May 2015 IT Activity Report

Information Security

UD Continues to Improve Information Security

UD Information Technologies (IT) has continued its proactive approach to information and operational security by expanding its services, technological capabilities, and security outreach through several new initiatives. Statistics from these initiatives demonstrate impressive improvement in the University’s response to information security vulnerabilities and preparedness against future exploits.

• UD has partnered with the United States Department of Homeland Security (DHS) to test the security of the University’s IT resources. In response to the DHS scans, which began in November 2014, IT Client Support & Services (IT-CS&S) and IT Network and Systems Services (IT-NSS) have closed at-risk ports at the network border and have collaborated with campus system administrators to upgrade or shut down at-risk systems. Through this combined effort, the University has slashed critical vulnerabilities by 87% (from 283 in November to 38 in May) and high-risk vulnerabilities by 91% (from 1,309 in November to 112 in May), as reported by DHS. IT is working with departmental and college IT staff to address the remaining vulnerabilities. Unit administrators may request detailed DHS reports for systems on departmental and college networks by contacting secadmin@udel.edu.
  
• DHS will also conduct a risk vulnerability assessment (RVA) and penetration test of University systems in June. This comprehensive analysis will empower IT to identify and remediate vulnerabilities not revealed during an external scan, and it will be a valuable tool for helping University units understand their security posture.
  
• IT has begun conducting its own disaster recovery (DR) tests to gauge UD’s incident preparedness. The DR tests analyze the University’s ability to maintain or reestablish its critical systems following significant operational loss. Initial “tabletop” assessments have already been completed to give IT an educated projection of the University’s DR status, and simulations are forthcoming to help the University refine its DR capabilities.
  
• IT has continued conducting internal scans of centrally managed IT resources for files containing Social Security numbers. IT-CS&S and IT-NSS have been collaborating with individual units to either encrypt these files or develop safer ways of storing and managing the information they contain.
  
• IT is also providing security consultations for units seeking to assess and improve their security posture. So far, UD IT has worked with staff in two of UD’s colleges. The next consultation period begins this June. Unit administrators may request a security consultation by contacting secadmin@udel.edu.
  
• IT has dramatically increased firewall protection for the campus community. Next-generation firewalls are in place to protect an increasing number of administrative and academic units. Unit administrators who would like to arrange this advanced firewall protection for their units may do so by contacting secadmin@udel.edu.
  
• On April 9, IT made new DNS servers available that, in addition to translating alphabetic domain names to numeric Internet addresses, also provides firewall protection. The DNS firewall automatically redirects users from potentially dangerous domains to a UD Web page that uses the “teachable moment” to educate users about safe browsing habits. Response to the new DNS firewall from departmental IT professionals has been overwhelmingly positive.
  
• To further reinforce security education, IT has reset Secure UD training for the 2015 calendar year. The training, which was first introduced to the campus community in the spring of 2014, engages users through a modular, self-paced, virtual learning environment that connects the material with UD policies and recommendations.
  
  Approximately 2,000 employees have completed Secure UD training since its introduction. Employees who completed their training prior to the March 12, 2015 reset are encouraged to retake it to refresh their awareness of cyber security principles. To request access to Secure UD training for yourself or for any units you manage, contact secadmin@udel.edu.

Vulnerability remediation, technological protection, and campus education will continue to improve the security of UD’s information assets. DHS and IT tests and scans help the University assemble a more comprehensive picture of the campus’s security posture. This assessment-driven approach to security informs current and upcoming efforts to protect the campus community and the University’s IT resources against ever-present cyber threats.

Identity finder

Identity Finder, a program that will scan your computer drives for personally identifiable information (PII), is available for all UD employees to download from UDeploy. The University defines PII as high-risk, sensitive, and confidential information such as Social Security numbers and health records. Safeguarding PII is imperative: improper disclosure of PII poses a high risk of financial loss to both the University and the individual, and it may also lead to identity theft. It is the responsibility of all employees to identify PII in their care, securely erase unnecessary PII, and properly encrypt PII that must be retained.

Identity Finder will scan your computer for Social Security numbers by default but can be set to include other types of sensitive information. A full scan of a large drive may take several hours, but you can run shorter custom scans of different portions of a drive at different times. Read more about how to scan your devices using Identity Finder and what to do with the results of the report.

