Keene State College

Information Technology

2008-2009 IT News

New policy provides tighter security practices for USNH technology resources

In an effort to increase security practices, and decrease institutional liability, the USNH System Office has recently approved modifications to the System Access Control policy (see section 5.7). This policy will increase protection for computers and data resources used in the transaction of USNH and Keene State College business. Given that security is a combination of policies/standards, business practices and technical controls, KSC will rely on all three to ensure our compliancy with the new USNH System Access Policy. It is the responsibility of every KSC employee to comply and practice safe computing practices as outlined by USNH and KSC policies, standards and procedures. Visit Changes resulting from the System Access Control Policy for a comprehensive list.

This new policy will become effective May 1. Highlights include:

College owned workstations will require an employee-specific password for access that meets industry standards and exceptions will be dealt with on an individual basis.
Employee-specific passwords shall be treated as sensitive, confidential information and will not be shared. They shall not be stored on line or written down unless adequately secured from unauthorized viewing. To ensure confidentiality, store your password files on your secured personal (P) drive space.
All KSC accounts should expire at a maximum of every 120 days. KSC employees should change their passwords accordingly. For passwords that KSC employees are not prompted to change, you must change these passwords within the 120-day maximum (i.e. Blackboard, WebAdvisor accounts).
Campus workstation screens will automatically lock after 20 minutes of inactivity. NetID passwords will be required to unlock the screen. Mac users: The IT Group will contact you directly regarding what this change means for you.
Social Security Numbers (SSN) will not be sent via email unless encrypted or masked for all but the last four (or fewer) digits of the number. We have a small number of employees who are required to transmit Social Security Numbers. The IT Group is working with these select individuals to implement a secure mechanism and will be contacted directly by the IT Group.
Paper and electronic documents containing this information will be disposed in a secure fashion and personal information which links a SSN with a person shall not be publicly displayed.

Please view the changes resulting from the new System Access Control Policy, as well as the entire policy on the KSC SAFE web page. The IT Group will continue to communicate with the campus regarding security policies/standards and practices and your role in ensuring a secure computing environment.

If you have any questions regarding this or any other technology issue, please feel free to contact the HelpDesk at 358-2532 or stop by our office on the 2nd floor of Elliot Hall.


