Information Technology - News

CTF Fair Banner

Mon, 20 Mar 2017 00:00:00 MST

Duo Web Banner

Wed, 08 Feb 2017 00:00:00 MST

Information Technology expands and strengthens its security efforts

Tue, 04 Oct 2016 00:00:00 MST

By Steve Eaton

The Office of Information Technology is expanding its security efforts, tapping the expertise of more people within the organization as part of a broader strategic approach to protect USU from cyber criminals.

Two teams within IT have merged to become one. The Security Team and the Systems Administration Operations Team have now become the Security and Systems Engineering Team, with IT veteran Blake Rich leading the new group.

Rich said this move represents a philosophical shift that he thinks will pay off.

“Sometimes when there is a security team, separate from other parts of IT in an organization, people tend to defer responsibility to that group and its expertise when it comes to cyber security,” Rich said. “This reorganization emphasizes that that everyone, not just those on the Security Team, has a role to play in shoring up our defenses.”

Rich said the team will also reach out more to other tech administrators on campus to try to build an expanded collaborative approach to security at USU.

“The tactics and approaches of those who would break into USU’s systems keep changing, so our defensive efforts have to constantly evolve,” he said. “It makes sense to better tap the expertise we already have available. The goal is to make the university more security minded on all levels”

Rich was previously the manager of the Systems Administration Operations Team, a group that was on call 24-hours a day and in charge of keeping the university’s core systems functioning, such as the school’s web servers, Banner, and USU’s email and authentication system. Their work will continue with an added emphasis on improving security practices across the board, he said.

“Many on the Systems Administration Operations Team have had valuable experience working in cyber security and have an interest in contributing more directly to ITs security efforts,” he said.

Eric Hawley, USU’s chief information officer, said the change will open up new career paths in IT to those with an interest in security.

Utah State also has an independent Information Security Office that is tasked with making sure the security policies, strategies, and processes for the university are in place and being followed. IT works closely with the Information Security Office, especially when it comes to making sure the right technology and practices are being used to safeguard protected institutional data, Rich said.

“With our expanded focus, and the help of our ISO office, we will can elevate our defenses and make them more effective,” Hawley said.

Bob Bayn led USU’s “internet skeptic” efforts for years but retired in August. Before he left, he passed the torch onto Rick Major, a long-time systems administrator who will be leading the charge when it comes to defending against phish attacks and other tactics used to trick employees into offering up their credentials.

MyID banner

Wed, 14 Sep 2016 00:00:00 MST

Website makes it easier to create strong, memorable passwords

Tue, 23 Aug 2016 00:00:00 MST

All those com#plic$ate%d passwords can now go away.

The whole password thing at USU just got a lot easier.

It’s no longer necessary to come up with a complicated password that includes lots of numbers, randomly-placed uppercase letters and symbols like these: “@#%^*&,” according to Utah State University’s Office of Information Technology.

Richard Macdonald has headed up a team that has created myid.usu.edu, a one-stop place the USU community can visit to update passwords, email, and home addresses or just to find their A-numbers. One of the new features MyID offers is the ability to type passphrases. A passphrase could be something simple like, “I love my mother and apple pie.” It’s even better if the combination of words people use are more random, such as, “debate dog frog tree.” Passphrases can even include spaces, if that’s how people want to write them.

“Studies show that password length has a larger effect on password strength than character variety alone,” Macdonald said. “In other words, a 20-character password sentence containing only lower-case letters and spaces can offer higher security than an eight-character password containing numbers, letters and special symbols. Until recently, however, certain software restricted the maximum length a USU password could be.”

MyID, which is found at myid.usu.edu, replaces id.usu.edu/password as the website Aggies visit to make password adjustments.

"MyID aims to reduce password-related calls to the IT Service Desk by making it easier for people to lookup their A-number, reset and change their strong password and verify their USU profile information," Macdonald said. "Passwords are something that we all struggle with, especially on mobile devices. We hope that MyID and the new password policy will make passwords easier for people at USU."

MyID also allows Aggies to set up account delegates, family or friends, as people who are authorized to access personal information on someone’s behalf while they are away. This can be helpful if a student is away on military leave, serving in their church, or just away temporarily.

