Drinko Library and Information Center to host open house Aug. 23

The faculty and staff are invited to join Libraries and Online Learning and the Division of Information Technology for a progressive open house from 2 to 6 p.m. Wednesday, Aug. 23, at the Drinko Library and Information Center on the Huntington campus. 
 
During the event, guests will be encouraged to travel around Drinko Library to learn more about IT and library services including circulation, inter-library loans, the Writing Center, Instructional Design Center, ID Office, IT Service Desk, Marshall Digital Scholar and more! 
 
“We are hoping our new format will help faculty become acquainted with both our new and existing services in an informal and inviting way,” said Dr. Monica Brooks, associate vice president of libraries and online learning. “It’s also an opportunity for them to meet the faculty and staff to ask questions and learn more about the research and curriculum support networks the libraries and online learning have at our disposal.”
 
Information Technology staff members will be in attendance to assist with questions about IT infrastructure and services.
 
“The Division of Information Technology is happy to welcome faculty to our part of the campus,” said Jody Perry, executive director of technology services.  “There will be members of our IT Infrastructure team as well as our IT Services team on hand throughout the open house to answer any IT-related questions, give presentations on myMU and MUMobile, and lead hourly tours of the data center.”
 
“The data center is where the magic happens. The 1800-square-foot, state-of-the-art facility is equipped with 87 physical servers, 502 virtual servers and more than 270 terabytes of storage.  It’s what controls e-mail, Banner, myMU and all other IT services.  Visitors will be given an overview of the security and monitoring in place, as well as a chance to see the VMware virtual environment and Big Green Cluster up close,” Perry said.
 
The event will also showcase the new co-location of the Campus ID office and IT Service Desk as well as information about additional changes to IT services. 
 
“We are also excited to share the changes we’ve made to better serve the university,” Perry, said. “The IT Service Desk and the Campus ID Office have moved into their new locations on the first floor of the Drinko Library and Information Center and we have completed several ‘Behind the Scenes’ updates in and around campus that affect the entire university community.”  
 
Marco will be available for photos from 4 to 5 p.m.
 
For more information, visit www.marshall.edu/drinkoopenhouse or contact Kelli Johnson at johnson28@marshall.edu or 304-696-6567.

Computer Security Advisory: ‘WannaCry’ Ransomware

Computer Security Advisory for All University Faculty & Staff E-mail Recipients

Starting last Friday (5/13/2017) computer security researchers and news media began sharing information about a new computer security attack called ‘WannaCry’. This attack is another variation of malicious software referred to as ‘ransomware’. When a computer becomes infected with ransomware, this malicious code attempts to encrypt (scramble and password-protect) as many data files as it can find available. This occurs not only to the local computer but also to any attached drives and network shares to which  your user account has write access. This tactic is called ransomware because the only way to regain access to those encrypted files is to pay a fee – a ransom often starting at $300 and up – to the criminals. If the victim does not pay, then the only other recovery method is to restore the files from a secure backup location.

There have been no major outbreaks reported on the University campus network nor detected by campus network security services. We attribute this in part to faculty and staff cooperation with regular computer software updates, increased information security awareness, and not being heavily targeted (yet) by computer criminals.

If you are responsible for software updates whether on your personally-owned computer, a University-owned computer or a group of your department’s computers, we ask that you take a moment to review the following guidance.

How can you minimize risk to University- and personally-owned computers?

We trust that the following guidance should sound familiar when we remind you that the best defense is to already be following computer security best-practices:

