Category Archives: middpoints

@MiddInfoSec: Keeping Your Password Secure

Did you know that most passwords are easily broken? A few “secrets” can help you make a stronger more memorable password.

Dos

  • Longer is better – use at least 8 characters with upper and lower case, numbers and symbols.
  • Create an easy-to-remember passphrase  with four or more words substituting special characters for some of the letters.
  • Use a unique password for each service or account.
  • Change your password or passphrase regularly:
  • Be sure you’re on the correct website before entering your password or passphrase
  • Set a password for access to your mobile device

Don’ts

  • Don’t include personal information such as usernames, account numbers, address or phone numbers in your password or passphrase.
  • Don’t reuse the same password for multiple services
  • Don’t use a single word, in any language
  • Don’t use consecutive repeating characters or a number sequence
  • Don’t share your password or passphrase – even with managers, co-workers or the Help Desk
  • Don’t send your passwords through email

Tools

Can Students See My Course Site?

Middlebury is approaching the start of the undergraduate academic year, this is the time where faculty are thinking about course web sites. The college has also started the transition from Moodle to Canvas, a new Learning Management System (LMS) that is developed and hosted by Instructure. Like Moodle, faculty can create their Canvas course sites...

[Continue reading]

Public Folder access during e-mail transition

Dear Colleagues,

As you may have heard, Middlebury is in the process of moving our e-mail infrastructure to the cloud in stages – see http://go.middlebury.edu/cloud for details. While this has generally gone smoothly so far, there can be issues if people who have been migrated try to access other mailboxes that have not, or vice versa, especially on Macs. (Outlook for Windows generally works well, possibly after some adjustments as explained at http://go.middlebury.edu/mailmove.) In most cases we can move mailboxes together with the people who access them, but due to the nature of Public Folders they all need to be moved at once (currently scheduled for 8/30).

Bottom line: Mac users may find themselves unable to access Public Folders between the time that their own account is moved and August 30th. (Middfiles and other file servers will be unaffected; this is only for shared folders in Outlook e.g. department calendars.)

If this is an issue for your work, please comment here or e-mail zschuetz@middlebury.edu to discuss so we can find a solution.

We appreciate your patience as we strive to keep our systems functioning optimally.

Sincerely,

~Zach Schuetz
Middlebury College ITS

Transitioning IT services to the cloud

We are pleased to announce a change we are making to Middlebury’s email and calendar service. After years of running these applications on our own infrastructure, we are moving them to the cloud—specifically to Microsoft’s Office 365 suite of services.

There are several benefits to this move:

  • Stronger security. Microsoft is able to devote more resources to security than we ever could. As hackers become increasingly sophisticated, this has never been more important. Microsoft’s cloud-based services include an important second level of security that recognizes “trusted” devices, which can include mobile devices or a home computer. This means that even if someone learned your user name or password, they still would need a special code to access your account from a device other than your own.  Middlebury users will not be compelled at the outset to use this service, though we think it will be attractive to many people and we will be encouraging and supporting its use going forward once the transition to Microsoft’s cloud-based email and calendar service is complete.
  • Better and faster access. Putting data in the cloud will allow us to automatically synchronize data across devices and provide better and faster access regardless of your location.
  • Increased storage. Microsoft’s scale allows it to provide greater storage capacity at less cost. This means we will be able to back up data on a nearly real-time basis. And you no longer will need to worry about size of your email archive.

We don’t anticipate any significant disruption in services when we make the change. If you use Outlook, the switch will happen overnight, and your mailbox and calendar will look exactly as they did the previous day once you restart your computer.  In some cases, it has been necessary to replace your outlook profile, but if that is necessary, we’ll assist you.  The webmail site is very similar to what you are using today, but there are slight differences consistent with a new version.  For those employees who use an email client other than Outlook or webmail, we will provide instructions on how to adjust your account settings.

The process of transitioning mailboxes and calendars to the Microsoft cloud service will begin next week and continue through September, with faculty and students transitioned before the start of the semester and members of administrative departments scheduled by department in batches with advanced notice and on premise support.  The schedule of moves is available here:  http://go.middlebury.edu/cloud.

This fall we will begin a transition of content currently stored on Middfiles to the cloud. This change will bring with it many of the same benefits as those described above and in addition facilitate collaboration – allowing you to share your data with colleagues at Middlebury and elsewhere with ease. We’ll keep you posted as we get closer to that move.

We are excited to deliver these significant improvements to the services we provide to the community. Once complete, we are confident they will result in better service with a reduction in cost and risk. If you have any questions, please contact our helpdesk at helpdesk@middlebury.edu.

