FROM THE CIO

Malcolm Rice

 

OIT is committed to providing the campus community with the latest in hardware and software.

The Infrastructure team has recently replaced the aging equipment on the campus network and is transitioning services over to it. Any service interruptions related to this would be during off and non-peak hours.

Beginning June 9, 2023, students will be required to use Duo multifactor authentication to access certain systems. Please note that Duo is different from Google 2-Step Verification. In May, the Duo interface as seen during SSO will be updated to a newer style prompt. Keep reading this newsletter to learn more about the requirement of Duo for students.

Over the next year, we will transition to a more modern version of some applications. Ellucian, the vendor for Banner, has announced that Self Service Banner 8.0 will move into maintenance support beginning March 31, 2024. Maintenance Support is a temporary period during which customers will only receive regulatory updates and changes that address the highest severity rating (including security fixes). No new features will be added to version 8.0 of the product(s). OIT will be working with the functional areas to upgrade to the newer versions of Self-Service. More information will follow as we progress in these implementations.

Luminis, the software that powers myUAH, will enter the End of Life stage on June 30, 2024. End of Support occurs when a release or product is no longer supported by the vendor. We will be replacing it with the newer product called Experience later this year. To improve our cybersecurity posture and to meet the requirements of our cyber insurance providers, we will be implementing a Privileged Access Management (PAM) application. Our security team is working with the other institutions in the University of Alabama System to select an appropriate product. More to come on this solution in the coming weeks.

In order to reduce the number of vulnerabilities from unsupported or outdated systems andsoftware, OIT is working with system administrators in the distributed areas to develop procedures on how to address end-of-life hardware and software as well as procedures for managing and mitigating discovered vulnerabilities.

On the horizon: We will continue to reduce the number of wireless SSIDs on campus. In preparation for this change, we encourage all faculty, staff, and students to use the Eduroam SSID instead of the legacy wireless networks. Guests and event participants should be directed to UAH Get Connected. Ellucian WorkFlow will be implemented as we complete the foundational requirements for this product.As always, please visit the OIT Project site to see what is currently in the queue.

Welcome to UAH

Please join us in giving a warm welcome to OIT’s recent new hire: 

  • Megan Frizzell, System Engineer III

We are excited to have Megan with us and look forward to the talent and experience she brings to our team!

Cybersecurity - Staying Cyber-Secure At Alternative Work Locations

jeremy shelley, ciso

 

As some of us have transitioned to alternate work options, staying secure while working remotely has become more important than ever. 

Dr. DJ Hovermale of the UAH College of Business had this to say about the risks of remote work: “Not only does the digital attack surface expand because of new hardware and software being used by remote workers, but the physical attack surface expands as well because computers aren't sitting in locked offices with restricted access."

Staying cyber secure only requires a few simple steps while you are working away from campus.

  1. Keep your software up to date. Keeping the software on your UAH system and home network router updated is a simple but effective way to reduce the number of vulnerabilities while working remotely.
  2. Use the UAH VPN when connecting to systems. OIT provides the Pulse Secure application for all UAH assets. Connecting to UAH via this VPN solution will help keep the data encrypted while you are transferring it back to systems on campus.
  3. If you are off campus for more than one week, connect your computer to the UAH VPN at least once per week to download system updates. For instructions on how to connect to the VPN, please see this knowledge base article.
  4. Private or confidential data (as defined in the Protection of Data Policy) must only be stored on UAH owned IT resources unless you have received prior approval from the data owner. 
  5. Do not attempt to disable the security software on your UAH device. The cybersecurity software helps provide a secure work environment and reduces the risk of malware on your computer. 
  6. Do not share your work devices. Your UAH assets are intended for use by UAH employees only. Allowing others, even family members, to use your computer increases the risk of dangerous software being installed or the system attempting to visit dangerous websites.

As always, be mindful of phishing and smishing attacks trying to take advantage of a lapse in concentration. Carefully review emails and text messages to ensure they are valid before you respond.

“If you receive an email or phone call that doesn't seem right, contact OIT to verify its authenticity,” recommends Dr. Hovermale. “If it seems too good to be true it probably is. If someone calls you trying to get information – even if they say they are from OIT, politely hang up and call OIT directly. Being vigilant about verification and knowing the signs of phishing emails is one of the most important ways that you can protect UAH information systems. If you spot one of these attacks you can even help prevent the attackers from tricking other UAH employees.”

