Two-Factor authentication

Account security can be enhanced with 2-factor authentication.

 

Why would I want to use 2-factor authentication?

If you use the same password for many of your accounts, your credentials are probably published on the dark web.   Several years ago, I was approached by a questionable vendor that provided me with many of your passwords.   I alerted campus when this occurred. My password was included on the list.

Lessons learned:

Use a different password for each of your accounts.

Change your password frequently.  (https://wou.edu/accountlookup)

Use a long password.

Utilize 2-factor authentication when it is available.

2-factor authentication provides an extra layer of security.  After you successfully enter your userid and password, the system will ask you for some type of token.  Google Authenticator is a great place to get your token.  You can run Google Authenticator on your iPhone or Android device, providing you the token.  New tokens are produced every 30 seconds.

Google Authenticator can be found here:

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en

https://itunes.apple.com/us/app/google-authenticator/id388497605?mt=8

Amazon, Amazon AWS and Google all provide support for 2-factor authentication.  That means you can turn on 2-factor authentication for all your Google Apps.

Google help can be found here:

https://support.google.com/accounts/answer/185839?hl=en

Amazon help can be found here:

https://www.amazon.com/gp/help/customer/display.html?nodeId=201962420

 

 

Phishing and other e-mail traps

Always view e-mail suspiciously!

 

E-mail security infrastructure  (On-campus and off-campus)

  • Every day, the WOU anti-virus, anti-spam filter stops 200,000+ e-mails from being delivered  (true for both on-campus and off-campus viewing of e-mail)
  • When the WOU intrusion protection system detects “Ransom-ware”, it sends a note to the border firewall and tells it to no longer allow the “Ransom-ware” intruder onto the campus network, thus protecting your computer.
    • The one case of “Ransom-ware” that was not stopped by the IPS this year, encrypted the users local computer and 70,000 files on his departmental drive.
    • We had snapshots of all the files on the departmental drive and were able to recover the encrypted files.
  • When reading your e-mail outside of WOU, if you were to click on a bad link that connects you to “Ransom-ware”, you are no longer under the protection of the IPS.
    • A member of the local Monmouth community was asked to pay $1,000 to un-encrypt his files after being hit by “Ransom-ware”.
  • Another common scheme is to ask you do perform some task, posing as someone you know and trust.

Recommendations:

  • Don’t click on URLs before you know where they will lead.
    • Shortened URLs can be dangerous  http://goo.gl/fPKDds
      • unshorten.it can be used to expand a shortened URL, also providing the site’s trustworthiness
      • Best practice is to:
        • Hover over the link and verify the link is legitimate OR
        • Type the link in manually
        • Never click on the link, the URL that is displayed, may not be the underlying URL
    • Watch for slight differences in URLs  (ex:  www_wou.edu instead of www.wou.edu
  • UCS will not ask you for your password or SSN in an e-mail
  • When in doubt about the source of an e-mail, full headers will provide you further data in regards to the legitimacy of the e-mail  (partial headers)
    • To display full headers:
      • Google mail: open message, select the icon that provides you with the option to reply-all.  Select “Show original”
      • Thunderbird:  open message, select view, select headers, select all
      • Outlook:  open message, select tags. The Message Options dialog box is displayed. The internet headers are shown in the Internet headers field at the bottom of the dialog box.

Additional references:

Virtual Desktop Infrastructure — (VDI)

What is VDI?

  • Virtual desktop infrastructure (VDI) is a collection of desktop operating systems, hosted on a collection of virtualized servers.

What does the VDI infrastructure look like?

  • There is a collection of 400 virtualized Windows 7 desktops ready to be accessed
  • Current utilization is 100 – 130 concurrent users
  • If desktop utilization becomes greater than 350, then 25 additional Windows 7 desktops are automatically built, giving us 425.  This will be repeated as concurrent user demand increases.  Build time for the 25 additional desktops is 15 – 20 minutes
  • When you logout of a desktop, the image is destroyed and rebuilt from the golden image  (no more virus worries!)
  • There are 7 virtual servers dedicated to VDI.
  • VDI runs on Solid State Drives
  • VDI is load balanced across two gateways
  • VDI servers are located, both in the Data Center and DeVolder

How can VDI be accessed?

  • At various locations on campus, including the Hamersly Library, Wyse terminals are directly connected to VDI.
  • IMG_0217
  • VDI can be acessed with a web browser
    • https://wouvdi.wou.edu
      • Select the icon on the right side of the screen labeled, VMware Horizon HTML Access
      • Use your Pawprint login credentials to authenticate
      • Select the “Lab Stations” icon to connect to Windows 7

Will I have access to my network drives?

  • Yes, H:, I:, J:, P:, etc are all accessible

What software is available on the Windows 7 virtual desktop?

  • Microsoft Office Suite, Chrome, Internet Explorer, Firefox
  • ArcGIS, BlueJ, eclipse, Fathom, Foxit Reader,Geo Gebra
  • GS View, Ghostscript, Green Globs, Escape!, GSP
  • SPSS,Kinovea, LEGO Mindstorms, Maple, MatLab, TeXworks
  • Printkey, Python, QuickBooks, QuickTime, RealNetworks Suite
  • Subversion, VLC,  WinDirStat, WinEdit, WinRAR

Additional Functionality?