Secure disk destruction

It is UD policy that information must be securely erased from a computer or device’s hard disk before that computer or device is disposed of. When completing a UD Equipment Activity Web Form, the department that owns a computer or device that contains digital storage must certify that the information has been securely erased.

UD IT now offers free, secure destruction of computer hard disks—an important step towards reducing the accidental exposure of confidential information. IT has acquired a pair of two-stage disk destruction systems that each includes a degaussing unit, which magnetically erases the contents of a standard 2.5- or 3.5-inch disk, and a hard drive punch that makes the disk platter unusable.

If a UD department or employee has computer disks that need to be securely destroyed, review the IT help page about secure destruction of computer disks or contact the IT Support Center by calling (302) 831-6000 or submitting an online Help Request form.

Running unsupported operating systems is a security vulnerability

It is important that, whenever possible, you use supported versions of software on your computers, tablets, smartphones, and other Internet-capable devices. If you use software for which a vendor does not provide security updates, you could endanger information stored on the computer or device and all associated computer or network accounts.

Windows XP systems and Mac OS X systems older than 10.8 no longer receive security updates from Microsoft or Apple and are not safe to connect directly to the Internet. The University cannot always offer assistance with unsupported software. For example, at some point this summer, the Cisco AnyConnect VPN client will be upgraded to a newer, more secure version that will require Macintosh computers to be running Max OS X 10.8 or later.

For more information, review IT’s Supported Software help file.

UD taxpayers report being caught up in tax fraud seen across the country

About two dozen members of the University community have reported being victimized by “IRS imposter fraud” in which a scammer uses another person’s credentials to file a fraudulent tax return. These cases are part of a much larger nationwide trend to use the IRS system to defraud the government. IT and the Office of Public Safety are investigating the incidents reported by UD employees.

For more information, read this UDaily article published on April 20: “Tax fraud: UD taxpayers report being caught up in tax fraud seen across the country.”

Two factor authentication

The University is beginning to implement two-factor authentication (2FA) to increase the security of access to certain sources of confidential information. 2FA requires you to use two methods of identification to log in to a service—your UDelNet password and a second secret factor which can be delivered to you via one of three methods: a security code sent via SMS text message, generated by a cellphone app, or generated by a separate “keyfob.”

2FA access is available upon request for use with the Cisco AnyConnect VPN client. Several departments are currently helping IT test 2FA access to other UD services. IT hosted a training workshop on May 15 for department heads whose departments are participating in the testing phase of 2FA deployment.

For more information, review the 2FA help file or contact secadmin@udel.edu.

UDSIS: June 20

UDSIS will be updated with the next round of Oracle patches and fixes on Saturday, June 20. The system is expected to be unavailable that day until mid-afternoon.

UD joins eduroam, an international federated network

The University of Delaware has joined over 5,500 educational and research institutions participating in eduroam, an international federated network that provides faculty, researchers, students, and staff at member institutions Internet access at any member institution. UD faculty, staff, and students can use eduroam when visiting or studying at another institution. UD, in turn, can offer eduroam access to visiting researchers, faculty and students.

Eduroam has been available for testing on some parts of the Newark campus since January and has been available as a wireless network option on all UD campuses since mid-April. 

For more information, consult the eduroam help page or contact the IT Support Center.

New Research Computing website

The IT Research Computing Group has launched a redesigned website with improved searchability, navigation, and methods of contact. It was designed to highlight the wide range of services provided by the Research Computing Group: software installation, programming help, training, data management, and high-performance computing.

The website also includes features to help build the campus research computing community. So far, the site includes a research gallery where researchers can promote published work that used the Mills or Farber clusters to process their data, information about upcoming training and HPC Symposium sessions, and a new Research Computing newsletter.

For updates on training sessions, high-performance computing news, and other topics of interest to University researchers subscribe to the Research Computing newsletter.

HPC Symposium Series

In January, IT began hosting the High Performance Computing (HPC) Symposium Series, held on the fourth Wednesday of each UD semester or term. Each symposium session consists of an hour-long presentation followed by an open discussion. Previous discussions have covered topics such as the importance of open-source research and the need for more access to community cluster resources.

The third HPC Symposium will be held on June 24 and will include a presentation by Glen Jenness, a post-doctoral fellow in Professor Dionisios Vlachos’ research group (Chemical Engineering). The presentation will explore the various computational tools employed to help use biomass to generate renewable fuels and value-added chemicals. It will also explore how the tools have helped refine the fundamental understanding and predictive ability of modeling the complex interactions involved in the refining of biomass.

