January 2015 IT Activity Report
Information Security
One of the challenges the University of Delaware and other universities face is how to tighten security while remaining open for business and research. UD is engaged in an ongoing, continuous process of improving information security, focusing on the technology, the processes, and the people—UD employees. The following articles provide information about how IT has been working with the campus to make University information more secure.
UD network being hardened against potential cyberattacks
Since the last IT Activity Report, IT has been hardening UD’s network against potential cyberattacks. In each case, IT has collaborated with data owners to ensure that UD’s business, teaching, and research can continue while the University’s network is made more secure. Several examples are listed below.
- Web Application Firewall (WAF): IT has continued the process of migrating all
business critical Web applications to a more protected environment. As of Jan. 26, about 75% of these applications and their associated Web Forms are behind a WAF. The balance of our applications and Web Forms will be moved behind the WAF over the coming months. - Next generation firewalls: IT has begun deploying next generation firewalls in individual administrative units. These devices look at a network’s traffic more closely than a traditional firewall does and, therefore, do a better job of blocking malware from and attacks on a unit’s network. More units will have their networks placed behind next generation firewalls over the coming months.
- Department of Homeland Security (DHS) and UD IT network scans: IT has subscribed to the DHS vulnerability scan program. Every two to three weeks, DHS scans the entire UD IP address space and sends reports to IT. Those reports can be shared with individual colleges and departments. A unit’s IT professional can request that IT share the report for that unit’s IP address space by making a request to the IT Support Center. In addition, UD IT has been running daily vulnerability scans on all UD IT-maintained servers. By running these UD-controlled scans, IT staff can see and fix vulnerabilities not revealed by the DHS scans.
- Virtual Private Network (VPN): In a further enhancement to the security of UD’s systems, the University now requires off-campus access for most business systems to use VPN connections. Off-campus access to all HR and Financial PeopleSoft instances require a VPN connection. In addition, on-campus wireless connections must either use VPN or the UDel Secure wireless SSID. For information about downloading and using VPN software, consult IT’s VPN help files.
- Two-factor authentication: Because passwords can be stolen in a variety of ways (e.g., malware, keyloggers, phishing, open networks), IT is testing more secure two-factor authentication. Two-factor authentication requires you to provide a login password and a “secret token” sent to your smartphone or to a special device that is small enough to go on your keychain. The plan is to require two-factor authentication on most secured UD services within the coming year. If units or individuals would like to volunteer to join the testing, they should contact the IT Support Center.
- Blocking ports used by unsecured Internet protocols: Over the past several months, IT has been configuring the University’s border routers to block commonly targeted and exploited ports used by Internet protocols that send confidential information in clear text and/or present other vulnerabilities. In addition, on Feb. 3, the University will begin blocking FTP (port 21). If your unit or college needs a special exception for FTP, contact the IT Support Center.
- Business applications further locked down by network access: Due to the sensitivity of the data used by UD business applications, IT Web Development (IT-WD) has added additional restrictions for logging into applications such as Advisor Notes, Transcript Archive, and Residence Life Incident reporting. For the last year or so, we have been requiring one of the following types of connections:
- on-campus and connected (hard-wired) to the UD network
- on-campus and connected to the UDel-Secure wifi network or connected using VPN
- off-campus and connected to the UD network via VPN.
UD campus better informed, more aware of information security issues
During 2014, IT collaborated with University executive management and University HR to improve information security awareness among UD employees. The message is that “security is everyone’s responsibility.” The combination of the new Secure UD initiative and meetings with data owners increased UD employee engagement with information security issues, as witnessed by a 54% increase in the traffic on UD’s IT security websites between Jun. 1 and Dec. 31 in 2014 compared to the same time period in 2013.
Beginning in June, employees were enrolled in voluntary Secure UD training that addressed critical information and computer security topics. The online training uses video modules for instruction and brief quizzes to test user knowledge, and it covers a range of subjects including phishing, encryption, and personally identifiable information (PII). President Patrick Harker, Executive Vice President Scott Douglass, and Provost Domenico Grasso jointly endorsed the Secure UD initiative and emphasized the role of the individual employee in building a stronger security culture at the University.
The Secure UD initiative also introduced Secure UD News, a site that provides current and topical information and links to computer security bulletins. The former IT phishing blog was expanded into the new Secure UD Threat Alert website, a more expansive site that covers phishing and other vulnerabilities affecting the campus community.