Anthony Hildebrandt, of the MyID team, talks about myid.usu.edu at a recent conference.

Bargains on personal software available to USU employees

Sun, 31 Jul 2016 00:00:00 MST

It’s easy to take for granted the software you use every day as an employee at Utah State University. It costs you nothing.

It’s only when you go to get a new personal computer loaded with software that you begin to appreciate the software you use at work. That’s when you discover, in most cases, you have to pay for your software every month. Forever. Often software can no longer be purchased with a one-time fee. You pay to access it in the cloud.

Jennifer Fluckiger helps with the home-use software program for the Office of Information Technology at USU. She tries to spread the word about usu.onthehub.com where USU employees can go to save money on software.

“Life is better for USU employees when it comes to software,” Fluckiger said. “We still come across faculty and staff who had no idea of the great software deals available to them for use on their personal devices.”

For example, Office 2016 and Office 2016 for Mac, which includes Word, Excel and PowerPoint, can be had for a one-time fee of just $9.95, she said.

“Employees can get Photoshop or Dreamweaver, which are a part of the Adobe Creative Cloud, for $9.75 a year,” she said. “Adobe Creative Cloud could cost $49.99 a month if you don’t buy it through USU.”

Some of the software available to employees requires a one-year or six-month subscription but those are always less expensive than the fees that would be charged for the same products if not purchased through USU, Fluckiger said.

Office 365 and a few other software products are also available at a discount for USU students, she said.

Updated home software banner

Wed, 20 Jul 2016 00:00:00 MST

If it is not really your boss, you are in deep trouble

Wed, 15 Jun 2016 00:00:00 MST

Imagine you have a boss who can get just a little blunt and direct when she is busy and under pressure. She doesn’t like a lot of email back and forth when she is rushed. One day she sends you an email asking you to quickly take care of an urgent bank transfer. No time now to explain. She’ll do that later.

You know she appreciates and expects a timely response, so you drop everything and take care of it immediately. When you bring it up with her later, expecting some praise for your efficiency, she doesn’t know what you are talking about. Someone has just gone spear phishing and you are their catch of the day.

When people send deceitful emails to lots of potential victims hoping to trick a few of them into offering up confidential information by directing them to fake log-in pages or other online traps, it is called phishing. When someone focuses their efforts on one specific person or, perhaps, a number of targeted people at an institution, it is called spear fishing.

Filters at USU block most phish messages but hundreds do get through and when that happens only a healthy amount of internet skepticism can protect someone from getting tripped up, according to Bob Bayn, a USU network security analyst. He said people in key financial positions at USU have been told to be on the lookout for the latest spear phishing attacks, so he believes they are alert to the possibility of such approaches.

In recent years phishers have tried several times to trip up people at USU by pretending to be the university president, a vice president, or a dean. In some cases, they have targeted specific people they think might be authorized to transfer funds but each time they have tried, so far, they have been unsuccessful.

“When the suspicious emails come in sometimes I have asked people to play along with the bad guys until they get directions on how to transfer the money or a bank account number,” he said. “That way I can notify the bank that someone is using one of its accounts to phish and steal from others. The bank can then freeze the transactions until it can double-check with the sender.”

He can’t take it for granted, however, that people will always recognize an attempt to steal credentials or money. Teaching the USU community to be cautious is never-ending part of his job because “electronic filtering is never perfect,” he said.

“We live in a nice, safe and friendly place and we trust each other,” he said, “but we’ve got to remember the internet is not the nice, safe and friendly place that we are used to living in. We have to be on guard. We have to just pause for a moment and look at everything that comes along that is at all unusual, unfamiliar or unexpected. Unexpected might include things that look familiar, such as something that is coming from a boss or an email that looks like it is from a friend.”

Spear fishers don’t always go after an institution. If someone gets your credentials without you realizing it, they could get into Banner, for example, and reroute your direct deposit checks, he said.

“The losses that are incurred when a phish is successful can be both institutional and personal,” Bayn said. “The phisher may end up being able to defraud the institution or may succeed in stealing from you.”

For more information on how you can spot phish messages read: How to recognize and report phish messages.

Updated Phishing Banner

Tue, 07 Jun 2016 00:00:00 MST