Category Archives: ITS

Gartner Research Campus Access for Faculty, Staff, and Students

Gartner Inc. Logo

Are you interested in the most
current and cutting edge information about technology? Are you researching or
looking to invest in new technology and want industry-leading research to help
you make the decision? Is your department looking to teach current IT-related
topics? Do you need in-depth insights across all facets of technology –
including communications, telecom, mobile, digital business, AI, Internet of
Things (IoT), and cyber-security?

If you answered yes to any of these
questions, you might be interested in Middlebury’s access to the Gartner Campus
Access Research service.  Gartner is a
leading information technology research and advisory company that provides
easy-to-understand summaries of complex ideas and extensive, in-depth
qualitative and quantitative analysis for a variety of IT topics.   

Middlebury’s subscription to Gartner
includes access to both Gartner Magic Quadrants and Hype Cycles. 

  • Magic Quadrants help you get educated quickly about a market’s participants, maturity, and direction.  Magic Quadrants focus on the subtle differences between vendors in markets that are highly mature or newly emerging, and map vendor strengths against your specific need.
  • Hype Cycles are based on graphic representations of the maturity and adoption of technologies and applications which help discern technology hype from what’s viable
  • Special Reports are time-sensitive research reports focused on critical issues in technology. 
  • Regularly updated Complimentary Research selections of cutting-edge research from Gartner analysts
  • Webinars that can help you to build impactful, transformative strategies, based on real-life examples

Students can benefit by using Gartner to find research for assignments, learn where IT is headed and how it will shape our world, discover an area of interest, or even get ideas on careers. Gartner’s research enriches the educational experience by providing timely, objective real-world examples and content.

Faculty: Gartner Campus Access research enables professors to bring timely, objective real-world examples and content to the classroom, enriching the educational experience. 

Staff can access information on how to
improve infrastructure, validate technology decisions, analyze trends in the
industry, and understand best practices.

Gartner’s Campus Access research is licensed for use and is accessible to
Middlebury College faculty, staff, and students at no cost.   To
access Gartner, go to http://go.middlebury.edu/gartner.  Access
is through Single-Sign-On (SSO) so you will need to authenticate
using your Middlebury username and password.

Video Conferencing Tool for Middlebury: Zoom

We are pleased to introduce a new tool that will make communication and collaboration easier regardless of your location.

In the fall of 2016, a team representing Academic Technology, the Digital Learning Commons at Monterey, ITS, and the Office of Digital Learning set out to identify a new video conferencing solution that would improve the ways we communicate and work with each other across Middlebury. The team selected Zoom Video Conferencing as the tool that best met Middlebury’s needs, and initiated a pilot program in January 2017. Due to the overwhelmingly positive feedback from academic and administrative groups, Middlebury is now making Zoom available to all users.

Zoom works with our existing video conferencing rooms and includes features such as video calls with up to 100 participants, screen sharing, breakout groups, webinars, and more. It’s quick to download and easy to use. Zoom will completely replace the Polycom software by January 1st, 2018. If you use a dedicated Polycom video conferencing unit in conjunction with an office or conference room monitor, it will continue to function and you can use it together with Zoom by dialing your Zoom meeting as described in our documentation.

To start using Zoom, please visit http://middlebury.zoom.us and sign in with your Middlebury credentials. We hope that you will find Zoom convenient and useful in your work. We invite your comments and suggestions about the service and our communications regarding it. You can submit feedback here.

For more information, please visit the Zoom web page.
For questions and other support, please visit the support page.

New Public Library_Printers

ITS has replaced the printers with paper decks in Davis Library 142, 242 and 303 along with the two in Armstrong library. The new devices are Konica Minolta multi-function copier/printers. They look very similar to the Library_Color printers in LIB 142 and Armstrong lower level, but they only print in black and white. We have removed all print-release stations since users can now log into Papercut using the touch screen on the device.  Signage has been posted on the wall above each machine providing the new instructions.

 

 

 

@MiddInfoSec: Keeping Your Password Secure

Did you know that most passwords are easily broken? A few “secrets” can help you make a stronger more memorable password.

Dos

  • Longer is better – use at least 8 characters with upper and lower case, numbers and symbols.
  • Create an easy-to-remember passphrase  with four or more words substituting special characters for some of the letters.
  • Use a unique password for each service or account.
  • Change your password or passphrase regularly:
  • Be sure you’re on the correct website before entering your password or passphrase
  • Set a password for access to your mobile device

Don’ts

  • Don’t include personal information such as usernames, account numbers, address or phone numbers in your password or passphrase.
  • Don’t reuse the same password for multiple services
  • Don’t use a single word, in any language
  • Don’t use consecutive repeating characters or a number sequence
  • Don’t share your password or passphrase – even with managers, co-workers or the Help Desk
  • Don’t send your passwords through email

Tools

@MiddInfoSec: Preventing Device Theft

With an increasing amount of storage space and institutional connectivity on personal devices, the value and mobility of smartphones, tablets, and laptops make them appealing and easy targets. These simple tips will help you protect against and prepare for the potential loss or theft of a laptop or mobile device.