May 1, 2009
April 2, 2009	IT Tech Tip of the Week Currently in Microsoft Outlook, the calendar feature which displays your busy or free time is set for 2 months. This means that information beyond those two months appear as "no information is available" and a bar with diagonal lines. Many of us are already scheduling project meetings, appointments and vacations. A simple solution to this problem is to expand the number of months others can view from 2 months to 6! If you expand your calendar availability and everyone else expands theirs, it will make summer planning a whole lot easier for everyone. Simply: Open Microsoft Outlook Click on "Tools" Open "Options" In the "Calendar" area - choose "Calendar options" Under "Advanced" options - select "Free/busy options" In the "Options" area, change the default from publish 2 months to "Publish 6 months of calendar free/busy information on the server". Click OK and continue clicking OK through each subsequent screen. That's it, you're done! So, tell your colleagues and your friends. Then you can feel confident scheduling those advanced meetings and appointments. If you have any questions regarding this or any other technology issue, please feel free to contact the HelpDesk at 358-2532 or stop by our office on the 2nd floor of Elliot Hall.
March 26, 2009	Tighter Security Practices - Recent Changes to USNH System Access Control Policy In an effort to increase USNH security practices, the USNH System Office has recently approved modifications to our current USNH "5.7 System Access Control" policy. System Access Control is part of the USNH USNH Property Policies, Section F under IT Security (Section F5). Highlights of the policy include; utilization of employee-specific passwords for access, password change schedules and treatment of passwords along with Social Security Number restrictions whenever the SSN is utilized and/or displayed. The policy effective date is May 2, 2009 and the updated policy will be published online shortly. As with other USNH policies, compliance is required and accomplished locally at each institution. As CIO, I am responsible for establishing standards to ensure that it is implemented in a manner with technologies at our institution. Our approach to IT Security is a combination of technical and business process controls and to that end, I will need your help. The IT Group is currently conducting a gap analysis and will be communicating with others on the campus in order to complete their work. Recommendations will be considered by CITC and then forwarded to the President for final approval. At that time, I anticipate that we will be communicating to the campus changes in tools and/or processes that will ensure compliancy with the new policy before May 1st. If you have any questions regarding this or any other technology issue, please feel free to contact the HelpDesk at 358-2532 or stop by our office on the 2nd floor of Elliot Hall.
February 17, 2009	Ruckus Services Cease Due to Economic Situation As you are aware Ruckus has fallen victim to these hard economic times. At this time, we do not have any new information to share with you. The abrupt closure of Ruckus is unfortunate for KSC students who used the service for both personal music and video pleasure, as well as academic. Ruckus was an ideal solution to combat the illegal downloading trend seen at Keene State and other colleges throughout the country. Ruckus was a totally free service which required no investment by the college or KSC students. This only emphasizes our disappointment of their demise. There does not appear to be another model similar to Ruckus that is available to fill this gap. However, it is important to remember that illegal music and video downloading is a copyright violation and by doing so, you risk identification and legal action by the Recording Industry Association of America (RIAA). Please avoid this risk by continuing to use legal download options such as Itunes, Napster II or one of the many other options available for this purpose. If you have any questions regarding this or any other technology issue, please feel free to contact the HelpDesk at 358-2532 or stop by our office on the 2nd floor of Elliot Hall.
February 12, 2009	Is it real or is it Phishing? Oh no, you just received an email from the Internal Revenue Service - United States Department of Treasury. Then you realize that everything is fine because it is regarding your Tax Refund. You've been waiting for it and here it is. You have the opportunity to get your tax refund applied directly to your Visa or MasterCard. You simply need to complete the following information: Enter your Social Security Number and a valid credit card number you want your refund applied to (be sure to read the "Privacy Notice" regarding the request for the personal information). Be sure your Social Security Number is as shown on your tax form. Credit/Debit Card number - Name Card number Expiration date CVV code Personal information - DOB Address City Zip code Telephone number Email address All you have to do now is click "Submit" and you are all set. You are surprised how easy that was! Or are you? Everything looks legitimate, but is it really? Well, if you clicked that "Submit" button, you've just been Phished! Even though it looks like official correspondence from the IRS, here is how you can tell that it wasn't. The IRS does not send out email to anyone requesting that you supply any private or financial information via email. They want you to call or write them. The email isn't addressed to you. It just says "Tax Refund". There is no information shown that indicates that the sender knows who you are. The "CVV" code is only needed to validate the use of the card for purchases - not deposits. They do not provide a secure web site (using https connection) or any other means of contacting them. That is never a good sign. Phishing can be difficult to detect, but there are signs to look for. Our friends at Sonic have developed a great tool to help you test your knowledge. Visit: http://www.sonicwall.com/phishing/. As always, if you ever receive something you aren't quite sure about, feel free to contact the HelpDesk at 358-2532, email the HelpDesk or stop by our office on the 2nd floor of Elliot Hall.
November 13, 2008	Mail Merge in Office 2007 Do you find that you frequently need to send a letter or e-mail message to a large number of people and use mail merge to accomplish this task? We all know that doing this individually would take hours and mail merge simplifies the process for you. However, while you know how to use mail merge in Office 2003, are you wondering how you will do this using Office 2007? Whether you are currently using Office 2007 or would like to see what is ahead for you, Microsoft has developed a tutorial you can view to see how mail merge in Office 2007 works. You can listen to the audio and follow along each page, or you can click through to the next page if you choose. At the end, there is an assessment you can take to see how well you know mail merge in Office 2007. For more information regarding this and other security tips, visit our security website or stop by the HelpDesk on the 2nd floor of Elliot Hall, call 358-2532 or email helpdesk@keene.edu.
October 30, 2008	IT Tech Tip of the Week It is mid-way through the semester and students are busy working on presentations to share with the class. Please remind them before the big day that they should TEST their presentation in advance using the technology in the classroom. This will give them an opportunity to catch any issues or incompatibilities ahead of time. Also, if you or your students have a Macintosh computer and would like to use it in the classroom, the HelpDesk has adaptors available to borrow. Simply complete a Media Equipment Request form 48 hours in advance. As always, in case you need it, the HelpDesk will respond immediately to any classroom emergency and we are always available to provide you with additional training. Feel free to contact us at 358-2532, email helpdesk@keene.edu or stop by our office on the 2nd floor of Elliot Hall.
