DAVID DREWREY, Author at TECHNews

Protect your UM Passwords!

April 30, 2013 by DAVID DREWREY

The University email system has been inundated lately with phishing emails. These take various forms and purport to come from both people and groups you know. This illuminates one key point the IT security awareness presentation emphasizes, that the “From” part of an email message is easily forged by criminals to lead you into believing a message comes from a legitimate source. As always, a best practice is to not click links in email messages. While we all realize your common work correspondence includes links, these phishing messages are unsolicited emails that were not part of an ongoing email conversation. Another key feature these messages rely on is they imply they are from IT professionals asking you to “verify” your login information. IT will NEVER send you an email asking you to verify your login credentials.

Some of the sites these emails direct you to will attempt to install malware on your computer. If your system and antivirus patches are not up to date, key logging or screen capturing software can be installed on your computer. Software to destroy all the data on your computer could be installed, or as a worst case a root kit can be put in place to completely take over the computer system without your knowledge or consent.

Inadvertently revealing your login password via these phishing attempts is magnified significantly with the use of VPN. Your VPN credentials are the same as your email credentials. Once authenticated via VPN, a remote host becomes a “trusted” host. If a criminal logs into VPN as “you,” the remote computer they are using then becomes a “trusted” host and security measures put in place are circumvented.

Some best practices to keep in mind concerning your user account:

NEVER click links in unsolicited emails!
- If you suspect an email, expand the header and forward the message to complaint@olemiss.edu

Use good passwords and change them every 90 days. Good passwords are a minimum of 8 characters with upper/lower case letters, special characters and numbers.
- Even better passwords can be based on a phrase and approximately 15 characters if your system will permit.

Always be suspicious of a site that asks for your account or personal information. Familiarize yourself with the address bar at the top of your browser. Beware entering your account information if the site does not end in “olemiss.edu.”

Additional trust is given with VPN access. Please take care of your account!

Filed Under: Email, Security

Ole Miss vs. Wisconsin on truTV Friday, 11:40 a.m. CT

March 20, 2013 by DAVID DREWREY

Everyone is excited about our re-emergence into NCAA March madness this year! Game time is set for Friday, March 22 at 12:40 p.m. ET (11:40 a.m. local time) on truTV. Ole Miss just completed an exciting 66-63 win in the SEC Conference game over Florida, and Wisconsin is just off a 50-43 loss to Ohio State in the Big Ten Championship game.

The campus cable television system has truTV on channel 102 in basic service so everyone on the University cable television system will have access to see the game. You can also access the game via Internet video streaming from the NCAA March Madness website. Live audio will be available via the Ole Miss radio network, satellite radio XM 192 or Sirius 94.

If you have convenient access to the University cable television service, please use it rather than Internet streaming to protect our bandwidth.

Go Rebels!

Filed Under: Telecommunications

Easy-to-Use Data Protection with Hardware Encryption Devices

April 13, 2012 by DAVID DREWREY

Encryption is a technique to protect data by making it unintelligible to unauthorized users. Historically, using encryption techniques to protect files has been difficult. The process frequently requires the assistance of an IT expert.

Times have changed. Over the last few months IT staff members have been testing the latest hardware encryption devices that provide ways to protect data with few hassles. Two devices emerged that combine exceptional security with ease of use: the Corsair USB Padlock 2 flash drive and the BUSlink CipherShield AES 256-bit external drive. Both devices use USB to connect to a computer. Both devices work with Windows, Macintosh and Linux computers without additional software installations.

The Corsair USB Padlock 2 device has built in 256-bit hardware AES encryption for locking the device from unauthorized access. AES is an acronym for American Encryption Standard, an encryption standard adopted by the U.S. Government. The 256-bit just means the encryption is the best you can get today.

