Info Sec news

[TechInfo] Is this legit?

[TechInfo] Is this legit? ‘New Microsoft Office 2016 is Here for Only $9.95’

Informational Advisory – Microsoft Office Upgrade Offer

This advisory was sent via email to nearly 900 @Marshall recipients who have recently received an e-mail from ‘Microsoft Home Use Program MicrosoftHUPsupport@digitalriver.com . This is a legitimate message and you are receiving this because you have previously enrolled for or purchased media from the Microsoft ‘Home Use Program’ for Microsoft Office on your home computer. (See Frequently Asked Questions section below on how to unsubscribe from these mailings).

But before you pay $9.95 to upgrade, please read the rest of this message below…

 

 

If you are an Marshall faculty or staff member eligible for ‘Home Use Rights’ (see Microsoft’s definition of employee below in the frequently asked questions section) in most cases you will be better served by upgrading your home computer software using the no-cost Office 365 media.

If you are no longer a Marshall University employee, but you are still an active student, you can also use O365 media described below.

 

 

 

Frequently Asked Questions

  • Can I use Office 365 Media on a Personally Owned PC/Windows or Apple Macintosh OS?
    Yes. the Microsoft Office 365 download is intended for PERSONALLY-OWNED machines. There are separate versions for Microsoft Windows PC’s and Apple Macintosh OS X computers.
  • Is there a difference in the O365 software and Microsoft Office software installed on my University-owned computer?
    In some cases yes. Functionally, both products are Microsoft Office – Word, Excel, Outlook, etc. – and you have a choice of ‘new’ (Office 2016) or ‘previous’ (2013) releases. However, with the O365 release, Microsoft will make future updates available to you. These updates may appear on a different release schedule than your University-owned computer. You will still have the option to ‘accept’ or ‘defer’ these major updates. You may wish to maintain the same major version (e.g. Office 2013 vs. Office 2016) running on both your personally- and University-owned computers.
  • Where can I get more information on accessing the Office 365 software?
    Please visit our website for more details.
  • What is an eligible employee for purposes of the ‘Home Use Program’?
    Microsoft defines ‘eligible employee’ as follows… “those individuals who use the covered licenses at work are eligible to purchase these Office applications for use on a personal device during the term of their employment. This temporary license expires with the employer’s Software Assurance coverage, or upon termination of employment with the covered organization.”
  • How can I request Microsoft/DigitalRiver to stop sending me these upgrade offers?
    Locate the e-mail message in your inbox (Subject:  The New Microsoft Office 2016 is Here for Only $9.95!). At the very bottom of the message, locate the ‘Click here to unsubscribe’ web link. This will take you to a webpage which will already contain your e-mail address. Click the [Unsubscribe] button. That’s it.

Please direct any additional questions to IT Service Desk itservicedesk@marshall.edu so that we can upgrade our existing question & answer section on the IT website.

 

MUNet End of Support for Windows Vista

Windows Vista End of Life 11 April 2017 Microsoft

Important Computer Security Reminder for All Marshall University Faculty, Staff and Students:

Marshall University Campus network support will no longer be provided for computers with Microsoft Windows Vista operating system  after June 30, 2017.*

This notice is intended Marshall University campus clients who are still using the Windows Vista operating system. Your response is needed because most security experts agree that Windows Vista clients will become sought-after targets for malicious users as a result of Microsoft’s end of support.

 

Microsoft announced in 2012 that on April 11, 2017 they would no longer provide extended support services for the Windows Vista operating system. According to the Microsoft website, this means that they will no longer provide automatic fixes, updates or online technical assistance:

Windows Vista Support is Ending https://support.microsoft.com/en-us/help/22882/windows-vista-end-of-support

Marshall University Information Technology announced our end of support of Windows Vista on July 2012. While most campus computer systems have long since been upgraded from Windows Vista, some systems continue to operate on the MUNet without direct support from IT.  These include a limited number of systems which are managed at the department level or are student-owned.

Marshall IT is committed to working with campus departments in our shared responsibility to ensure a safe and reliable campus network. Periodically upgrading the operating system and/or replacement of unsupported computer hardware is a necessary part of system ownership; it is also crucial to protecting the security and reliability of the system, the data they contain and the networks to which they are connected. Failure to regularly update puts at risk both that system as well as other systems which share the same network.

Windows Vista Upgrade Resources

  • Software – As a reminder, operating system upgrades for all University-owned computers are covered thru client workstation budgeting process. So these computers are eligible to upgrade to Windows 10 or a currently supported OS (Windows 8.1 or Windows 7 SP1). at no additional charge.
  • Reimaging – Additionally the IT Service Desk team provides no-charge desktop/laptop reimaging services (using the currently supported operating system and application software) for University-owned computers.
  • Hardware – If replacement of a University-owned computer device is preventing your upgrade, please contact the Marshall IT Service desk to confirm when your system is scheduled for lifecycle replacement or if other replacement options need to be considered.