In September and October, Executive Vice President Scott Douglass led two “Security Is Everyone’s Responsibility” (SIER) meetings to discuss UD’s information security posture and to coordinate the efforts to bolster security visibility and practices within the campus community. The meetings were collaborations between Douglass and IT executives and prioritized unit- and employee-level responsibilities. Specifically, the meetings underlined the responsibility of units and employees to identify sensitive data in their care and to protect it with special attention to that data’s potential impact and risk.
Going into 2015, UD is poised to further improve its security posture. IT and University executives plan to renew efforts to assist units with identifying and protecting data. Additionally, there will be a new emphasis on the roles of the unit and the individual employee in securing University information.
Although there is a tendency to think of data needs by department, college, or unit, individual employees are ultimately the ones responsible for handling the actual process. UD IT will continue to work with other campus units to educate everyone on better security practices because information security is everyone’s responsibility.
Identity Finder
The University has purchased a license for Identity Finder, software that individual UD faculty and staff can use to scan their computers for Social Security numbers (SSNs) or other Personally Identifiable Information (PII). By default, the UD-configured copies of Identity Finder produce reports of suspected SSNs that individuals can scan to identify files that need to be deleted or encrypted. Directions for using the software on both Windows and Macintosh computers will be available online in early February.
Oracle database security
The Management Information Services (IT-MIS) Database Administration (DBA) group has completed work with IT Network System Services (IT-NSS) to move UD database servers to the new private IP subnet to strengthen the security of the databases and applications that use them. Work still continues on moving all of the PeopleSoft application servers behind a load balancer configuration that allows use of the Web Application Firewall (WAF) that was installed by IT-NSS to monitor and block unauthorized access of data via Web-based internet applications.
The DBA group has also begun beta testing database-level encryption starting with one of the development PeopleSoft databases. At the same time, the DBA group is looking at a more narrowly focused approach to encryption involving specifically identified data such as SSNs and other sensitive record types stored in the database tables.
Networked printers and other devices
The Department of Homeland Security (DHS) scans showed several UD printers had ports 21, 23, 80, and 443 open to the entire Internet. If your unit or college has printers, lab equipment, or other devices directly connected to the Internet, reconfigure them so that these devices are on a 10.2 (private) network. If you need a 10.2 address, contact IP-Registry@udel.edu.
In addition, many of these devices have been added to the network with the vendor-supplied passwords. When connecting any device to the network, change the password to something other than the default password.
Office 365 for Education
Microsoft Office 365 for Education will soon be available on UDeploy to full-time faculty and staff for installation on personally owned computers—at no cost to the UD employee. Each eligible employee will be able to install the package on up to five computers and any number of mobile devices.
This license will supplement the current Microsoft license agreement with UD for Office on University-owned computers and student-owned systems and devices.
Office 365 includes current Microsoft Office applications (Word, Excel, Outlook, etc.), as well as a few additional titles, and is available for Windows, Macintosh OS X, iOS devices, and Android phones.
Expect an announcement in UDaily and to departmental IT professionals within the next month.
Eduroam
UD has been testing the Internet2 Net+ and NSF sponsored eduroam service over the past several months. In essence, eduroam lets visiting scholars log in to their host institution’s network using their “home” email credentials, without first setting up credentials at the host institution. For example, if you are hosting a scholar from a participating institution, she can use eduroam to log in to UDelNet using her institution’s credentials without having to get a UD guest account. Similarly, if you visit a participating institution, you can log in to that institution’s network using your UDelNet email account (e.g., jondroe@udel.edu) and password. Eduroam has posted a map and listing of participating US institutions and a map showing international participants.
If you are visiting or studying at a participating institution, you can use eduroam today. In February, IT plans to announce eduroam support for scholars visiting the UD campus.
HPC Symposium series
IT’s Research Computing group is hosting the High Performance Computing Symposium series—presentation held throughout the year about research being done on UD’s Mills and Farber community clusters. On Jan. 28, the first presentation was delivered by Professor Cristina Archer and the Atmosphere and Energy Research Group regarding the numerous applications of computational fluid dynamics to wind energy.
Registration for the remaining sessions is now open at the Research Computing website. The next session is Feb. 25, at 10 a.m. in Faculty Commons (116 Pearson Hall) with a talk by Professor Tian-Jian (Tom) Hsu about computational fluid dynamic applications and coastal processes. Professor Hsu’s presentation will be followed by an open forum for researchers and IT staff to share information.
If you are interested in presenting at one of the open scheduled dates, please contact it-hpc-interest@udel.edu.
