Tags » lisblog

 
 
 

Security Note – OpenSSL ‘Heartbleed’ Vulnerability

Categories: Midd Blogosphere

As you may have read in mainstream news media outlets, a vulnerability was recently discovered in certain versions of OpenSSL which could allow a remote attacker access to sensitive data on certain types of servers.

LIS has already patched relevant local systems and is working with vendors to ensure that any relevant externally-hosted systems are similarly patched. There is no evidence to suggest that Middlebury account credentials have been compromised.

More information about the vulnerability is available on the LIS Information Security web site’s ‘Threat Bulletin’ area: http://www.middlebury.edu/media/view/475111/original/middlebury_threat_bulletin_openssl_heartbleed.pdf

If you have specific questions, please feel free to email infosec@middlebury.edu.

Internet Explorer 9 “update”

Categories: Midd Blogosphere

It turns out that updating from a very old web browser to a somewhat less old (yet still outdated) web browser is not necessarily as simple as it might be.  For more on this, read on* – but the short version of importance to know is:

Almost all public machines recently received an update from Internet Explorer version 8 to version 9.  Shortcuts, favorites, plugins and the like have been unaffected in all of our testing beforehand.  If you encounter problems or have questions, please pass them on.

 

*Last year INB was approved to run on Internet Explorer 9, and the group policy that blocks IE9 was removed.  As we noticed that computers still were not receiving IE 9 as an update, we found we had a registry entry to modify to undo the group policy block that had been applied.  As of that time, anyone running Microsoft Update should receive the IE9 update.

Our computer labs do not run the regular Microsoft Updates, though, since most users do not have administrative privileges on those computers.  Dell KACE applies critical Microsoft Updates on a regular basis – but IE9 is no longer in that update list (as it has been replaced by IE10 & IE11).  So, a manual installation has also been set up for this purpose.

March 2014 LIS Update

Categories: Midd Blogosphere

spring-flowers

We’ve posted the March 2014 Update from LIS.

As has become our custom, we write this update three times a year to provide ourselves and  rest of the community with a review of recent accomplishments, and more importantly, a roadmap for what to expect in the next three to six months. In addition, we make a nod to what we see as future issues and challenges further down the road.

Highlights since the last LIS Update include:

  • We continued to co-sponsor with CTLR the Academic Roundtable to encourage cross-campus conversation on important topics having to do with pedagogy, scholarly inquiry, and student learning.

  • We also continued our planning for the digital liberal arts initiative.

  • We continued to build out new library subject guides

  • In Special Collections, we supported students and faculty during Winter Term including A People’s History of Middlebury and Field House Museum, Adventure Writing, Space and Place in the Graphic Novel, and Matt Longman’s seminar on higher education.

  • We started to archive Ward Prize-winning student essay in our online archive

  • We made more progress in building out our new videoconferencing infrastructure and upgraded a number of classroom.

  • We continued to encourage our community to use Web Help Desk to request service from us.

  • We created a new guide to training options that include both on-line, off-site, and on campus options.

Key goals for the next three to six months include:

 

  • As part of the broader faculty governance conversations taking place on campus, we in turn are thinking about a wide range of governance questions. How do we ensure appropriate consultation with our students, faculty, and staff to ensure that our planning and prioritization is aligned with the needs of the community that we serve?

  • We are hiring! We are currently running searches for a director of academic technology, a senior systems administrator, a head of collections, a media services specialist, and a network security analyst.

  • We are discussing the technical and policy implications of converting our google apps from a pilot to a full-supported production system.

  • We will also be discussing the process for evaluating new options for our email/calendaring system, and updating our analysis of the privacy and security implications of moving certain services to the cloud.

  • We are busy planning for the move of the CSNS and Security work groups to Exchange Street, the move of the Enterprise Applications area to Painter House, and the re-use of space within the Davis Family Library to support the digital liberal arts initiative.

  • We are planning an upgrade to the latest version of Microsoft Exchange.

  • We’ll be rolling out a Network Access Control system that will allow us to more carefully control which devices can join our network.

  • We’ll be reconfiguring the wireless network to make it simpler and more secure. As part of that, we’ll be putting in place a guest registration system to allow for those who only need to use it on a temporary basis.

  • We will be working closely with many offices across campus to develop a multi-year plan for Nolij, the document imaging system that allows for offices to automate many of their paper-based processes.

  • We’ll be upgrading Drupal, the software that powers our website to the latest version.

  • We’re also working with the Office of Communications on rolling out a new design for the homepage and some of the key pages that are linked to from the home page.

  • We will have an external security review of our systems as part of a consortial effort to improve our security stance.

  • We will continue our efforts to study trends in the ways our public computer labs are used to help us plan for the future of providing computing resources to our students.

  • We will start a pilot project where you can check out a bicycle from the circulation desk.

  • We’re writing a Request for Proposal as part of our investigation into a new campus phone system.

While we pursue all of this, we will of course keep doing all of our regular stuff: prepping for Language Schools, upgrading classroom and lab technology, adding more wireless access points, updating various systems, teaching information literacy courses, buying and cataloging library materials, and distributing new computers.

One goal that we are very keen to pursue is to invent a fool-proof, indestructible stapler that no one can steal.

If you have questions, comments, or suggestions on any of this, please feel free to contact me (Mike Roy, mdroy@middlebury.edu) or do so on-line at http://sites.middlebury.edu/lis/2014/03/27/march-lis-update/  .

– mike

NExpress downtime again tonight (Tuesday, 3/18/14)

Categories: Midd Blogosphere

The NExpress library system will be down after 10 pm EDT tonight for maintenance. The system will be unavailable for searching, requesting, and borrowing for approximately 3 hours. This is ONLY NExpress and does not affect regular library searching via Summon or MIDCAT, nor regular borrowing of materials at the circulation desk.