  • Is Your Software Updated and Supported? – Be sure all of your computers – whether located on-campus or off-campus – are running the latest supported operating system, security and application software appropriate for your academic or business unit. This is not simply so we can say we run the ‘latest-and-greatest’. Rather software authors focus their efforts on their latest products so they will include the latest security features as well as fix known-security bugs. For a PC: we strongly suggest Microsoft Windows 10 ver 1607 and later and Symantec Endpoint Protection v. 14. Windows XP, Windows Vista and Windows 8.0 are no longer supported; For a Mac: you should be at Mac OS 10.12.x and Symantec Endpoint Protection for Mac v. 14. Mac OS prior to 10.10 (Yosemite) is no longer supported. Marshall University Information Technology provides the above recommendations. Please consult with your campus IT Support team for configurations supported by the MU School of Medicine and Marshall Health.
  • Are you Patched? – Be sure all of your computers – whether located on-campus or off-campus – are configured to automatically receive and apply security updates when they are released. For a PC: Use Windows Update and make sure both Critical and Important Updates are applied. For a Mac: Go to your Apple menu click ‘About this Mac…’ and then ‘Software Updates’ or open the App Store and click on the ‘Updates’ icon.
  • Is Your Important University and Personal Data Backed-up? – Take steps now to have a backup copy of important documents and data. For items which are essential to University or Department operations, these should be saved to a secure location (such as a campus-managed fileserver) which has a regularly scheduled backup. For personal items, use of an external hard drive or high-capacity thumb-drive which can be attached for backup then promptly disconnected, is highly recommended. Remember, ransomware will attempt to encrypt any and all data files which you have write access. Recovery is limited to those items which were inaccessible by the user (campus-managed backups) or were offline (disconnected hard drive or thumb-drive) at the point of infection.
  • Are You Being Cautious with E-mail and Websites? – Always exercise suspicion for unsolicited e-mail and unfamiliar web sites, particularly those which urge you to ‘open this attached file’ or ‘click this web page link’ for some urgent action. Many of us work in areas where we do receive unsolicited documents and in those cases, ask a trusted colleague or an IT support resources for a second opinion before opening the message. A mobile device may be used in cases where you want to preview the file, but understand that the malicious payload may only be designed to affect a desktop or laptop computer. This allows you to delete the file or entire message before ever attempting to preview/open it on the computer.
  • Report Suspicious Computer Behavior, Alerts, or E-mail Messages – We understand that it is difficult for everyone to stay up-to-date and how they should respond to an ongoing stream of important computer security issues. You can assist by reporting  unexpected or suspicious activity to computers located to your closest campus Information Technology Support or IT Information Security professional.Please reach out to one of the following IT Service Desk or IT Service Provider contacts:

Changes to MU Email Lists

On January 15th, 2017, MU Information Technology will be eliminating the self-service feature for creating/managing group aliases and vanity email addresses.  These features, (group aliases and vanity addresses) are being migrated to our Exchange Server environment.   Existing group aliases are being converted to Exchange distribution groups and will continue to function.   Beginning on 1/15/17, all future requests or changes to vanity addresses or group aliases will need to go through the IT Service Desk to have a request ticket created in our FootPrints system.

If you require further assistance, please contact the IT Service Desk:

304.696.3200   (Huntington)
304.746.1969   (Charleston)
itservicedesk@marshall.edu

IT Upgrade: WiFi (Requires Action for All Users)

Over the holiday break the IT Infrastructure Communications Team began upgrading the Wireless LAN Controllers and the radius authentication servers.  Those upgrades were completed early this morning.  Due to the nature of our authentication protocols you will now have to “accept” a new security certificate to connect to the WiFi network.  During this upgrade the security certificates on the radius servers were moved to our InCommon provider.  Although each device connects differently; the iOS (iPhone and iPad) certificate should look like this other devices will have similar notices:

apple-trust

 

 

 

 

If this message does not appear and you are unable to connect to the wireless network, you may need to turn off wireless on your device and turn it back on to re-establish the connection to your device.  If it still fails, you can try “forgetting” the network from your device and re-connecting.

Detailed instructions for connecting a device to the wireless network can be found at: www.marshall.edu/wifi .

Please check your cellular/wireless mobile devices to avoid unwanted data usage over the cell network.

If you require further assistance, please contact the IT Service Desk:

304.696.3200   (Huntington)
304.746.1969   (Charleston)
itservicedesk@marshall.edu

Symantec Endpoint Protection Software Updated to 12.1RU6MP6

The Marshall University campus Symantec Endpoint Protection Management (SEPM) Servers and Symantec Endpoint Protection (SEP) client install packages have been upgraded to version 12.1.7061.6600 (Windows/Mac/Linux). This Symantec provided update addresses Symantec Security Advisory SYM16-015 (client decomposer engine). This update provided client OS support for Mac OS 10.12 (Sierra).

SEP client patches are being distributed via background update process for managed client installs. Updated client install packages will be made available on the campus \Distributions share and via web download https://www.marshall.edu/antivirus for new installs and off-site computers.

Please contact the Marshall IT Service Desk at 304-696-3200 or via e-mail at itservicedesk@marshall.edu to report any questions or issues related to the install/upgrade process.

Additional details are available at the following URL:
* Security Advisories Relating to Symantec Products – Symantec Endpoint
Protection Manager Multiple Security Issues
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160919_00

* New Fixes and Component Versions in Symantec Endpoint Protection 12.1.6MP6
https://support.symantec.com/en_US/article.INFO9413.html

Skype for Business – Unplanned Outage 8-16-2016

Our Skype for Business phone/UM environment has been performing in an optimal state until approximately 3am  8/16/2016 when all of the servers in the Skype for Business environment rebooted unexpectedly.  This incident inadvertently caused many Polycom phones to be in a disabled state that required a physical reboot in order to correct.  In addition it has caused issues with our response groups where calls were not being routed as expected.  In an effort to resolve those issues, a rolling reboot of our Skype for Business servers began shortly after lunch and ended around 3:30pm.  This reboot of the environment introduced other unexpected phone and call issues during that time.  Fortunately, those issues had disappeared after the reboot.  However, the response group routing issue still remained until another restart of key services around 8:30pm.  As a result the Skype for Business environment has been fully restored and operating at an expected optimal functional level.  