Best regards,

The Middlebury ITS Team

@MiddInfoSec: Information Security’s ‘Security Scout of the Month’

To help raise awareness about community efforts to prevent significant security issues, Middlebury Information Security has launched a ‘Security Scout of the Month’ award.

This month Information Security would like to recognize Amy Dale who promptly and accurately responded to potential malware activity by unplugging her computer and reaching out to the Help Desk for immediate assistance.

When asked, Amy shared this advice about computer security, “My previous work experience, particularly at AOL, helped prepare me to be more alert and aware of scams. A previous manager always said, “when in doubt, leave it out.”  In other words, when you’re the least bit hesitant, then don’t open/click/download, etc. “

This astute awareness and keen insight is why Amy is this month’s ‘Security Scout of the Month’.

We are excited to celebrate the hard work and security conscious efforts of our community. Please watch for the next ‘Security Scout of the Month’ and help us recognize these efforts.

If you would like to recognize an individual for their information security contributions or would like to raise an information security concern, please contact infosec@middlebury.edu.

@MiddInfoSec: Stay Safe and Secure when Online

When you are reading e-mail or browsing online, be on the lookout for suspicious links and deceptive web pages, which are major sources of malware. Also be careful of downloadable files since they can introduce malware. And remember that additional browser plugins and unused applications require additional patching to remain secure. Here are some suggestions to make your day-to-day computing more productive, safe, and secure.

  • Keep your software up-to-date. Be sure to install antivirus updates and regularly check for and install updates for any applications or browser plugins you may run on your computer. (e.g., Adobe Flash and Java)
  • Be more secure! Don’t enter sensitive or personal information into a URL unless you have verified the address and you have ensured its security by checking that it includes HTTPS.
  • When in doubt, ignore. Don’t click on pop-up windows or extraneous ads. And, don’t click on links in emails or web sites until you have verified their destinations by hovering your mouse over the link.
  • Keep your private information safe. Use a strong, unique password or passphrase for each account, and avoid storing account information on a website. And consider using a digital password wallet such as 1Password or LastPass to secure your passwords.
  • Segregate your browsing activities. Consider using separate browsers for sensitive logins and general web browsing.
  • Use private networks for sensitive transactions. Avoid checking your bank account, making purchases, or logging in to other websites that include sensitive information when using public Wi-Fi.

Go stealth when browsing. Your browser can store quite a bit of information about your online activities, including cookies, cached pages, and history. To ensure the privacy of personal information online, limit access by going “incognito” and using the browser’s private mode.

@MiddInfoSec: Phishing Alert — “Notice!!!” or “Verify”

A phishing email message was sent to many @middlebury.edu mailboxes today with a subject line of “Notice!!!” or “Verify”.  DO NOT RESPOND ON THIS MESSAGE!

The phishing email message is an attack designed to trick people into disclosing their username and password.  Do NOT follow the instructions in the message, as it could lead to your Middlebury account being compromised.

Instead, please forward the suspect message to phishing@middlebury.edu.

If you think you might have fallen victim to these or any phishing attack RESET YOUR PASSWORD IMMEDIATELY at http://go.middlebury.edu/password

If you have lost access to your email account, please reset your password and contact the Helpdesk at x2200 for further assistance.

Here’s a sample of the phishing email message:


College Of Middlebury, would be having maintenance as from 12 midnight which your present password would expire due to maintenance updates.

 

To avoid suspend login error Submit HERE

 

Failure to comply admin would suspend your account due inactive response.

 

Thank you,

IT Department


Notes for Google Apps and OneDrive Project Presentation

  • Cloud Services: Google and Microsoft
    • Goal: provide better (cloud-based) services to the community
  • Infrastructure
    • Storage
      • Available from anywhere
      • Private, secure, encrypted
      • Scales to demand
    • Access to info
      • Collaboration and sharing
    • Familiar and consistent
  • Why are we doing this?
    • Better consume our resources
      • Home directories on middfiles are 25TB
      • Grows a half TB a month
    • Enhance service offerings
      • Available anywhere on most any device
      • Scalable and efficient use of eresources
      • Cost effective
      • Highly available
      • On demand automatic provisioning
  • What we can provide
    • Google apps for edu
      • No longer in beta!
      • Online collaboration
      • Drive
    • 365
      • Online collaboration suite – word, excel
      • Software distribution (local office install)
      • Onedrive
      • More nuanced levels of licensing and access – differences between MIIS and Midd College, working through those issues
    • Email in the cloud!
      • Fully hosted or hybrid model
  • Where we are now
    • Groundwork has been laid
    • All midd users automatically have GAfE account
      • Including access to apps, drive, and youtube
    • All midd users automatically have an O365 account
      • College students can install local copies of Office through O365
        • Only for residential students, MIIS students can access cloud-based Office suite
      • Everyone has accounts but they don’t have access yet
    • All active directory groups exist in both GAfE and O365
  • Still to come
    • A series of projects as opposed to one big unveiling
      • Documentation and education project
      • Microsoft’s online collaboration apps
      • OneDrive and GoogleDrive
      • Home use software distribution Faculty/Staff
      • Everyone currently has access to Google Apps (but most people don’t know)
      • Everyone does not currently have access to OneDrive – still to come
      • Cloud-based email still to come
  • Decisions that still need to be made
    • Which service do we recommend to people?
    • How do different groups collaborate effectively?
    • Do professors choose one or the other?
      • Will students need access to both?
    • Others?