Learning lunch on the Digital Liberal Arts – Tuesday March 11, 12:15

Categories: Midd Blogosphere

Over the past decade, digital technologies have suffused every corner of liberal arts education, from in-class instruction to student life to faculty research to campus infrastructure. One important impact of this digital shift has been that technologies that had previously been more common within sciences and narrow specialized disciplines, now have been adopted both across the teaching curriculum and within scholarly research in all disciplines, especially the humanities. We see this technological turn as part of a movement that some have called the Digital Liberal Arts.

Rebekah Irwin, LIS’s Director of Special Collections and Archives, will help us better understand the Digital Liberal Arts at Middlebury. Please bring your lunch and join us!

Tuesday, March 11

12:15 pm at the Mitchell Green Lounge in McCullough

New sign-in page for Middlebury Google Apps coming soon

Categories: Midd Blogosphere

Google has announced that all Google Apps services are getting a new sign-in page. This change will be rolled out to the Middlebury Google Apps instance by March 1st, 2014.

The new sign-in page requires users to sign in with their full email address, like this…

gapps_signin_new

The new sign-in page is intended to provide a streamlined and cohesive sign-in experience for all users, an account chooser that makes it easy to switch between Google accounts, and security enhancements, including advanced bot detection and improved account hijacking protection.

If you have any questions about this change, please comment below or email gadmin@middlebury.edu.

Regards,
The Middlebury Google Admin Team
(Chris)

January 20th Banner LEADS Meeting Agenda and Notes

Categories: Midd Blogosphere

January 20th LEADS Meeting Agenda

1)      Laura Krahn and Charlotte Pratt – Roles and responsibilities
2)      Preferred Names project discussion with Jennifer Herrera
3)      Banner  Upgrades April – May 2014
4)      Java 7u45 – will be deployed via INB starting January 26th
5)      Upcoming Hyperion Patches – require new Hyperion plugin
6)      Hyperion reports being redirected from Production Banner to our Banner Reporting Database
7)      Digital Campus Academy
8)      Purging and archiving webinar
9)      Nolij projects

January 20th LEADS Meeting Notes

1)      Laura Krahn and Charlotte Pratt – Roles and responsibilities

  • New managers discussion – distinction of roles and responsibilities.   Laura Krahn and Charlotte Pratt will serve as co-managers of the Administrative Systems and Web Development Teams.
  • Laura will tasked primarily with project management and customer relations (mostly outside LIS).  Charlotte will work primarily with developers and infrastructure.
  • Discussed need to unify project requests processes for web applications, Banner, Hyperion, Nolij, etc.

2)      Preferred Names project discussion with Jennifer Herrera – Send suggestions and concerns about this project to David Ludwig by February 12th.

Scope of Project

  • Create a self-service process for all students, faculty, staff to select their preferred first name and preferred pronoun.
  • First-name only.  Distinguish between preferred first names, nicknames, legal names.
  • Modify Banner, web, reports to show preferred name when appropriate, legal name otherwise (legal name on paychecks, tax documents, external communications, etc.)
  • Modify class rosters, advising lists to show preferred name and preferred pronoun.

Discussion

  • Need for an extensive communication and training plan.
  • Identify and define all existing Banner Name Type Codes.
  • Kim Ehritt will compile a description of name types and send to the project team.
  • Kim recommends creating a new name type for preferred names.
  • ADIR code is currently used by HR to create a preferred name.

Public safety

  • What will display on ID?  Preferred name, but might need to be legal name if MiddCard becomes payment card.
  • No modifications to Diamond 2 (will be offline by fall).
  • May need modifications to INB forms to show preferred name/pronoun.

General

  • How frequently should we allow a preferred name change? How do we monitor for inappropriate names?
    • Poll other colleges/universities about their policies.
    • Jennifer Herrara will follow up.  We will present information at next meeting.
  • HR has an existing process to create/modify preferred names for staff/faculty
    • Preferred names created by process feed into Active Directory (AD).  Concern about how names would show up in AD if process was changed.
    • Project will open up preferred names to students as well.
    • Will try to work with existing processes but project is an institution-wide change.  There are no guarantees existing HR preferred name processes will be reused.
  • Graduate students
    • Undergrads will receive a notification about preferred name self-service forms through the student onboarding process (starting May 2015).
    • Will be available for grad students, but there is no formal onboarding process for grad programs at this time.
    • Montery, BLSE, LS, etc. will need to communicate this ability to students.
    • BLSE uses NICK name type.  LIS will help BLSE transfer nickname data to new name type if project creates one for preferred name.

3)      Banner Upgrades

  • Student/SFS/Advancement will sign-off on upgrades by May 7th.
  • Proposed production deployment on May 11th.
  • LIS will confirm date with our DBA.
  • Refresh Practice Database in February or March (no date set).

4)      Java 7 update 45

  • Ellucian will start pushing Java 7 update 45 starting this Sunday January 26th.
  • E-mail will be going out to all Banner INB and Nolij users.
  • See go/java for updated Java version information.
  • Talked briefly about terminal server as environment for Banner, Nolij, Hyperion use.  This concept is currently in testing.  We’ll expend the testing group in the near future.

5)      Upcoming Hyperion Patches – require new Hyperion plugin

  • David will send e-mail user with instructions on new plug-in install.

6)      Hyperion reports being redirect from the Banner Production Database to the Banner Reporting Database.   This discussion is on hold.  We will revisit in February.

7)      Digital Campus Academy

  • Reminder to all departments to consider requesting funds for a subscription to Ellucian’s Digital Campus Academy.  Last I checked a single seat license was $1500/annually.  This training covers all current baseline modules in production.