  • Don’t leave your device alone, even for a minute. If you’re not using it, lock your device in a cabinet or drawer, use a security cable, or take it with you. Middlebury has seen laptops stolen in the College library and from individual’s cars. Don’t assume your devices are safe because you feel at home with your surroundings.
  • Report any lost or stolen device promptly. Both institutional and personal devices may contain Middlebury data. Even if you only lose a personal device, work with the College’s Information Security workgroup to ensure that institutional or sensitive data is accounted for. Information Security may also be able to help you recover the device. If a device is lost or stolen contact the helpdesk at x2200 immediately.
  • Do not store extremely sensitive or internal data. Never store protected or sensitive data on your laptop. Refer to the Data Classification policy for clear definitions of data types. (http://go.middlebury.edu/dcp)
  • Keep your master and working copy of all data on network storage. Keeping your master and working copies of all of your data on Middlebury Google Drive or other secure network file storage such as Middfiles. This ensures that your data is protected and backed-up if your laptop is stolen or lost. Photos, papers, research, and other files are irreplaceable, and losing them may be worse than losing your device.
  • Record the serial number. Keep the serial number and asset tag of your device and store it in a safe place. This information can be useful for verifying your device if it’s found. This is especially important when you travel. Airport and police agencies may ask for this information when reporting lost or stolen devices.
  • Enable device tracking and wiping services. Use tracking and recovery software included with most devices (e.g., the “Find iDevice” feature in iOS) Some software includes remote-wipe capabilities. This feature allows you to log on to an online account and delete all of the information on your laptop. Mobile resources can be found here:
  • Apple iCloud: http://www.icloud.com
  • Microsoft Account: http://account.Microsoft.com/devices
  • Android Device Manager: https://support.google.com/accounts/topic/6160499?hl=e

 

@MiddInfoSec: Don’t Get Hooked

You may not realize it, but you are a phishing target at school, at work, and at home. Phishing attacks are a type of computer attack that use malicious emails to trick targets into giving up sensitive information. Ultimately, you are the most effective way to detect and stop phishing scams. When viewing email messages, texts, or social media posts, use the following techniques to prevent your passwords, personal data, or private information from being stolen by a phishing attack.

  • Verify the source. Check the sender’s email address to make sure it’s legitimate. Remember that the name of the sender is not the important part. The sender’s email address is what you are really looking for. If in doubt, forward your message to phishing@middlebury.edu.
  • Read the entire message carefully. Phishing messages may include a formal salutation, overly-friendly tone, grammatical errors, urgent requests, or gimmicks that do not match the normal tone of the sender.
  • Avoid clicking on erroneous links. Even if you know the sender, be cautious of links and attachments in messages. Don’t click on links that could direct you to a bad website. Hovering your mouse over a link should disclose the actual web address that the link is directing you too, which may be different from what is displayed in the message. Make sure this masked address is a site you want to visit.
  • Verify the intent of all attachments with the sender before opening them. Even when you know a sender, you should never open an attachment unless have checked with the sender to verify the attachment was sent intentionally. Word and Excel documents can contain malicious macros which could harm your computer. Other files, such as zip files and PDF files, could download malware onto your system. Always verify the intent of attachments with the sender before you open them from an email.
  • Verifying a message is always better than responding to a phish. If you ever receive a message that provides reason to pause, it is always better to forward the message to phishing@middlebury.edu or to send a separate email to the sender to verify its intent, before clicking a link or opening an attachment that could potentially impact the security of your computer..
  • Change your passwords if you have fallen for a phish. If you think you have fallen for a phishing attack, change your password at go/password and then contact the helpdesk at x2200. It is also a good practice to change your personal passwords outside of the College.

 

Watch for phishing scams. Common phishing scams are published at sites such as http://IC3.gov , http://phishing.org ,https://www.irs.gov/uac/Report-Phishing. These resources will also allow you to report phishing attacks if you should fall victim outside of the College. Again, if you think you have fallen victim to a phishing attack, always start by changing your passwords.

@MiddInfoSec: Phishing Alert – – “Update Announcements”

A phishing email message was sent to @middlebury.edu mailboxes today with a subject line of “Update Announcements”.  DO NOT RESPOND ON THIS MESSAGE!