The January and February presentations by Professors Christina Archer, Marine Sciences and Policy, and Tian-Jian (Tom) Hsu, Civil and Environmental Engineering, covered the use of the UD HPC community clusters in their research.

You can register for the June 24 presentation and view a list of upcoming presentations at the IT Research Computing website.

Research Computing workshops

• VSCSE courses
  The Virtual School of Computational Science and Engineering (VSCSE) consists of two multi-day courses held in UD videoconferencing studios, led by faculty and researchers from collaborating universities, supported by on-site UD teaching assistants. The “Supercomputing for Everyone Series: Performance Tuning Summer School” will meet August 17-21 and the “Science Visualization” course will meet August 24-25. Specific class times will be announced early this summer. The courses are open to graduate students, post-docs, faculty, and professionals from academic institutions, government, and industry. IT will waive the $100 course fee for UD participants. Learn more about these courses on the UD VSCSE site. (Registration)
• UNIX Basics
  The IT Research Computing group offered a series of UNIX Basics classes in January and April which covered introductory elements of the UNIX operating system as well as topics pertinent to the use of the HPC clusters: regular expressions, VALET, the grid engine, Matlab, and array jobs. April’s series concluded with a presentation by Joseph Brodie, Marine Science and Policy, and Carly Buxton and Brian Hanson, both from Geological Sciences, on their use of the Mills and Farber community clusters. The materials referenced during these sessions are available in the UD HPC Wiki. If your research group would like to suggest a workshop or schedule a custom roundtable session to address specific issues using the community clusters, contact IT Research Computing staff.

Summer Faculty Institute 2015

Registration is open for the 2015 Summer Faculty Institute, June 1-4. Presenters from UD and other universities will host workshops and presentations on topics related to the five themes selected for this year’s Institute: community engagement, critical thinking, digital humanities, digital storytelling, and engaging difference. Participants from UD will have their registration fee waived; educators from other institutions will be charged a $25 registration fee.

Visit the Summer Faculty Institute website to register and learn more about this event.

Faculty Transformation Grants update

The Center for Teaching and Assessment of Learning (CTAL) and IT Academic Technology Services (IT-ATS) are jointly funding 9 projects as part of the 2015 Transformation Grant program. An investment is being made in a range of innovative teaching projects across campus. All projects are being developed or implemented during the 2015-2016 academic year with a target of completion at the end of spring 2016.

Faculty Commons: six months later

Faculty Commons in 116 Pearson Hall has been open for about six months and has been well received by UD faculty members. The space offers teaching faculty the ability to benefit from efforts of many on-campus departments in one location, including IT-ATS, CTAL, IT-University Media Services (IT-UMS), Morris Library’s Multimedia Collections and Services, Morris Library’s Reference and Instructional Services, and the Institute for Transforming Undergraduate Education (ITUE).

Faculty and others who teach at UD have used the space for “just-in-time help” with teaching-related technology, for events and small meetings with colleagues, and as a home while away from the office. So far, over 75 events have been hosted there, including the Department of English’s “Brown Bag Lunch” series.

Those who teach at UD and have not yet experienced Faculty Commons are encouraged to take advantage of the resource. Drop by 116 Pearson Hall to ask a teaching or technology question, reserve a conference room, grab a coffee, or bring lunch and collaborate with a diverse set of colleagues who share a commitment to teaching.

2014 classroom renovations still bear fruit

Sometimes the true value of a technology project isn't fully realized until the technology has been in service for a period of time. IT-ATS, IT-UMS, and the University Registrar's Office have collaborated on recent projects to transform several University classrooms into more flexible, team-based learning rooms. These classrooms have proven popular with faculty and students alike.

Last month, IT published a UDaily story about English professor Steve Bernhardt’s innovative use of these classrooms (“Flexible classrooms, successful students”). Bernhardt and other faculty report that the renovated classrooms continue to demonstrate enduring value.

For more information about using technology in classrooms, contact IT-UMS at (302) 831-3546. For help conceptualizing how to teach in different classroom configurations, contact Faculty Commons: send email to faculty-commons@udel.edu, stop by 116 Pearson Hall, or call (302) 831-0640.