It’s a brave new world with the new alternative work options we have been granted. By taking a moment to be cybersecurity aware, you can help keep UAH assets secure and reduce the chance of a ransomware attack or system outage due to a cybersecurity event.

Many thanks to Dr. DJ Hovermale, Clinical Assistant Professor in the College of Business for his contributions to this article.

New Software, new application? Start HERE!

Are you considering implementing new software applications for faculty, staff, and/or students? If so, you can start the process by completing the Project Intake form on the OIT Project Site located here to maximize the chance for success.

Involving OIT early in the process will help by:

  • identifying potential technical issues or limitations that may arise during implementation, 
  • providing valuable input on security and compliance considerations, 
  • allowing adjustments to be made before significant time and resources are invested in the project.

By working collaboratively with OIT, projects can be completed more efficiently and effectively, ultimately benefiting the entire UAH community. So remember, involve OIT early and often!

To view the current list of OIT projects, please visit the OIT Project Site.

Spotlight on:

Multi-Factor Authentication

Changes are coming for Duo! Due to the requirements included in the Gramm-Leach-Bliley Act​​, students will be required to use multi-factor authentication in the next few months. As part of the implementation, OIT will switch to the Duo Universal Prompt. Please watch for more information from us regarding these changes. For reference:

Teleworking and Connecting to the UAH VPN

Most computers supported by the Office of Information Technology are registered on the campus Active Directory domain so they’re accessed using a Charger ID and password. When taking those computers off campus for more than a week, please note the importance of connecting to the UAH VPN at least once each week. When a device goes too long without authenticating to the UAH network, you can lose the ability to use your Charger ID and password to log into the computer. For more information about connecting to the UAH VPN, see the article in our client portal regarding Connecting to the UAH VPN.

CrashPlan Reminder

In our first quarter newsletter, we discussed backing up your computer using CrashPlan (formerly Code42). CrashPlan generates a custom email to each UAH user on a weekly basis. Please review the content of these reports to ensure that your devices are being backed up without error. Please report any problems to the OIT Help Desk by submitting a ticket from the OIT Client Portal.

Google Calendar - Appointment Scheduling

The Google Workspace appointment scheduling feature allows users to share their availability via a booking page, which can be used by external stakeholders, clients, and partners to schedule time. The new appointment scheduling feature is suited for external use cases, allowing external users, including those without a Google account, to schedule meetings. Additionally, with automatic conflict detection with existing Calendar events, this feature helps reduce time spent finding and rescheduling appointments. For more information click here. This is an alternative to the existing appointment slots feature that has been part of google workspace for a while now.

Do you need to share Google Drive files with multiple users?

You can use a Google Group to share content with multiple people via a single email address. See the Google article about this feature: Share content with a group - Google Workspace Learning Center. Sharing content with a group is different from Google shared drives. See more about shared drives in this Google article: What are shared drives? - Google Workspace Learning Center.

Do you need a Google Group?

If you frequently send email messages to the same group of people, you could benefit from creating a Google Group. A Google Group is used to email everyone in a group with a single email address and have access to an archive of all related messages on a website. Manually manage users (or automatically manage them if possible) as membership changes. Google Groups are especially useful for organizations that experience turnover and for sending email to multiple people at once - especially when doing so contributes to the sender exceeding the sending limits for individual accounts. See our article about Entity Accounts and Google Groups for more information and to get started.

Kudos 

Congratulations to our OIT employees who will be receiving the following services awards at this year’s University Celebration:

For 2022

  • Mia Hardy - 5 Years
  • Chris Pearson - 10 years
  • Brian Swan - 10 years
  • Malcolm Rice - 35 years

For 2023

  • Karen Freemon - 35 Years

Thank you for your service and dedication to our department and UAH.

 

A faculty member in the English department wrote:

“Please give William Cox a raise or kudos because he was excellent during his time assisting me so I can access my UAH professor emails.”

-Lana K. W. Austin

 

Let us know if there is a topic you would like OIT to cover by sending an email to oit@uah.edu.