, 719 F.3d 67 (1st Cir. 2013). Violating a copyright while using any university network or equipment may:

  • result in a permanent record at the university
  • serve as evidence in court
  • adversely affect your employment, up to and including discharge

Be aware that copyright holders such as the Recording Industry Association of America (RIAA) and the Motion Picture Association of America (MPAA) use automated systems to detect even small amounts of file sharing, and they aggressively pursue infringements. In addition, the university is increasing logging and analysis of its wireless network activity to include monitoring of peer-to-peer file sharing.

The university acts quickly when notified of alleged copyright infringements. It refers incidents to appropriate campus officials and takes steps to stop any unauthorized download or distribution of copyrighted materials.

The following resources can help you become better informed about copyright and copyright law:

For assistance with removing P2P file sharing applications and copyright infringing materials, contact the NC State Help Desk at 919.515.4357 (HELP).

Back to top

03: OIT continues to enforce Google 2-Step Verification for purple data users
In July, OIT implemented a new policy requiring campus users with access to purple or sensitive data to enable Google 2-Step Verification on their Google Apps @ NC State account and any Google Generic Accounts (centrally shared accounts) to which they are listed as owners or contacts in Web Registry.

The initial round affected campus users in OnBase Imaging, Human Resources, Financial and Student systems, and other identified users with known permission roles to access sensitive data.

OIT is now continuing its policy enforcement to include specific units whose employees are handling sensitive information (purple data) and who were not included in the initial round. In many cases, these campus units will implement Google 2-Step for their entire staff. The targeted deadline to implement Google 2-Step in this second round is Tuesday, Nov. 1. OIT will notify individuals who will be impacted by this second round of 2-step enforcement and will inform them of training and drop-in sessions.

While 2-Step Verification is not yet mandatory for all employees, OIT strongly encourages all campus units to enable it now. To enroll, see Google 2-Step Verification.

We would also like to remind you that NC State University will never ask you for your password or security codes for Google 2-Step Verification. Please do not share this information with anyone.

Back to top

04: Save the date! Celebrating 5 Years of Google at NC State
NC State will be celebrate “5 Years of Google” on Wednesday, Nov. 30 — exactly five years from “Google Day,” when all campus users officially moved to Google Apps @ NC State!

Mark your calendar and save the date to attend this half-day event from 12:30 p.m. to 4 p.m. in the Talley Student Union Piedmont-Mountains Ballroom. The event will feature keynote speaker Jonathan Rochelle, director of Google Product Management and co-founder of Google Docs, Google Drive and other apps in the suite, including Sheets, Slides, Forms, Apps Script, and Fonts.

Rochelle is primarily responsible for Google Apps for Education, which reaches more than 40 million students and educators, and most recently launched Google Classroom and Google Expeditions. Drop by to see what is on Google’s horizon.  

The event also will feature engaging “lightning talks” about the implementation of Google’s tools on campus, various information booths, a video demo slam contest, and many great prizes.

Visit 5 Years of Google at NC State to get more details, add this event to your calendar and request updates as they become available.

Back to top

05: Duo pilot for Shibboleth logins is in full swing
On Sept. 7, OIT enabled Duo Two-Factor Authentication for all Shibboleth logins in the production environments. Shibboleth provides login access to many campus systems, including the MyPack Portal, Web leave, ServiceNow, and numerous departmental-hosted systems.

Two-Factor Authentication, also referred to as 2-Step Verification, provides an additional layer of security during the login process. Google 2-Step Verification has been available for Google Apps @ NC State accounts for quite some time, and adoption is increasing. In the near future, OIT will mandate usage of Duo Two-Factor Authentication for the Shibboleth authentication service to enhance data and account security.

OIT is continuing to test the new authentication process with various campus groups and looks forward to enrolling more campus IT users into Duo in the coming weeks. Feedback from these pilot groups is being used to improve the authentication process and to develop user documentation and a web presence.

Additional project and migration details will be available in future editions of OIT News and via SysNews.

Back to top

06: New security measures in Gmail
Google has rolled out two new security warnings to keep you and your email safe.