On the Corsair flash drive, there are five buttons to create a four to ten character pin. Initially, you create a personal pin and memorize it. Then before plugging the device in to your computer, enter the correct pin to enable the drive. This Corsair flash drive contains built-in hacking detection that locks the device for two minutes after five failed attempts. Corsair USB Padlock 2 drives are currently priced at approximately $30 for the 8 GB model and approximately $50 for the 16 GB model.

The BUSlink CipherShield AES 256-bit external hard drive offers more storage capacity than a USB flash storage device, up to 6 TB of storage on some models. Support for USB 3.0 is available for faster access. Like the Corsair USB drive, the Buslink CipherShield drive uses AES encryption. The convenient feature about the CipherShield models is the easy encryption method. It uses a physical key. Plug the key in to the drive and access is granted. Remove the key and data is encrypted and inaccessible.

Two keys are delivered with the models. Since the key is essential to accessing drive data, DO NOT carry, ship or store the key in the drive. This negates the data security and would be similar to locking an office door but leaving the key in the door knob. Second, the BUSlink CipherShield drive is just like any external hard drive and is sensitive to damage via water, dropping or any physical hazards. The BUSlink CipherShield drives range in price based on storage capacity. Drive sizes range from 160 GB to 6 TB. Currently, a 1 TB CipherShield AES 256-bit Encryption External Hard Drive sells for $559.99 through Buslink.

If you have questions about these products, please contact David Drewrey, the University of Mississippi Security Coordinator and Director of Telecommunications.

Filed Under: Academic Technology, Equipment, Security

Reliability of Land Line and Convenience of a Cell Phone

August 18, 2011 by DAVID DREWREY

Have you ever wished you could step out of the office for a few minutes, but couldn’t leave for fear of missing an important call? When you subscribe to and activate the latest UM phone feature, this is no longer a concern. As part of the effort to keep our phone system up-to-date and offer the latest features, the Telecommunications Center now offers a new UM Extend Call (UMEC) feature.

You can have both the reliability of a land line and the convenience of your cell phone with the UM Extend Call feature. This feature allows your keep you in touch with your office phone via your cell phone, anonymously. The calls will ring on your cell phone and your digital office phone simultaneously. The caller to your office number never knows the difference and you choose which phone to answer the call from. Even more impressive, if the call is not answered, the caller will be sent to your office voicemail box as opposed to your cell phone voicemail. What’s more, you can turn this feature on and off from your digital office phone or by dialing in from your cell phone.

Please note: Your cell minutes will be used as normal for all calls to or from your cell phone.

Additionally, so that we will have the ability to add new features in the future, feature access codes are going to change from 1 digit to 2 digit numbers by adding a 0 in front of the feature number. For example, *2—Call Forwarding All Calls will now be *02. To view the most commonly used feature codes, see the list on the front of the University phone book and simply add a 0 to the existing number. The changes to these feature access codes will be in effect Monday August 22, 2011.

You can view these features at: http://tcoffice.olemiss.edu/features.html

For assistance, contact telcom@olemiss.edu or call 662-915-5922.

Filed Under: Telecommunications Tagged With: Cell Phone, Land Line

Cloud Storage and Sensitive Data

July 25, 2011 by DAVID DREWREY

Effective July 1, 2011, Mississippi has a data breach notification law, House Bill 583. This law defines what data is considered to be sensitive (confidential), what constitutes a breach under this law, and the process that must be followed in the event sensitive information is “leaked” in a data breach. In addition to the state law description, the University also considers student grades, private correspondence, classified research, etc. as sensitive. The growing trend to store business, including university, data on a “cloud” has brought to the forefront data security issues and concerns.

Sites like Dropbox, Amazon, Google and countless others offer storage that can be accessed remotely from any device (desktop, laptop, smartphone, tablet, etc.) using the Internet. Users should note, however, that this convenience comes at a price – a price that can be too high when sensitive data is involved. Cloud-based services for storing data are very popular, mostly because of the easy, convenient access they provide. Often, this easy access is the driving factor for using cloud computing, and other critical concerns such as reliability, data security and liability are relegated to the background. This article focuses on the security, liability and reliability risks of cloud-based data storage services.