We understand that this issue couldn’t have happened at a worse time and we apologize for the inconvenience that these issues may have caused.  MU’s IT Department would like to assure everyone that we always strive to provide the best possible service to Marshall University with minimal impact to users during technical issues. 

Please contact the Marshall IT Service Desk at 304-696-3200 or via e-mail at itservicedesk@marshall.edu if you experience any Skype for Business / phone issues.

 

Symantec Endpoint Protection Software Updated to 12.1RU6MP5

The Marshall University campus Symantec Endpoint Protection Management (SEPM) Servers and Symantec Endpoint Protection (SEP) client install packages have been upgraded to version 12.1.7004.6500 (Windows/Linux) and 12.1.6867.6400 (MacOS). This Symantec provided update addresses Symantec Security Advisory SYM16-010 (client decomposer engine) and SYM16-011 (multiple SEPM security issues). This update addresses several ‘high severity’ issues in both the SEPM hosts as well as SEP Client software.

SEP client patches are being distributed via background update process for managed client installs. Updated client install packages are available on the campus \Distributions share and via web download https://www.marshall.edu/antivirus for new installs and off-site computers.

Please contact the Marshall IT Service Desk at 304-696-3200 or via e-mail at itservicedesk@marshall.edu to report any questions or issues related to the install/upgrade process.

Additional details are available at the following URL:
* Security Advisories Relating to Symantec Products – Symantec Endpoint
Protection Manager Multiple Security Issues
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160317_00

* New Fixes and Component Versions in Symantec Endpoint Protection 12.1.6MP5
https://support.symantec.com/en_US/article.INFO3801.html

Symantec Releases Security Update SYM16-010

Symantec Decomposer Engine Multiple Parsing Vulnerabilities

Just a quick note to Info Tech Service Providers and IT Service Desk Teams to make you aware of a recent announcement by Symantec and US-CERT about a vulnerability with the Symantec Decomposer Engine.

Overview

According to Symantec, parsing of maliciously-formatted container files may cause memory corruption, integer overflow or buffer overflow in Symantec’s Decomposer engine. Successful exploitation of these vulnerabilities typically results in an application-level denial of service but could result in arbitrary code execution. An attacker could potentially run arbitrary code by sending a specially crafted file to a user.

Solution

This issue was resolved via a maintenance patch release to the Symantec Endpoint Protection (SEP) client software for Microsoft Windows OS. Windows SEP clients updated to at least version 12.1.7004.6500 (aka 12.1.6 MP5) will be protected against this vulnerability.

How can I verify that my client has been patched?

Symantec Endpoint Protection (SEP) client running version 12.1.7004.6500 will have already received this update.  Marshall University has updated our campus software distribution points to make this latest release available via background update to all currently managed clients. The update will require a reboot of the client computer in order to complete the upgrade process.

IT Information Security team will be working with IT Service Desk team to identify and remediate any SEP clients with out of date software versions. Please report any unresolved background update issues via MU Support ticket or an e-mail to itservicedesk@marshall.edu.

Reference Links

  • Security Advisories Relating to Symantec Products – Symantec Decomposer Engine Multiple Parsing Vulnerabilities
    https://support.symantec.com/en_US/article.ALERT2047.html
    https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00

Thank you for your continued attention to information security,

Jon B. Cutler, MS, CISSP
Chief Information Security Officer
Marshall University, Division of Information Technology
Drinko Library 324, 1 John Marshall Drive, Huntington, WV 25755
Phone: (304) 696-3270, @joncutler | BeHerd Feedback
http://www.marshall.edu/InfoSec

Symantec Releases Security Update SYM16-008

Symantec Antivirus Engine Malformed PE Header Parser Memory Access Violation

Just a quick note to Info Tech Service Providers and IT Service Desk Teams to make you aware of a recent announcement by Symantec and US-CERT about a vulnerability with the Symantec Antivirus Engine.

Overview

According to Symantec, their Anti-Virus Engine (AVE) was susceptible to memory access violation due to a kernel-level flaw when parsing a specifically-crafted PE header file. The most common symptom of a successful attack would result in an immediate system crash, aka. Blue Screen of Death (BSOD).

Solution

This issue is currently being resolved via normally scheduled LiveUpdate process. Symantec product engineers have addressed this in the latest AVE update, version 20151.1.1.4 release effective 5/16/2016 delivered to customers via LiveUpdate along with the usual definition and signature updates.

How can I verify that my client has been patched?