October 1, 2008	Windows Users: Did you know... …that if you have installed or been upgraded to Office 2007, you can publish PDF documents without purchasing the full Adobe Writer software? If you received a workstation upgrade this summer, you have the PDF Add-In already installed. If you upgraded to Office 2007 via the network, you need to install it by clicking HERE. To publish a document as a PDF, click on the Office Button (top left hand corner of a Word document) and go to Save As PDF or XPS. Give it a try and if you haven't upgraded to Office 2007 yet fill out a request for the software download. If you have any questions, feel free to contact the HelpDesk at 358-2532, stop by our office on the 2nd floor of Elliot Hall or visit our website.
September 29, 2008	October is Security Awareness Month! Last month, there was a "Phishing" attempt sent to Keene State College faculty/staff email . "Phishing" is email spam with a particular purpose. It is sent by someone pretending to be an organization or person asking you to enter your personal and/or account information. If you respond to these emails, your information has been compromised. It can be difficult to know what is legitimate email and what is phishing. At Keene State College, the IT Group will never ask you to verify any information via email or any other electronic source. We already have that information and there is no need for you to verify anything. Legitimate financial institutions, the government and the IT Group will not ask for personal information through email. You will always recognize a message from the IT Group because we use a standard email template when communicating with the campus. Critical campus wide messages from us will always be addressed to the Outlook Global Address List (_GAL) and we will identify ourselves at the beginning of the message. Our messages always tell you to, "Contact the IT Group HelpDesk at 358-2532, email or stop by our office on the 2nd floor of Elliot Hall with questions concerning this or any other technology issue" and our signature line provides location and contact information. Would you like to learn how to tell if an email is legitimate or phishing? Test your knowledge with this informative 5 minute test. You may be surprised at what you already know and what you don't. So don't be fooled. Computer security is a partnership and you need to be responsible for your computer security too. Whenever you are in doubt, contact the IT Group HelpDesk. We can help! If you would like more information regarding Phishing and other helpful security information, please visit the HelpDesk website.
September 11, 2008	_GAL or _EVENTS - Which list should I use? When there is an exciting event happening at Keene State College, your first thought is to share it with the campus community. Your first instinct is to send an email addressed to the Global Address Book, also known as the GAL. However, unless your message meets very specific criteria for a "broadcast" email, this vehicle is not be your best choice. To share your event information, the ideal distribution list to use is the KSC "_Events" list. You can locate this list in Outlook's Global Address List and it is identified as "_Events". This list is ideal because it contains individuals who have specifically subscribed and welcome information regarding upcoming events on campus. It should be used in place of campus-wide mail (_GAL) when communicating upcoming events. The GAL mailings are reserved for communication that are crisis/urgent announcements, logistics announcements (construction closures, traffic routing), major news (Presidential visit), major policy and procedural changes that must be communicated quickly, financial and administrative deadlines, registration information and academic deadlines or communications from the University System of New Hampshire. This link to the "KSC Guidelines for Broadcast E-mail" will provide you with more information. So, before you use the _GAL to share your event with campus, remember to select _Events instead.
August 23, 2008	SPYWARE ALERT! The IT Group has received reports from campus computer users of a spyware outbreak that pretends to be an antivirus program. Antivirus 2008, also known as Antivirus2008, Antivirus 2008 Pro, XP Antivirus 2008, and Antivirus 2009, are all rogue anti-spyware programs that use false spyware results to lure users into purchasing a full version of the software that does not even exist. These programs also display web pages in your browser telling you that your computer has been infected with viruses/spyware and you should click on a link to enter the process of downloading and purchasing the software. These programs display false virus infections which work as an incentive to make unsuspecting users complete forms and/or click on links to further infect their computers. All KSC faculty and staff computers are protected by MacAfee McAfee AntiVirus; however, because this is not a virus, but a method to lure people into downloading a virus, our best approach is to inform campus NOT to click on any pop up boxes that you encounter informing you that your computer is infected. How can I get rid of Antivirus 2008? These programs cannot be removed using the normal program uninstall features available in Windows. They have the ability to recreate themselves after reboot and its "system scan" messages may continue to pop up on your screen. If you see a pop up or banner ad warning you that your computer is infected and to purchase Antivirus 2008, Antivirus 2009, or XP Antivirus 2008, DO NOT CLICK ON ANY DIALOGUE BUTTONS! Call the HelpDesk. The only way to clean an infected computer is by having a HelpDesk technician reinstall Windows. Please save yourself the time and trouble by not clicking on these alerts. If you have any questions concerning this, please feel free to contact the HelpDesk at 358-2532 or stop by our office on the 2nd floor of Elliot Hall.
July 24, 2008	New Wireless Zones on Campus The IT Group has been busy making changes to the wireless network over the summer. Beginning today, you will find Wireless Networking available on the entire first floor of the Science Center. One feature you will notice when you connect to the wireless network wherever it is available on campus is the new log-in options and enhanced security. We have replaced "Star-King" and have divided the wireless network into three separate services to meet the needs of distinct groups of users. These three new wireless network options (SSIDs) are: KSC_Secure KSC_Student KSC_Guest Faculty and staff must use KSC_Secure to access any Keene State resources from a campus or personally owned wireless device. It will require authentication and will encrypt data between the computer and the wireless access points. This is a secured network connection. Students may also use this option if they want a secure encrypted wireless connection or may continue to use the KSC_Student option. There is also an option for guests of Keene State College to use our wireless network by selecting the KSC_Guest option. This login will provide them with limited access to the Internet. You will see these new login options throughout all of our wireless zones on campus. To configure your computer for our secure connection, please visit our wireless page. So, if you have used the wireless network in the past, look for these new features. If you haven't used the wireless network before, please give it a try. If you find you need assistance or have some questions, the HelpDesk is always available to help. Feel free to contact us at 358-2532 or stop by our office on the 2nd floor of Elliot Hall.