UNIX basics for UD researchers
The IT Research Computing group offered a series of classes on UNIX Basics in January. These courses are designed to introduce the UNIX to researchers and cover a range of topics including an overview of the UNIX operating system, UNIX commands, file management, permissions, I/O, and other utilities. Each session was conducted in a face-to-face environment and exercises were available to practice after each session and were reviewed at the following session.
Materials used for the courses can be found on the UD HPC Wiki Recommended tutorials. Due to the success of the series, IT will host similar courses during the spring term. For updated information about the next series, or to view previous course topics, visit the Research Computing website.
Winter Faculty Institute and ITUE Workshop: Feb. 4-6
The 2015 Winter Faculty Institute and the Institute for Transforming Undergraduate Education (ITUE) Workshop, titled “Experiencing Engaging Education,” will be held Feb. 4-6, offering a program to help UD faculty implement the active learning approaches that best match their teaching styles and subject areas. Registration is now open at the Experiencing Engaging Education website.
Throughout the hands-on, team-based sessions, 24 UD faculty members will model techniques with which they’ve had teaching success. “The February program is a great opportunity for those who teach at the university level to develop their thinking, teaching skills, and courses around an active learning strategy,” said Tony Middlebrooks, associate professor in the School of Public Policy and Administration.
Faculty Commons
Faculty Commons in Pearson Hall 116 has experienced growing success since its grand opening on Nov. 13. The facility’s logo of three overlapping circles represents the three primary components of Faculty Commons: the place, the people, and the programs. The facility contains an open experimental classroom, a welcome bar staffed by teaching support staff, small conference rooms for in-person or online meetings, an innovative self-service recording studio, and an open lounge with informal work areas and coffee.
The programs offered at Faculty Commons include a wide variety of topics, many of which are interdisciplinary and innovative, such as the Experiencing Engaging Education 2015 workshop.
Faculty Commons brings support units together around teaching projects and individual faculty needs. Faculty who use the facility gain the support of partners such as IT Academic Technology Services (IT-ATS), the Center for Teaching and Assessment of Learning, the Institute for Transforming Undergraduate Education, Library Reference and Instruction, Library Multimedia Collections and Services, and many others. These support resources are available at Faculty Commons Mon.-Fri., 8:30 a.m.-4:30 p.m.
Faculty Commons offers a nexus of place, programs, and people—all those who teach and support teaching—that have made it a new destination on campus.
Transformation Grants
University of Delaware faculty members are encouraged to apply for a 2015 Transformation Grant to enhance their teaching and their students’ learning with innovative uses of technology. Information about the two-step proposal process and the pre-proposal submission guidelines is available at the Faculty Commons website. This year’s grant program combines resources from the Center for Teaching and Assessment of Learning and IT-ATS to accommodate funding requests for faculty time, graduate or undergraduate student time, software, and equipment.
Funding will be awarded on a competitive basis for proposals that best fit the goals and criteria for transforming teaching and learning through the innovative use of technology. Successful proposals will test and assess instructional techniques and technologies that have the potential to establish new practices and resources on campus—and beyond.
Applicants are encouraged to think big, add new instructional models that are not currently available, eliminate barriers they have identified in their teaching, and help define the next generation of education and technology.
Classroom technology upgrades
The IT University Media Services (IT-UMS) Classroom Technology unit completed upgrades to 102, 103, 104, and 109 Colburn Lab. IT-UMS replaced old equipment with digital HD projectors, document cameras, and Blu-ray DVD players. Second generation classroom capture units were also part of the upgrades. Each room had had older analog projectors, overheads, and VHS/DVD players that are being phased-out campus wide.
More faculty members have been requesting document cameras in their classrooms. Beginning with the 2015 spring semester, Memorial Hall will be the latest classroom building to have a digital document camera in every classroom.
ChartField string “CFS Widget” Implementation
In order to improve the consistency of the ChartField String (a set of PeopleSoft ChartFields that define and identify financial transactions) used by UD applications to collect funding information, a new centralized method of displaying, validating, and storing ChartField Strings (CFS) across all of our forms is being implemented.
IT-WD developed the “CFS Widget” working very closely with General Accounting (GA) to enforce validation rules that GA provided. The CFS widget is gradually being rolled out across all forms and applications. Currently, this new method is deployed in our Request for Service-Motor Pool Web Form. The following Web Forms are in the final stages of testing or client sign-off and will be migrated to production in the coming weeks: Journal Voucher, Request for Service-University Media Services, Request for Service-IT Software Licenses, Request for Service-Academic Technology Services, and Consultant Disclosure.