First, Google is requiring that mail messages be authenticated (or the sender verified) with either Sender Policy Framework (SPF) or DomainKeys Identified Mail (DKIM) protocols.

questionmarkIf a message cannot be authenticated, Google will place a question mark in place of your profile photo or avatar if you are accessing email via the Web or an Android device.

OIT is working to enable both SPF and DKIM in its domain.

warningAlso, if you are accessing your email via the web and click on an email link known for suspicious content, you will receive a warning message in your browser before continuing to the site.

Even though these security warnings may not necessarily indicate an actual threat, you are encouraged to use additional caution when you access the accompanying email.  

Please note that while your email may display differently in your Gmail Inbox, the content of the email will NOT be impacted by these new security features. For more details on how these security measures will impact your university accounts, see the related SysNews post.

To learn more about these enhancements and other new Google features, check out the latest edition of What’s New In Google Apps.

For training tips, follow the NC State Google Services Team on Google+. To view upcoming workshops, visit Classmate.  

Back to top

07: IT Accessibility Office offers workshops
NC State’s IT Accessibility Office will offer three workshops this fall to show you how to incorporate accessibility into your design and workflows. The workshops include:

  • Five Simple Ways to Increase Accessibility in Your Design
    3 p.m. to 4 p.m. Tuesday, Oct. 4
    Room 106 of the Avent Ferry Technology Center
    To register, visit Classmate.
  • Managing PDF Accessibility
    3 p.m. to 4 p.m. Tuesday, Nov. 1
    Room 106 of the Avent Ferry Technology Center
    To register, visit Classmate.
  • Supporting Accessibility on Campus: Working with Vendors
    3 p.m. to 4 p.m. Tuesday, Nov. 22
    Room 106 of the Avent Ferry Technology Center
    To register, visit Classmate.

Back to top

08: Be imaginative with Adobe Creative Cloud
Make your drab website, poster or video a work of art with Adobe Creative Cloud suite.

Now available to NC State faculty and staff, Creative Cloud provides access to a vast collection of Adobe software for graphic design, video editing, web development, and photography. The suite includes Acrobat Professional, Photoshop, InDesign, After Effects, and Premiere Pro.

You may install Creative Cloud on two computers only — two university owned computers or one university computer and one personal computer.

Get started with Creative Cloud, by requesting access via the Software @ NC State website. You will need to indicate your affiliation with the university and if you have administrative rights to your computer. If you are a managed desktop user without administrative access to your desktop, you will need to have your IT support staff install it for you.

Back to top

09: Become a WordPress pro at WordCamp Raleigh!
You’re invited to Raleigh’s annual WordCamp on Saturday, Sept. 24 and Sunday, Sept. 25 in Engineering Building 2 on NC State’s Centennial Campus. The event begins at 9:15 a.m. on Sept. 24 and includes an after-party event.

Organized by the Raleigh community and hosted by NC State, this weekend-long event will be filled with numerous sessions aimed at beginners, business users, developers, and WordPress power users. Learn the 10 must-have design elements for your website as well as how to troubleshoot WordPress, avoid being hacked, and much more! See the WordCamp website to review the full event schedule. Registration is $35.

Back to top

10: OIT offers Google Apps, WordPress Security, Cisco WebEx, and ServiceNow training
Register early for these popular sessions:

  • WordPress Security will be offered on Tuesday, Sept. 20 from 10 a.m. to 11:30 a.m. in Room 106 of the Avent Ferry Technology Center. This course will cover security vulnerabilities of WordPress environments, how to recover from a hack and tips to secure your site. To register, visit Classmate.
  • Cisco Jabber: Your all in one Collaboration tool! will be offered on Tuesday, Sept. 20 and Friday, Oct. 14 from noon to 1 p.m. in Room 110 of Avent Ferry Technology Center. This Lunch and Learn event will provide an overview of how Cisco Jabber streamlines communications and enhances productivity by unifying presence, instant messaging, voice, video, voice messaging, screen sharing, and conferencing capabilities securely into one client on your desktop and mobile device. To register, visit Classmate.
  • Gmail: Advanced Productivity will be offered on Wednesday, Sept. 21 from 9 a.m. to noon in Room 110 of the Avent Ferry Technology Center. Building on Gmail: More than your Inbox, this advanced hands-on workshop takes Gmail to the next level. You will learn more about labels, filters, canned responses, scheduling Google Calendar Events, Hangouts, and using Google Drive through Gmail, along with any planned or newly released features. To register, visit Classmate.
  • Google Sheets will be offered on Thursday, Sept. 22 from 10 a.m. to noon in Room 110 of the Avent Ferry Technology Center. During this two-hour workshop, you’ll learn how to integrate Sheets with other apps in Google Drive. The session also will focus on several specific features, including formatting options, find & replace, notifications, conditional formatting, and more! To register, visit Classmate.
  • Cisco WebEx will be offered on Wednesday, Sept. 28 from noon to 1 p.m. in Room 110 of the Avent Ferry Technology Center. This Lunch & Learn will provide an overview of how Cisco WebEx online meetings enable you to virtually meet, share content and video conference with anyone in the world with an Internet connection, including mobile users! To register, visit Classmate.
  • OIT-Advanced OS X Management with Casper will be offered on Wednesday, Sept. 28 from 1:30 p.m. to 4:30 p.m. in the B3 Conference Room of the Hillsborough Building. This course will cover best practices to manage OS X devices. To register, visit Classmate.
  • Create, Collaborate & Get Organized with Google Drive will be offered on Thursday, Sept. 29 from 9 a.m. to 11 a.m. in Room 100 of the Avent Ferry Technology Center. Google Drive is the backbone of your Google experience, combining storage, access, sharing, and collaboration with the power of Google Apps. During this hands-on workshop, you will learn how to use Drive to manage your resources in a collaborative environment. Topics will include organizing files and folders, securing documents through file sharing permissions, group editing and collaboration, and common Google Apps tools. To register, visit Classmate.
  • Google Docs – More than a Text Editor will be offered on Tuesday, Oct. 4 from 9 a.m. to 11 a.m. in Room 110 of the Avent Ferry Technology Center. This web-based word processor provides users the ability to create and format documents while collaborating on projects with ease. Additionally, it can be used with a variety of devices, including desktops, laptops, tablets, and smartphones. All files are stored in the Cloud, so they are available any time from anywhere and from any device. To register for this event, visit Classmate.
  • Five Simple Ways to Increase Accessibility in your Design will be offered on Tuesday, Oct. 4 from 3 p.m. to 4 p.m. in Room 106 of the Avent Ferry Technology Center. During this workshop, you will learn how to make sites navigable using the keyboard, how to organize materials with headers, how to use alt tags, how to use color effectively, and how to make communication more accessible. To register, visit Classmate.
  • Gmail: More than your Inbox will be offered on Thursday, Oct. 6 from 9 a.m to noon in Room 110 of the Avent Ferry Technology Center. This workshop will provide an in-depth overview of Gmail features, including an emphasis on labels and search tools, contacts management, chat, tasks, settings, labs, and new features. A reference with many additional helpful resources will also be provided. To register, visit Classmate.
  • Google Forms: Data Collection and Analysis will be offered on Tuesday, Oct. 11 from 9 a.m. to 11 a.m. in Room 110 of the Avent Ferry Technology Center. Learn to easily build surveys, plan events and gather data with Google Forms. This workshop will cover the basics of creating forms, collaborative editing, and viewing data in spreadsheets and charts. It also will highlight several advanced features, such as custom themes, page breaks, question validation, and embedding forms in websites. To register, visit Classmate.
  • Using ServiceNow will be offered on Wednesday, Oct. 12 from 2 p.m. to 4 p.m. in Room 110 of the Avent Ferry Technology Center. This course is designed to introduce the campus user to the ServiceNow Service Management suite of applications. Whether you are a transition user of the old Remedy call tracking system, an IT support staff member in a department already using ServiceNow, or someone who is interested in learning more about ServiceNow, this course will help you understand its functional uses and how you can integrate it into your workflow. To register, visit Classmate.
  • Introduction to Google+ will be offered on Thursday, Oct. 13 from 2 p.m. to 4 p.m. in Room 110 of the Avent Ferry Technology Center. This class will provide an overview of Google+ along with hands-on instruction for creating your own Google+ page. By the end of this workshop, you will learn how to update your profile, configure privacy settings, create and manage circles, post messages and photos, and much more! To register, visit Classmate.