Blackboard ID system upgraded

IT-Management Information Services (IT-MIS) and IT-Web Development (IT-WD) worked with Facilities and the ID Card Office to implement new interfaces to the upgraded Blackboard ID card system over spring break. The new system impacts all faculty, staff, and students since the ID card system controls access to several facilities on campus (e.g., parking garages, dining halls, Carpenter Sports Building).

In addition, the following business applications were affected by the upgrade:

• Online bill payment
• Student Flex and meal balance view
• Dining
• HealthyU
• Web Forms: Pay charges with UD1 FLEX, transfer money to UD1 FLEX, and Student Leave of Absence and Withdrawal Notification Form.

The upgrade’s key enhancements include the utilization of real-time Web service technology with improved error handling and real-time Flex deposit transactions from online bill payment, which gives students immediate access to their UD Flex funds. IT-WD coordinated these changes with the owners of the applications and with the Facilities team.

DBA Update

Below are highlights of recent activity by the IT-MIS Database Administration (DBA) group.

• Oracle database security – software patches
  The DBA team has completed work with IT-NSS to apply the latest security software patches to the Oracle databases, as well as the operating system software for all of the production and test database servers. This includes PeopleSoft and the Web Forms systems. The Oracle databases are now up-to-date on software patches and will be patched at least twice annually to maintain the systems’ security level.
• Oracle database security – encryption
  The DBA team has also continued testing database-level encryption methods as IT-MIS seeks to find the optimum balance between strong encryption and database performance. The DBA team is also testing encryption methods for the daily database backup files that remain on disk.
• Disaster recovery
  The DBA team has worked with the IT-NSS Technical Security team to form and implement a disaster recovery plan. Several meetings have been held, and IT-NSS and IT-MIS will conduct a mock disaster scenario later this spring.

UDataGlance changed to match new Federal and Federal “Flow-through” guidance

The Federal Office of Management and Budget (OMB) has made a major change to the underlying guidance by which University recipients of Federal and Federal Flow-through awards have operated for decades. The Research Office and IT-WD have collaborated to add descriptive information to UDataGlance, UD's financial reporting system, that allows individuals to easily identify which guidance option applies to their Federal and Federal Flow-through awards.

Guidance information has been added to the Financial Summary tab, the Award budget page, and the Actuals pages in UDataGlance. In all cases, the description appears below the Total FTE Amount information in the 2nd column toward the top of the page.

If you have questions about the guidance information in UDataGlance, please contact your department's Contracts and Grants Specialist.

Improved Journal Voucher Web Form

An improved Journal Voucher (JV) form has been recently released as the result of the collaboration between General Accounting and IT-WD. The new form uses responsive design, allowing it to be used effectively on any device, including smartphones and tablets. It also includes new technology for chartfield value search. The form also incorporates a new method of gathering chartfield information, dubbed the "CFS Component,” which is being implemented widely throughout UD forms and applications. The improved JV form includes enhancements requested by campus clients, such as descriptions of all selected chartfields, ability to move lines within the form, and multiple attachments.

The General Accounting office welcomes any feedback from the community as part of its ongoing commitment to improving the JV process. Feedback may be emailed to general-accounting@udel.edu.

Request for Taxpayer Identification form moved online

IT-WD partnered with Procurement Services to move the Request for Taxpayer Identification (Substitute W-9) from paper to the Web. With the help of IT-MIS, the online form updates PeopleSoft Financials in over 300 locations when Procurement approves a form. The online form allows Procurement Services to process the information more efficiently, providing a significant enhancement over processing paper forms. By eliminating the tracking of paper forms and manual data entry, the new form also improves the security of the process. The online form has been well received by businesses as a convenient way to ensure that their information is accurately recorded in the University of Delaware’s vendor database. In addition, the form is styled with responsive design, allowing easy use on tablets and mobile devices.

Registration improvements

In partnership with the Registrar’s Office, IT-WD has released a new version of WebReg, the University’s custom course registration system. Multiple improvements were made to the internal architecture to provide big boosts in speed while also adding new features and improving security. The addition of a deli-style waiting queue for students registering during periods of heavy load has drastically improved the responsiveness and stability of the application. It also better manages student expectations for wait times, if any. The user interface also was upgraded to a new mobile-friendly framework with improvements to the calendar view. Students are now able to see important term dates and scheduled holidays and can toggle between a weekly and daily view in the new calendar. Several advisors and students provided positive feedback to the Registrar on their registration experiences using the new WebReg application.