 

Questions

  • Do we want to offer the same level of support for both or favor one?
    • One platform may be better for certain uses than the other
    • We like the idea of a default/one that is better supported
  • Any support requests re: Google to date?
    • A few calendar items, nothing major
    • Most people are using web interface
  • I’m a student with a google account that I use for school work – I graduate and move on. How do I transition my work to my private account?  (Bill)
    • No fee, but there will be some hoops/procedures to go through
  • I’m a student with a Microsoft account that I use for school work – I graduate and move on. How do I transition my work to my private account? (Bill)
    • Currently more complicated than Google
    • Everything that is cloud-delivered is free
  • Do we have an inventory of what’s been turned on by Google Admin? (Joe)
    • Yes, a list can be shared
    • When you’re logged in you can see a list of some applications, but not all of them
  • How does a faculty member associate Google resources with a course?
    • A Course Hub integration would be helpful here; it’s currently tough to find the right group in Google
      • Create the resource, connect with the correct student group
    • With OneDrive, groups can own files/documents – more ownership-based management than Google-drive
      • If group owns documentation, data management is simpler from an administrative perspective. Group membership should be able to shift seamlessly
      • This is a nuance we’ll have to figure out between Google and OneDrive
  • Monterey and Midd campuses have the exact same access to this functionality? (Bill)
    • Yes, only difference is residential component for the College (Office installs)
    • This is an example of “big M” Middlebury thinking
  • For a guest lecturer or auditor, they could be added to a Google folder not a group?
    • Another nuance that needs to be explored/determination needs to be made about what to recommend to faculty
  • In terms of announcements/messaging/role out, does Course Hub integration need to be in place first?
    • We need to have nuances largely figured out before we make an announcement
  • So what’s the rollout timeframe?
    • Timeline needs to include various project teams
    • Probably not reality to have ready for fall 2016 roll out
    • Do we need to roll both platforms out at the same time?
      • It would behoove us to roll out the recommended platform first
  • We need to give faculty clear instructions about procedure change, as they are not accustomed to provisioning folders themselves (Joe)
    • Now they will need a folder with the appropriate permissions
  • What’s the motivation for having both services?
    • We have to have some of each. Google is already pretty ubiquitous in usage across Middlebury. We have to roll out Microsoft because of software distribution. Or do we? We can control what Microsoft functionality is available to avoid too much overlap with Google.
    • Encryption/security implications – Microsoft is superior to Google in this respect
    • Google doesn’t work in China – Jeff Cason currently testing OneDrive in China
    • A potential differentiation could be
      • Academic – Google. Administrative – Microsoft.
        • In reality this won’t happen
  • While Microsoft is in beta, the move to single sign on for everyone seems like a big step (Bob)
    • MIIS users having to sign on with @middlebury.edu account
    • We want to promote access to Google Apps – it would be disappointing if we couldn’t make an official announcement to the MIIS campus this fall even if the Course Hub integration is not in place.
    • What happens when students graduate? Some of our students are only here for a year, some do Peace Corps during their degree – leave campus for 2 years and come back.
      • How do the nuances of those different user needs get managed? We need an exit strategy.
    • Exit strategy for individuals and Middlebury as a whole is important.
  • Where is this project in terms of the ACTT life cycle? (Bob)
    • Should OneDrive be rolled out the same way Google Apps was?
      • Resource constraints
  • Is there a downside to MIIS announcing Google Apps rollout to campus? (Bob)
    • When Microsoft is rolled out, there may be an inordinate number of help desk tickets from people who want to migrate content from Google to Microsoft
    • It depends on when OneDrive becomes available
      • Timelines are not currently known, several different project teams
  • 2,000 Google Apps accounts active before syncing took place
  • There was already a OneDrive instance at MIIS that was being used by 40 people – no administrator
  • There’s nothing stopping any Middlebury user from using Google Apps (they just don’t know about it)
    • We are currently not fully committing or walking away from either