The phishing email message is an attack designed to trick people into disclosing their username and password.  Do NOT follow the instructions in the message, as it could lead to your Middlebury account being compromised.

If you were tricked by the email and responded,  reset your network password immediately at go/password and then call the Helpdesk at x2200 for further assistance with your account and any possible concerns with your computer.

Here’s a sample of the phishing email message:


Dear middlebury.edu User.

Urgent Update Announcements.

Your middlebury.edu Account has been Sign in with a strange IP Address: And this indicate your mail account is been used for FRAUDULENT ACT, For these reasons, Our records indicate you are no longer our current/active user. Therefore, your account has been scheduled for deletion on this Month of APRIL, 2016. As part of this process, your account, files, email address messages etc, will be deleted from our Data Base.

To Retail Your Account.

You are required to reply with your valid ONLINE ACCESS for reactivation, to ensure Your account remains active and subscribed, Otherwise this account will be De-activated within the next 72 hours hence from now.

Name In Full:

User Name:

Pass Word:

@middlebury.edu

Thank You.



 

Beware of Fake Order/Fake Invoice Emails with Malicious Attachments

Attackers commonly use the macro functionality found in Microsoft Word and Excel to attack their victims. They attach malicious documents to an email. When opened, the files can lead to a virus infection on your computer.  If you ever get a message with any of these attachments, particularly if you were not expecting it, do NOT open the attachment.

We have received reports for faked order confirmation and fake invoice emails this week that have been well crafted. The faked emails included malicious Microsoft Word documents bearing malware. A couple of examples are included below.

ALWAYS verify unexpected emails with the sender, particularly if they include attachments.

NEVER open attachments that you are not expecting without first verifying they are legitimate with the sender.

If you do open an attachment or file that you suspect is malicious unplug your network cable and contact the helpdesk at x2200 immediately.

fake-invoice-email fake-order-summary-email

@MiddInfoSec: Securing Mobile Devices

Information Security has a new Twitter feed and other new content on their website. Follow us at @MiddInfosec on Twitter or visit our website at http://go.middlebury.edu/infosec

Mobile devices have become one of the primary ways that we communicate and interact with each other. Powerful computers now fit in our pockets and on our wrists, allowing us to bank, shop, view our medical history, work remotely, and communicate from virtually anywhere. With all this convenience comes added risk, so here are some tips to help secure your devices and protect your personal information.

  • Password-protect your devices. Protect the data on your mobile device and enable encryption by enabling passwords, PINs, fingerprint scans, or other forms of authentication. On most current mobile operating systems you have the option to encrypt your data when you have a password turned on. Turn it on!
  • Secure those devices and backup data. Make sure that you can remotely lock and/or wipe each mobile device. That also means you should back up your data on each device in case you need to use the remote wipe function. Services such as iCloud, OneDrive, and Google offer device location, wipe and backup services.
  • Verify app permissions. Don’t forget to review which privacy-related permissions each application is requesting, before installing it. Be cautious of fake applications masquerading as legitimate programs by verifying that the application is from a reputable source, such as the Apple Apps Store, Microsoft’s Store, or Google’s Play Store. Occasionally,  applications in the official stores can include malware. Read reviews and descriptions carefully. Only install applications that you need. Remove applications that you are no longer using.
  • Update operating systems. Security fixes or patches for mobile devices’ operating systems are often included in these updates. Just like patching a computer, iOS, Android, and Windows Mobile all need to be patched and kept current.
  • Be cautious of public Wi-Fi hotspots. When using your mobile device, watch for connections to public hotspots. Many mobile devices will automatically connect to hotspots and prioritize data transmission over Wi-Fi by default. Verify that your settings require manually selecting hotspots if possible. Working with sensitive data while connected to a public hotspot could lead to unintended data exposure. Always ensure that you are using a secure connection.
  • Always apply safe computing practices. Whether traveling with a mobile device, a laptop, or sitting in a hotel business center, you always want to use safe computing practices to protect your data. See this link for more tips: http://www.middlebury.edu/offices/technology/infosec/education/training/SafeComputing.

 

@MiddInfoSec: A New Phishing Attack is Targeting Email ID’s

A new phishing attack is hitting the campus with a subject line of, “Your email id”. Delete this message if you see it. Do NOT click any links in this message. If you believe you have fallen for this fishing attack:

This malicious email would have looked similar to the message below.

————————————

Subject: Your email id

Your?mail Id has used 91% of its allowable storage space.?Once your account exceeds the allowable storage space you will be unable to receive any email.?Click?Resolve?to login to your account and resolve this issue.

?

Support

—————————–

For additional information on phishing please visit http://go.middlebury.edu/phish .