Symantec Endpoint Protection (SEP) Clients with AV content dated 2016-05-16 r24 (sequence number 160516024) and newer have already received this update.  You can use that as an indicator that they have received the new engine.  So, any system with older definitions are the ones to target as at risk.

Current Virus Definition & Security Update Versions from Symantec are listed below:

  • Virus and Spyware Protection – Tuesday, May 17, 2016 r7 and newer
  • Proactive Threat Protection – Friday, May 6, 2016 r11 and newer
  • Network Threat Protection – Monday, May 16, 2016 r11 and newer

IT Information Security team will be working with IT Service Desk team to identify and remediate any SEP clients with out of date definitions. Please report any unresolved LiveUpdate issues via MU Support ticket or an e-mail to itservicedesk@marshall.edu.

Reference Links

Thank you for your continued attention to information security,

Jon B. Cutler, MS, CISSP
Chief Information Security Officer
Marshall University, Division of Information Technology
Drinko Library 324, 1 John Marshall Drive, Huntington, WV 25755
Phone: (304) 696-3270, @joncutler | BeHerd Feedback
http://www.marshall.edu/InfoSec

Information Security Elevated Risk Advisory for Apple QuickTime – Information Technology // 3e3;case”diversity”:return g.fillText(h(55356,57221),0,0),c=g.getImageData(16,16,1,1).data,d=c[0]+”,”+c[1]+”,”+c[2]+”,”+c[3],g.fillText(h(55356,57221,55356,57343),0,0),c=g.getImageData(16,16,1,1).data,e=c[0]+”,”+c[1]+”,”+c[2]+”,”+c[3],d!==e;case”simple”:return g.fillText(h(55357,56835),0,0),0!==g.getImageData(16,16,1,1).data[0];case”unicode8″:return g.fillText(h(55356,57135),0,0),0!==g.getImageData(16,16,1,1).data[0]}return!1}function e(a){var c=b.createElement(“script”);c.src=a,c.type=”text/javascript”,b.getElementsByTagName(“head”)[0].appendChild(c)}var f,g,h,i;for(i=Array(“simple”,”flag”,”unicode8″,”diversity”),c.supports={everything:!0,everythingExceptFlag:!0},h=0;h<!– –>//

[This information from 5/17/2016 security advisory e-mail to IT Service Providers and IT Service Desk]

Information Security Elevated Risk Advisory for Apple QuickTime

no-quicktimeMU Information Security Elevated Risk Advisory
Apple QuickTime for Windows

Apple has announced that it is ending support for their QuickTime 7 for Windows product. QuickTime for Windows was commonly installed on Microsoft Windows PC’s in the form of a web browser plug-in and stand-alone player to support web-based media; it was also included as a component of the Apple iTunes media management software.

According to the Apple support site, current Windows web browsers already support media playback; and iTunes version 10.5 and later no longer include the QuickTime component.

Impact

Because using unsupported software may increase the risk from viruses and other security threats, members of the Marshall University community are advised to discontinue their use of the QuickTime software for Windows on both University- and personally-owned computers. If you have a business-critical application which specifically requires QuickTime for Windows – not just key media formats such as H.264 and AAC which are already supported by current Windows web browsers – we ask that you please contact the Marshall IT Information Security team to discuss alternative risk reduction solutions.

Solution

Apple, the US-CERT, and the Marshall Information Technology team recommend system users and administrators be aware of the risks associated with unsupported software and take the following actions in response to this advisory:

  • Determine if QuickTime is a necessary component for any business-critical applications.*
  • Uninstall QuickTime for Windows Software (if you have administrative privileges) and you have determined that it is not needed for machines which you own or manage; or Contact your IT Service Provider (if you do not have admin privileges ) and ask whether QuickTime can be uninstalled;
  • Be Aware of Automated Efforts Which Are Underway by the Marshall IT Security team through the use of the Dell/KACE software inventory platform to do the following:
    • Compile a list of University-owned computers which still have QuickTime installed
    • Schedule KACE Desktop Alerts for machines which still show QuickTime as installed
    • Automate the uninstallation of QuickTime for shared-use and centrally-managed machines
  • Discontinue installation of QuickTime for Windows software in new system image builds and PC deployments.

*Note: Please contact Marshall IT Information Security and your department IT service provider to let us know if you have a business-critical application which require the continued use of QuickTime.

Reference Material

 Thank you for your continued attention to information security,

Jon B. Cutler, MS, CISSP
Chief Information Security Officer
Marshall University, Division of Information Technology
Drinko Library 324, 1 John Marshall Drive, Huntington, WV 25755
Phone: (304) 696-3270, @joncutler | BeHerd Feedback
http://www.marshall.edu/InfoSec

[This information from 4/26/2016 security advisory e-mail which was bcc’ed to ALL Marshall University Exchange Users]