There are many key enhancements with this method:
- It is mobile-friendly.
- It automatically suggests valid values as you type.
- It allows users to look up values by either the code or the description using auto suggestions.
- Its extensive, real-time validation will provide better, more-nuanced feedback to users about the validity of the information that they are entering.
- It allows for the customization for several key clients, such as Facilities and Procurement.
The old approach required each online form or Web application that required a CFS to be independently responsible for validating the correctness of each ChartField within the CFS, as well as verifying that the ChartField combination was valid.
Additional deployments will be released throughout the coming year as forms and applications are re-coded to incorporate the CFS Widget.
UDataGlance enhancements
During the past several months, the GA and the Research Office have been working in collaboration with IT-WD to implement several administrative and user-requested enhancements to UDataGlance.
- Purpose Code Comments Field: The Purpose Code Comments field was added to allow authorized users to include comments related to a specific purpose code. These comments enhance capturing of information that all viewers and approvers of a particular purpose code might find useful. Contact General Accounting at (302) 831-2175 or general-accounting@udel.edu for questions on this new field.
- Uniform Guidance Information: As of Dec. 26, new federal guidance for grants and cooperative agreements took effect. As some projects operate under the old guidance and some under the new, information was added to UDataGlance to inform users of which guidance a particular project operates under. Each federal or federal flow-through project will specify either “Subject to OMB Circulars for Higher Education guidance” for old guidance or “Subject to 2CFR 200–Uniform Guidance.” For questions, contact the Research Office at (302) 831-2136.
- Display of Multiple F&A Rates per Project: UDataGlance now displays all F&A rates for those projects that have multiple rates during the project period. Clicking on the hyperlink for “Show F&A Rates” in the Financial Summary, Proposal Data, or Award Data tabs will open a display box of effective-dated, funded, F&A rates for that project. For questions, contact the Research Office at (302) 831-2136.
Financial Systems updates
- This fall, IT-MIS did a bundles upgrade on UD’s financial backbone, bringing us up from Bundle 28 to Bundles 29-31. This upgrade brings the financial systems up to all but the very latest, just released (and not proven), bundle, and keeps us in line for Oracle maintenance.
- Financial systems were moved behind a new firewall to keep UD data more secure.
- An automated input of FedEx charges for Auxiliary Services was put into place this fall as one more automation of Auxiliary Services charges.
- The Procurement Office noted that 1099 reporting to the IRS was complicated by multiple vendor_ids that needed to be consolidated under one tax-id number. IT-MIS and Procurement developed a procedure to consolidate the data, and implemented it this December. At the same time, the annual Federal rule changes were put into place, thereby saving several days of adjustments for the Procurement Office staff.
- IT-MIS and IT-WD worked to streamline the processing of new vendors for Procurement. In the new process, a new vendor files its own W-9 form, and Procurement harvests the form and loads the vendor after it is approved. The new process saves time and improves accuracy.
- A “bolt-on” table was created and guarded in PeopleSoft to allow one of the data owners of a purpose to add a comment about that purpose via the UDataGlance application.
- The November bundle upgrade of Oracle financial systems fixed a bug in Accounts Payable’s Payment Inquiry for overflow payments. IT-MIS updated past overflow payments and escheated payments to bring them back into line with the fix.
- IT-MIS instituted a new process: UD now has a monthly discrepancy report for UD General Ledger and Grants Project Costing between a selected fiscal year and accounting period.
Sabbatical Leave Request Web Form improvements
IT-WD worked with the Office of the Provost, the College of Arts and Sciences, and the Department of Psychological and Brain Sciences to improve the faculty Sabbatical Leave Request Web Form. The most significant improvement is that the form checks for previous leave and provides feedback on semesters earned toward the current sabbatical leave request.
New prompts about the time elapsed since a previous sabbatical leave will not stop the form but will inform and enable the form to go forward to chairs and deans who authorize the leave request. Faculty often ask what percent of pay are they eligible for, and “eligible salary %” based on guidelines from the Faculty Handbook was added on the originator view. The percent of pay is then confirmed with the dean’s approval.
The feedback provided on the form should now better assist faculty’s, chairs’, and deans’ understanding of the employment data surrounding the sabbatical leave request.