Back to top

11: SAR training scheduled for Oct. 26
Security Access Request (SAR) training for campus requestors and approvers of access to secured university data will be held on Wednesday, Oct. 26 from 9:30 a.m. to noon in Room 110 of the Avent Ferry Technology Center. To register, visit Classmate.

Back to top

12: Will your password be unbroken?
In an age where cyber attacks and identity theft have become commonplace, a first-line defense against hacking is strong passwords. But just what makes a password strong? And is it enough to follow a few passwords rules, or is there more you can do to ensure your passwords keep your data out of the hands of hackers?

Consider passphrases. A passphrase is an expression or group of words that, when used as a passcode, is easy for you to remember but hard for hackers to guess. Passphrases are also generally longer than most passwords, making them more difficult to decode.

Remain strong. To help keep your passwords and passphrases unbroken, make them eight or more characters long with at least one number, one uppercase letter, and one lowercase letter. Don’t use more than five numbers in a row, such as a zip code or phone number that could be guessed. Also, use character substitution to keep them unique; for instance I like city lights is much harder to hack when written as !L1keC1tyL1g#t$. See the university Password Standard for additional information on choosing strong passwords.

Keep updated. Be sure to regularly change your passwords with brand new words or phrases, following the guidelines above. Updating your passwords every 90 days is a great start, but changing them even more regularly, such as monthly, is ideal. Also, make certain you use different passwords for different accounts and devices to reduce vulnerability to hacking.  

Get organized. To keep a handle on all your strong, unique and frequently updated passwords and phrases, use a reputable password manager service. Reference the SANS Ouch! Password Managers article for great tips on employing password managers.

Stay 2-Steps ahead. By setting up two methods of login verification, your account can only be accessed if both your password and another code are entered. The second code (either predefined or sent to you upon account log in) keeps you a step ahead of hackers by blocking them from your account, even if they have your password. To enable 2-Step on your Google Apps @ NC State account, see Google 2-Step Verification. To view a list of other applications that support 2-Step Verification, see also Two Factor Auth (2FA).

Back to top

13: Central IT extended maintenance planned this weekend
This week, Saturday, Sept. 17 through Sunday, Sept. 18, OIT will perform extensive system maintenance, such as data center improvements that require the shutdown and movement of equipment, hardware replacement and infrastructure configuration. This extended maintenance window will run from 6 a.m. Saturday to 6 p.m. Sunday.

Services expected to be offline for the majority of the maintenance window include, but are not limited to:

  • MyPack Portal
  • Human Resources, Financial and Student systems
  • OIT backup services
  • Virtual Computing Lab (VCL) services
  • WolfPrint services
  • Authenticated SMTP to smtp.ncsu.edu
  • conferences.ncsu.edu

No new accounts will be created on Saturday, Sept. 17.

Services that may experience intermittent periods of unavailability or slow performance during the maintenance window include, but are not limited to:

  • Shibboleth (Sites using Shibboleth for authentication will be impacted.)
  • www.ncsu.edu (NC State’s home page)
  • High Performance Computing (HPC) cluster, including access to storage from HPC nodes
  • SysNews
  • AFS hosted sites
  • cPanel, Hosted WordPress and WordPress blogs
  • LDAP (Updates will be available after the maintenance is completed.)
  • Kerberos
  • OIT hosted systems
  • Networked Attached Storage (NAS) shares and exports

The next planned extended maintenance windows that can possibly impact IT services will occur on Saturday, Nov. 5, 2016 through Sunday, Nov. 6, 2016.

For scheduled system changes and updates, see the Change Management Calendar or visit SysNews. If you have any questions, contact the NC State Help Desk at help@ncsu.edu or 919.515.4357 (HELP).

Back to top

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Subscribe to OIT News

To subscribe or cancel your subscription online, go to http://go.ncsu.edu/subscribe-oitnews

To subscribe by email, send the following message to mj2@lists.ncsu.edu: subscribe oitnews

To unsubscribe by email, send the following message to mj2@lists.ncsu.edu: unsubscribe oitnews