New Performance Planning and Appraisal system

In partnership with the Office of Human Resources, IT-WD released a re-engineered version of the Employee Planning & Appraisal system. Noteworthy features of the improved system include the following:

• Improved security and architecture
• A responsive design that facilitates work on tablets
• Improved text editing and copy and paste from Microsoft Word
• Customizable appraisal questions for specific employee groups such as Resident Assistants
• Automatic addition of mid-year review notes and goal changes to an employee’s annual appraisal.

Financials update

Here are some of the activity highlights for the IT-MIS Financial Systems group.

• PeopleSoft financials application Bundle 32 and Bundle 33 were applied to the development and testing environments in the early spring, and applied to the production environment on May 9.
• A new process was created to obligate facilities and administration costs associated with research grants.
• Processing the positive payment file (sent to banks to confirm payments made to vendors and individuals) was moved to a new UNIX server. Reconciling the positive payment file allows banks to spot instances of check fraud. This change was part of a larger project to move the Accounts Payable processing still done on an older NT server to the new server.
• A row-level security bolt-on was created for Accounts Receivable to allow a controlled input of deposits to certain permitted vendor bank accounts.
• IT-MIS created a new Federal 1099 report that consolidates reporting when multiple Accounts Payable vendors point to the same tax ID.
• Parts of the Graduate Studies contract process were streamlined, thereby saving their staff significant analysis time.

South African artist plays on UD Carillon system

As part of the University's "Celebration of South Africa" in April, IT-UMS recorded and coordinated the playback of visiting artist Garth Erasmus' music over the UD Carillon system. A resident of South Africa, Erasmus builds his own unique instruments, which provide a range of musical notes that had to be equalized in order to be properly replicated on the carillon system. The weeklong playback was a precursor to a month-long session in the fall.

Campus Chatter

On March 20 and 21, Master Players Concert Series' “Campus Chatter: A Campus Climate Diversity Project” was performed in Mitchell Hall. IT-UMS provided technical support for the production including lighting design and implementation, audio reinforcement, staging, and projection for the musical. “Campus Chatter” brought together a broad and diverse array of University of Delaware community members in which Media Services provided six staff members and over 150 labor hours to help pull this production together.

Desktop security training

IT-CS&S sponsored a half-day desktop security training seminar on February 26 which was attended by approximately 75 IT professionals from units across campus. Presentations and discussions were led by experts from central IT and several UD colleges and units. Topics ranged from Kace desktop management to DHS scans and UD security policies. A series of a dozen follow-up sessions began in March and will continue through the summer. Each of the sessions is an hour-long exploration of practices that departments and colleges can implement to make individual computers and the information stored on them more secure.

Secure UD training reset

Last spring, the University launched the Secure UD Training program to help educate all University employees that “You are a target. Information security is everyone’s responsibility.” On March 12, IT-NSS reset the training so that University employees could access updated training modules. The program will be reset every March so that updated training is available annually. Staying current with information security issues will help faculty and staff protect University and confidential information in their care. Therefore, all University of Delaware employees are encouraged to complete this video training on an annual basis.

If you have not yet reviewed the training modules or haven’t reviewed the training since March 12, do so now: Secure UD Training.

ConnectingU replaces the LearnIT calendar

In March, the Office of Human Resources launched a centralized system to provide learning opportunities for faculty and staff. The new system, ConnectingU, makes it easier to find and track what training and workshops faculty and staff have completed. In addition, online resources such as UD audio and video recordings and documentation are being consolidated on this platform. For the many departments that offer learning opportunities, ConnectingU will help reach more employees through targeted curriculum delivered in the classroom, online, or via blended solutions.

New IT staff

Alex Lindstrom (Arts & Sciences, ’14) joined the IT Security Policy & Compliance Group (IT-NSS) as a Technical Writer I in April. While a student, he started working in IT as an intern in the IT Communication Group in IT-WD. After graduation, he was employed part-time as a technical writer for the security group prior to accepting this full-time position. Alex's primary responsibilities are to research, analyze, develop, and publish Information Security Risk Management policy, standards, guidelines and procedures and develop materials for security program documentation, training, and awareness campaigns.

Retiring IT staff

Thank you to these IT retirees for their many years of service to IT and UD:

• Linda LaRue, Classroom Technology Technician II, IT-UMS, who retired in May after 35 years of service.
• Suzanne Nanis, Sr. Technical Writer, IT-WD, who retired in March after 24 years of service.