Diploma Replacement Form
IT-WD partnered with the Registrar’s Office to move the diploma replacement process from paper to the Web. Alumni now have a Diploma Replacement Form that shows all degrees earned at the University of Delaware. The form also uses a convenient credit card payment option that replaces the outdated check payment method. Putting this form online has created a convenient way for alumni all over the world to replace their original diploma or acquire an additional copy, and the Registrar’s Office is able to process the request in a faster, more efficient manner.
Since the process was moved online in October, 38 requests have been submitted; more than half of those requests were from out of state, and two were from international addresses.
Online Course Evaluation improvements
IT-WD has implemented several, enthusiastically received updates to online course evaluations.
Several report formats of student responses have been available to those authorized to view responses. This fall we added the capability for departments to complete the set up on their own. Cross-listed courses are clearly indicated. Further, last class date, student access dates, and instructors appearing on the evaluation are succinctly summarized on pages for department administrators to review. Participation tallies—not student responses—are available while evaluations are in progress so that instructors may interact with students in their classes to increase participation rates.
About 80% of the courses offered at UD use online course evaluations. IT-WD, several administrative departments and three colleges first developed the course evaluations system for use in fall 2001, and adoption has increased steadily over the years. Previously, IT-WD loaded course sections and ran checks for courses, instructors and question set up. Our course evaluations system uses UDSIS data for instructors appearing on the evaluation, students enrolled in the course, and course schedule dates.
Many departments in UD’s seven colleges, Professional and Continuing Studies, the Associates in Arts program, Honors, and the Institute for Global Studies (IGS) use online evaluations. IGS students complete evaluations while they are studying abroad. Some departments have also added questions to collect student assessment that is used for accreditation purposes.
UD Credit Card Services Web Form enhancements
In partnership with Procurement Services, IT-WD enhanced the UD Credit Card Enrollment Request Web Form to improve the business process for requesting credit card services. All UD credit card services, some formerly on separate forms, have been combined into one form. The new form name has been changed to “UD Credit Card Services” to reflect the inclusion of all card services. From this one Web Form, UD staff may now request the following: a new card, replenishment of a declining balance card, updates to existing card(s), cancellation of a card, and access to Works™.
Further benefits include appropriate routing and approvals, and permanent record-keeping in the Web Forms archive. In addition, the form is styled with responsive design, allowing clients to easily use the form on mobile devices, tablets, and desktop computers.
New LMS for HR Training
IT-MIS is working with the Employee Training and Development Unit in HR to implement a new Learning Management System (LMS) for employee training that is expected to go live in the next few weeks. As part of this system implementation, IT is working on a daily extract of users from the PeopleSoft HR System to populate the new LMS.
New IT staff
Alparslan Sari started working in IT-WD as a full-time Applications Programmer I in December. He had been employed as a graduate student in that unit since May. Alp recently graduated from UD and now has Master’s degrees in Bioinformatics, CIS, and Software Engineering. He will work as a Java programmer in the Technical Resource Group on Web applications.
Rob Spotts joined IT-NSS as a Systems Programmer III (MS Security) in January. He comes to IT from the Lerner College of Business & Economics where he was employed as a Computer Support Specialist II for over 20 years. Rob brings to IT-NSS his many years of experience in IT and will focus on the security, system administration, programming, and analysis of the central IT Windows services (Exchange, Sharepoint, Active Directory, IIS, and SQL).
Leroy Amous started working as a Computer Operator I in IT-NSS in December. Leroy comes to the University from a commercial environment having worked in the Comcast Data Center in a variety of positions over the last 13 years. His work primarily involves monitoring the central systems, running the administrative production, and operating peripheral equipment in the Computing Center.
Elise Maxfield, Technical Writer I, joined the IT Communication Group in IT-WD in January. A recent graduate of Ohio State University, Elise worked most recently in OSU’s Computer Science and Engineering department as a Technical Writer. She will collaborate with staff in other IT units to produce client documentation and surveys, publicity for IT-related events, and news about IT at the University.
In February, Tyrone Smith will join IT-NSS as a Systems Programmer IV (Security Analyst). He previously worked in the financial industry as a senior technology engineer implementing enterprise security solutions for 20 years. A welcome addition to the Technical Security group, Tyrone will work to ensure systems and network security for the central IT managed systems and networks.
Retiring IT staff
Dennis Flockerzi, Manager, Network Infrastructure retired in early September after 35 years of service. We appreciate the many years of service he’s given to IT and UD. Thank you and congratulations! Best wishes to the latest IT Retiree.