Requesting An Exception for Windows Vista End-of-Life

*Note: The Marshall Office of Information Technology will be working with IT Service Providers and their departments on a case-by-case basis to evaluate requests for Windows Vista clients which are providing business-critical functions for the University. Marshall departments and business units should submit their exception requests in writing/e-mail to the MU Office of Information Security (infosec@marshall.edu ).

Requests must include the following details:

  • The reason(s) for requesting the exception. Multiple machines may be listed on a single request.
  • The machine host name(s) in question, including the IP address and MAC address of each device.
  • Point of contact information (telephone and e-mail) for the department head.
  • Point of contact information (telephone and e-mail) for the department IT service provider or individual most familiar with the support of the computer or application requesting an exception.
  • The length of time for the requested exception, with a maximum of one year
  • The plan for upgrading or retiring the device at the end of the exception period
  • The data classification level of each device (see section 3 of “ITG-4 Guidelines for Data Classification“)
  • Which of the three device categories does the Windows Vista machine belong:
    • Individual Use – no sensitive data accessed or stored
    • Privileged use – administrative access to information systems
    • Institutional use – stores significant quantities of sensitive data
  • Proposed set of compensating controls which has (or can be) implemented for each device (i.e. client can function without any network access; client campus and/or Internet access can be restricted to a specific IP or range of IP addresses)

As always, if you need additional technical assistance please contact
the IT Service Desk, located on the first floor in the Drinko Library, e-mail itservicedesk@marshall.edu or call 304-696-3200.

MU Alert System Test – January 25, 2017

Marshall University will be conducting a test of the MU Alert emergency messaging system on Wednesday, January 25, 2017.  This is an opt-in service available to MU community members.  Subscribers are asked to be sure they receive a message by noon on Wednesday, and if necessary update their contact information via the myMU interface.  If the information is correct and no message was received, please email mualert@marshall.edu with details on which method (text, email, and/or voice) did not work and the details for each pertinent method.  Please sign up or update your information prior to 5:00 p.m. on Tuesday, January 24th to be included on the test.

Additional information is available on the MU Alert website.

1502_mualert_digitalslide2017

National Cyber Security Awareness Month (NCSAM)

As part of its participation in National Cyber Security Awareness Month (NCSAM) to bring awareness of Cyber Security to the Marshall community, the Marshall IT department is highlighting three Lynda Campus videos related to cyber security:
Computer Security Investigation and Response
Cyber Security Field
Securing Your Mobile Device

Marshall University Information Technology provides access to Lynda Campus for ALL students, faculty and staff. This service provides the university community with quick and easy access to the extensive online library of Lynda.com.

This training library includes in-depth training on a variety of essential computer skills including the basics and advanced features for Microsoft Windows 10 and Apple Mac OS X as well as all of the core productivity tools of Microsoft Office, WordPress, SharePoint, Adobe Acrobat DC, Photoshop, Illustrator and more.

To take advantage of this free training, visit Lynda.marshall.edu and sign in using your MUNet Account username and password. This can be accessed both on and off-campus.

Benefits to using lynda.com include:

  • Unlimited access to courses on a wide variety of technologies and disciplines
  • Up-to-date content to keep skills current and to learn new skills
  • New courses added every week
  • Tutorials taught by recognized industry experts
  • Access to instructors’ exercise files to follow along as you learn
  • Closed captioning and searchable, time-coded transcripts
  • Beginner to advanced courses
  • The option to watch complete courses or bite-size videos as you need them

Need assistance?

Lynda.com System Requirements

More information on NCSAM at Marshall University can be found at www.marshall.edu/it/ncsam2016/

Contact the IT Service Desk, located on the first floor in the Drinko Library, e-mail itservicedesk@marshall.eduor call 304-696-3200.L

Symantec Endpoint Protection Software Updated to 12.1RU6MP6

The Marshall University campus Symantec Endpoint Protection Management (SEPM) Servers and Symantec Endpoint Protection (SEP) client install packages have been upgraded to version 12.1.7061.6600 (Windows/Mac/Linux). This Symantec provided update addresses Symantec Security Advisory SYM16-015 (client decomposer engine). This update provided client OS support for Mac OS 10.12 (Sierra).

SEP client patches are being distributed via background update process for managed client installs. Updated client install packages will be made available on the campus \Distributions share and via web download https://www.marshall.edu/antivirus for new installs and off-site computers.

Please contact the Marshall IT Service Desk at 304-696-3200 or via e-mail at itservicedesk@marshall.edu to report any questions or issues related to the install/upgrade process.

