Last year we implemented Google's 2-step verification for faculty and staff.  At that time, it was made optional for students.  Beginning in September, all students will be required to use Google’s 2-step verification to access UAH email (and other Google Workspace data).  Google Workspace includes Google Drive, Calendar, and other apps.

Since Google’s announcement regarding the discontinuation of unlimited storage, OIT is close to finalizing the quotas that will be in place for student, faculty and staff in UAH’s Google Workspace instance.  We continue to have conversations with vendors about additional or alternative storage options for areas that may require space beyond the recommended quotas. 

We are working diligently with the functional areas to configure Self-Service Banner 9.x.  Since Ellucian has announced the end of support for Self-Service 8.x we have are hoping to have SSB 9 fully implemented by July 2023. 

As we seek to improve the cybersecurity posture at the university we will be working on many new initiatives.  These include multi-factor authentication on servers and desktops.  

The Chief Information Security Officer (CISO) will be forming a working group of central and distributed IT personnel to help develop a roadmap for implementing cybersecurity best practices. 

- Malcolm Rice, CIO

UAH BEING TARGETED BY PHISHING ATTACKS!

Since the beginning of the summer, UAH has seen an increase in the number of extortion, fraud, and identity theft cases reported to the UAH Police Department (UAH PD) and Office of Information Technology (OIT).  In many of these cases, students have shared their UAH username and password with friends and even family members who took advantage of this trust to log on and change critical student information such as enrollment status and even the bank to which scholarship and grant funds should be deposited.  In these cases it may take a significant amount of time to successfully retrieve these funds, leaving the student in financial limbo until the issue is resolved by UAH and Madison Police.Another persistent phishing attack that has targeted students of UAH is an email that appears to be a requirement for you to click on a link related to your grades or your employment at UAH, past or present. The email informs the recipient that they must take some action regarding grades in the current or recent semester or states that your login information is needed to verify employment. The email includes a link to an online form, which then prompts the recipient to enter their username and password.Sample subjects seen have included:

  • Your Grades
  • Correct your Grades
  • CORRECTION REQUIRED: Your Grades
  • Your F Grades - Follow up
  • Hiring UAH Students!
  • Verify your Employment 

There have been other emails that are similar variations of the above.OIT strongly recommends that you do not click any links in these emails, do not reply to these emails, and immediately report them as phishing attempts. The easiest way to do so is by:

  1. Click on the 3 dots in the upper right of the email
  2. Click “Report Phishing” in the drop down menu that appears.

This will report the email to Google and will make it easier to find by our OIT staff.If you must interact with the message, avoid clicking on links contained in such emails. These may lead to sites that contain malicious software, or sites that attempt to steal your credentials. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it. A number of these emails will take you to a Google Forms page that will look like an authentication page. Banner is your official source for grades at UAH and OIT will not send you emails containing details about your grades or asking you to fill out a form regarding your grades. If you have a concern about your grades or receive a notification that you think may be genuine, we encourage you to log into Banner directly and view your grades.Below are some quick tips to avoid being an email phishing victim:

  1. Think before opening emails from unknown senders.
  2. Be wary of all attachments and scan them before opening.
  3. Look for misspellings and poor grammar in emails. These are red flags for phishing scams.
  4. Confirm that the name and the email address are consistent.
  5. Hover the cursor over a link to see the address. If it’s different from the URL in the message, it’s probably a phishing email. Look out for variations, such .com and .net.
  6. Retype the website address into the browser instead of clicking the link in the email. Do not copy and paste — it can be deceptive and add risk.
  7. Be suspicious of messages that contain threats, request urgent action or try to create fear.
  8. Don’t give out passwords or other personal information to anyone via email.
  9. Be aware of fraudulent links posted on social media that compromise and infect your social media account and network.
  10. Report any suspicious emails to a manager or to OIT.