How Safe is Your Data in “the Cloud”?

While larger, more reputable cloud storage companies have the money, resources, and technical expertise to address reliability and security, they often contain usage clauses that free them from any responsibility for “lost, stolen, or damaged data” or from unauthorized access to data. However, if you cause a person’s sensitive data to be compromised, you are responsible under Mississippi law. The University will be required to notify every individual whose data was exposed and may be subject to other penalties. Meanwhile, the cloud service itself will be insulated from the consequences of any breach by its usage agreement. This may prevent you and your organization from recouping any of the costs associated with the breach; it also reduces the service’s incentive to protect data as carefully as it should.

Data Breach Examples

Last month, Dropbox had a security issue in which password authentication was disabled for 4 hours. This means that any documents stored on their servers were susceptible to access without a password during this interval. The Computer World article has complete details.

The following Security News Daily article on May 4 of this year detailed a vulnerability in which Dropbox stores unencrypted login files on each device. In the envent these login files were copied maliciously, the entire user’s account would be accessible without requiring any login credentials.:
http://www.securitynewsdaily.com/cracks-in-cloud-security-issues-loom-over-online-backup-services-0752/

University Policy for Protecting Sensitive Data

UM’s Information Confidentiality/Security Policy addresses the requirements for protecting confidential data. It is never acceptable to store confidential data such as grades, social security numbers, private correspondence, classified research, etc. on externally hosted systems, including cloud-based storage systems, without a contract that is fully vetted for compliance with university policies.

Secure Document Exchange

Screenshot of Secure Document Exchange application

Please keep in mind that confidential data should not be sent using email either. Likewise, do not store files that contain sensitive data on Web servers where they might be inadvertently accessed or indexed by search engines such as Google. The safest way to exchange sensitive or confidential information with other university employees is by using Secure Document Exchange within myOleMiss. To access Secure Document Exchange, point your Web browser to my.olemiss.edu, and choose Employee -> Tools and then Secure Document Exchange from the Detailed Navigation on the left.

Be Aware!

It is more important than ever to be aware of how you store and transmit confidential data. Your first choice should always be to store confidential data on university-owned, protected systems such as those housed in the Data Center and protected by a university firewall. If information must be stored at the department level or on your desktop or laptop computer, then the servers on which the data resides must be registered with IT so they can be scanned periodically for any security vulnerabilities. Occasionally, departments may have a need to use externally hosted systems that contain sensitive data. In this case, the contract for these services must address the requirements for protecting confidential data as defined in the UM’s Information Confidentiality/Security policy.
If you have any questions related to IT security please contact the IT Helpesk and we will work with your office to find solutions for protecting and storing sensitive or confidential data.

Filed Under: Helpdesk, myOleMiss, Security

Campus Telephone Services and Features

February 1, 2011 by DAVID DREWREY Leave a Comment

The University Telephone switch has several features available to enhance office productivity:

Automated Directory Assistance – Available 24X7, Dial 8411 from any campus telephone and speak the name of the person or department you would like to reach. After accepting the entry found, you will be transferred to the number.

Voice Mail – Voice Mail can be added to any campus extension either in standard form or an enhanced mode that enables voice mail to be “popped” into your email client as a wav file attachment.

Caller ID – Caller-ID can be added to any campus extension to display the number calling via a display.

EC-500 – From your digital office phone, you have the ability to activate this feature that enables your cell phone to be tied to your office phone so they ring simultaneously. Unanswered calls will go to campus voice mail in the event of no answer. This enables use of your cell phone for business calls while away from your office without giving out the actual cell number. NOTE: Call minutes will be used on your cell phone when activated.

To obtain the pop Voicemail, EC500, or callerid features and learn their associated pricing, send an email to telcom@olemiss.edu and we will create a work order to activate it in the switch.

Filed Under: Uncategorized