Additional details are available at the following URL:
* Security Advisories Relating to Symantec Products – Symantec Endpoint
Protection Manager Multiple Security Issues
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160919_00

* New Fixes and Component Versions in Symantec Endpoint Protection 12.1.6MP6
https://support.symantec.com/en_US/article.INFO9413.html

Symantec Endpoint Protection Software Updated to 12.1RU6MP5

The Marshall University campus Symantec Endpoint Protection Management (SEPM) Servers and Symantec Endpoint Protection (SEP) client install packages have been upgraded to version 12.1.7004.6500 (Windows/Linux) and 12.1.6867.6400 (MacOS). This Symantec provided update addresses Symantec Security Advisory SYM16-010 (client decomposer engine) and SYM16-011 (multiple SEPM security issues). This update addresses several ‘high severity’ issues in both the SEPM hosts as well as SEP Client software.

SEP client patches are being distributed via background update process for managed client installs. Updated client install packages are available on the campus \Distributions share and via web download https://www.marshall.edu/antivirus for new installs and off-site computers.

Please contact the Marshall IT Service Desk at 304-696-3200 or via e-mail at itservicedesk@marshall.edu to report any questions or issues related to the install/upgrade process.

Additional details are available at the following URL:
* Security Advisories Relating to Symantec Products – Symantec Endpoint
Protection Manager Multiple Security Issues
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160317_00

* New Fixes and Component Versions in Symantec Endpoint Protection 12.1.6MP5
https://support.symantec.com/en_US/article.INFO3801.html

Beware Holiday E-Mail Scams

MU Information Security Alert…
Don’t get hooked by a holiday e-mail scam!

Phishing is a fraudulent process used by spammers to acquire sensitive information from users such as usernames, passwords, and credit card details. Email recipients are often deceived by phishing attempts since messages appear to be sent by legitimate and trustworthy sources.

ALWAYS be wary of unexpected e-mail messages (regardless of the apparent source) which include file attachments, web URL’s, or are written with a sense of urgency for you to provide computer passwords or reveal personal financial information.

During the holiday season, we expect cyber-criminals to continue to attempt to trick us into sharing sensitive information with these types of messages:
• An ‘urgent fraud alert’ sent from your bank or other financial institution;
• An ‘online order is delayed’ notice from an online retailer;
• A ‘click-here-for-too good-to-be-true’ coupon or rebates;
• An ‘attempted-delivery-rescheduled’ notice from UPS, FedEx or other shipping service when you might be expecting a package.

If you receive one of these messages…
Please protect yourself by following the principle of STOP-THINK-CONNECT:
• STOP. Do not act too quickly.
• THINK. Do I have an account with this bank? Did I order something from this online retailer? Am I expecting a delivery notice? If not, then you should delete the e-mail message.
• CONNECT. If you are a customer of the organization, then connect safely in the following manner: Do NOT respond using any URL included in the e-mail. Rather, open your web browser and type in the web address or use a previously saved shortcut to connect to your bank, retailer, or shipping service. If there really was a problem with your account, order or shipment, it should be apparent.

If you receive an obviously fraudulent e-mail message….
We ask that you take the following actions:
1) Please delete the message from your inbox if it is obviously fraudulent.
2) As long as you did not attempt to open the attachment, reply/click on the web link, or provide any personal information, no additional action is needed; however
3) If you attempted to open an attachment or visited a website where you submitted your username, password or other sensitive information, you should immediately contact the Marshall IT Service Desk at (304) 696-3200 / itservicedesk@marshall.edu.

Protecting Yourself From E-mail Fraud (aka Phishing)

InfoSec Tip #7: Don’t Be Tricked

Thank you for your continued awareness,

Marshall to observe National Cybersecurity Awareness Month

October 1 marks the start of National Cybersecurity Awareness Month (NCSAM), according to Jon Cutler, chief information security officer at Marshall. NCSAM is an annual, month-long effort to increase awareness and prevention of online security problems, spearheaded by the U.S .Department of Homeland Security (DHS) and the National Cyber Security Alliance (NCSA). This year’s theme is “Our Shared Responsibility.”

“Cyber Security Awareness is important to because each of us has a responsibility to protect the confidentiality, integrity and availability of information in today’s highly-networked system environment,” Cutler said.

Cybersecurity does not have to be complicated, he added. Throughout the month of October, the Marshall University Division of Information Technology and Office of Information Security will share newsletter topics and quick tips that demonstrate how students, faculty and staff can stay safe and secure online.

“We encourage you to follow our daily updates via Twitter @MUITServiceDesk #CyberAware and share the website URL www.marshall.edu/IT/NCSAM2015 with family and friends,” he said.

Many of the tips will echo themes from the “Stop. Think. Connect. Campaign,” an ongoing public awareness campaign aimed at increasing the understanding of cyber threats and empowering the public to be more safe and secure online.

Stop: before you use the Internet, take time to understand the risks and learn how to spot potential problems. Think: take a moment to be certain the path ahead is clear. Consider how your actions online could impact your safety, or your family’s. Connect: Enjoy the Internet with greater confidence knowing you have taken the right steps to safeguard yourself and your computer.