UAH is constantly under attack by individuals attempting to gain unauthorized access to our systems and your information. We ask everyone to be diligent about protecting their username and passwords. We all have to work together to keep everyone safe.

Do Your Part. #BeCyberSmart.

- Jeremy Shelley, CISO

LET'S TALK ABOUT WI-FI!!

Welcome to UAH and another exciting year of education on campus! The OIT Network Infrastructure Team has been working hard behind the scenes to expand wireless coverage across campus. Specifically, within the housing buildings, but more broadly across campus, there are some quick and easy things everyone could do to improve the overall wireless experience.

We are very limited in the number of 2.4GHz channels available on campus. One area where we could really use everyone’s cooperation is powering on wireless devices that act as access points that lack the internal intelligence to scan the area around them and auto-select a 2.4GHz channel that is not in use. The most common occurrence of this is wireless printers, specifically Hewlett-Packard DeskJet printers, which come with their 2.4GHz radio on full output on the most common 2.4GHz channel of 6. This  configuration is detrimental to the wireless service for you and the people around you because now the two devices are fighting for wireless access, and the amount of available service is divided by two, with nobody even on the printer wireless network. If we have a campus housing setting where four wireless printers are generating wireless interference, that number is now divided by 5, with only 1 serving wireless clients.What can you do to help combat this problem? First and foremost, if you bring a new printer to campus, please turn off the wireless access point mode. If you are not utilizing the Wi-Fi direct printing option, please disable that as well. You are free to join the printer to one of the UAH-provided wireless networks should you desire to utilize the wireless functionality of the printer. Additionally, please do not manually set any wireless access point type device to channels 2,3,4,5,6,7,8,9, or 10 (use 1, 6, or 11). Another area that can cause significant service disruption is on the 5GHz side, where a provider “bands” channels together, increasing the throughput of the wireless but also CAN interfere with the UAH-provided wireless services. We utilize an overall service that has redundant wireless controllers located in our data centers to provide this service. While it can detect when these configurations occur, we have to send technicians out to locate and correct these problems, which could be avoided.One final note on Wi-Fi: Enabling your own wireless access point violates Article IV of the Code of Student Conduct as well as the campus Wireless Networking and Guest Access Policy (located at: https://www.uah.edu/policies/06-01-08-wireless-networking-and-guest-access). Section 1.0 states that enabling your own access point constitutes an extension of the UAH network, and is not permitted. 

- Mike Turner, Director, Network Infrastructure

GOOGLE

  • Google Workspace - What is Google Workspace you may ask?  Simply put, by a non-techy person, it is Google’s version of Microsoft Office Suite which is cloud based, and allows you to access your files from anywhere.  If you are a Microsoft Office person, and feel it’s time to make the switch, simply click here for more details.  You'll be glad you did!
  •  It is necessary for OIT to perform maintenance on various systems to keep them running smoothly and securely.  To see when a system is being maintained, check the OIT Maintenance Calendar.  You can bookmark this page, or visit our Client Portal and click the link there for it.  To add it as one of your Google calendars, log into http://calendar.uah.edu/, find the "Other calendars" list, click the + button to Add other calendars, click From URL, and enter the following (https://calendar.google.com/calendar/ical/uah.edu_8j0rtag9n9jueee20q7clq6cq4%40group.calendar.google.com/public/basic.ics) as the URL of calendar, and then click Add Calendar.  

KUDOS TO OUR TECH PEOPLE

From Stephanie Armstead:

"We’re blessed to have OIT on the lookout for phishing issues. Thank you for all you do."

From John Pottenger:

"As always, Etta carefully researched the problem I was having. She then identified the problem's source and quickly solved the problem. Etta is terrific, both in terms of her patience and her expertise in resolving these problems. Thank you, Etta! I really appreciate your assistance."

From Pamela MacDonald:

"....William Eubank persevered and was able to obtain the correct access for me. I have always had the best experience any time I have contacted our OIT."

To view the current list of projects, please visit the OIT Project Site.