  • Select the down arrow in the top middle of the screen.
    • This will display a down arrow.  Select the down arrow to display menu options
      • Options include
        • Send control-alt-delete message to Windows
        • Toggle to full screen
        • Paste text
        • Disconnect
        • Help
  • Transfer data to and from USB drive attached to local computer
    • Install VMware Horizon Client on your local computer  (an alternative to the web client
    • Select Connection, then USB from the VMware Horizon Client menu
      • Select Automatically connect when inserted (you will now be able to copy files to / from networks drives from / to local USB storage

 

 

WordPress — Summer Resources

Danielle Gauntz, Web Desinger, had her baby daughter on July 3, 2015.  She will be back, providing full time web support on September 8, 2015.  Her tentative plans include working 10 hours per week, starting July 20,

Shandelle Pepper is the technician providing Word Press support through December.  Don’t hesitate to give her a call.  She is glad to meet with you one-on-one or as a group. Her contact information is:

  • e-mail  peppers@wou.edu
  • phone 503-838-8493

WordPress resources can be found here.

 

 

The Demise of Windows XP

Windows XP support has ended, as of April 8, 2014.  Microsoft suggest that you are five times more vulnerable to security risks and viruses, which means you could get hacked and have your personal information stolen, if you continue to run Windows XP.

By default, Windows XP computers will be blocked from operating on the WOU network, after July 1, 2015.  If you have a critical need that requires Windows XP, please send me a note and I will design an alternative operating path for you.

If you don’t know which operating system you are using, contact the Service Request Desk at 88925 and they will help you identify the OS.

 

 

Security Cameras

  • Deployment of cameras began approximately twelve years ago
  • Currently 170 cameras installed
  • Located in smart classrooms, computer labs, parking lots, building entrances, ball fields, …
  • Cameras record on motion, no sound is recorded
  • Recordings are stored 7 – 10 days
  • The newer cameras are HD 5 megapixel cameras
  • Review of camera footage is most often done after a theft or damage to property, but includes inclement weather, construction progress, classroom support, …
  • Three UCS employees and Public Safety can directly access video recordings

Wireless Infrastructure

Utilization

Rogues and Interferers

802.11 a/b/g/n/ac

  • Example wireless statistics for MacBook Air
  • 802.11 a/b/g/n are available in all WOU wireless locations
  • 802.11 ac deployment was begun in new locations in December 2014.
  • To take advantage of the higher speeds available with 802.11 n/ac, multiple antennas are required.  This is referred to as MIMO (multiple input, multiple output)
  • Frequency
    • 802.11 b/g/n — 2.4Ghz
    • 802.11 a/n/ac — 5.0Ghz
  • Channels
    • 802.11 b/g/n
      • Available channels include 1 – 11
      • The effective channels include — 1, 6, 11.  Utilizing other channels in the 2.4Ghz range will cause interference to the channels on either side.
    • 802.11 a/n/ac — The effective channels include — 36, 40, 44, 48, 52, 56, 60, 64,100, 104, 108, 112, 116, 132, 136, 140, 149, 153, 157, 161, 165
  • Speed — theoretical
    • Wireless is a shared resource.  Each user shares the bandwidth with every other user using an access point.  If there is a slow user connected to an access point, that slows down access for every other user.
  • 802.11 n — 300Mb/s — 100Mb/s per antenna  (MIMO)
  • 802.11 ac — 1.3Gb/s — 400Mb/s per antenna (MIMO) on 5Ghz
  • 802.11 ac — 450Mb/s — on 2.4Ghz
  • 802.11 a — 54Mb/s
  • 802.11 b — 11Mb/s
  • 802.11 g — 54Mb/s
  • Year developed
    • 802.11 b — 1999
    • 802.11 a — 1999
    • 802.11 g — 2002
    • 802.11 n — 2009
    • 802.11 ac — approved January 2014

Security Infrastructure

Phase 1

Phase 2

 

Network Outage

Summary:

The core WOU network router pair failed to pass traffic beginning at 9:30am on January 14, 2015.  Partial network throughput was restored at 12:40pm and a full recovery occured at 9:00pm January 14, 2015.

Timeline:

  • Campus network outage began at approximately 9:30am on January 14, 2015
  • UCS responded immediately and went into diagnostic mode
  • Cisco TAC support was engaged at 10:30am
  • High CPU utilization was identified as an issue on the core campus router pair at 11:00am
  • Call placed to local Cisco representative for additional support at 11:30
  • Call placed to NERO (the WOU ISP) engineer at 12:30
  • NERO diagnostics led to finding a server that was identified as pushing an excessive amount of ARP request to the router.  The server was removed from the network at 12:40pm
  • Several networks were pulled out from behind the firewall, allowing network traffic to flow again
  • CPU utilization went from 99% to 86% after server was removed from the network
  • About 12:50 the CPU utilization had climbed back to 99% even though the server had not been reconnected to the network
  • Additional Cisco support provided about 1:00pm — at this point we had three Cisco engineers on the phone and connected to our router pair via a Webex call.
  • By late afternoon, I requested additional on-site support from Mt. States Networking.
  • A Mt. States engineer was on site by 6:00pm
  • At ~8:15pm, the router netflow process was identified as a culprit in the high CPU utilization.  After the netflows were removed, the CPU utilization fell from 99% to 23%
  • All networks were moved behind the firewall and traffic continued to flow properly.
  • The suspect host that was removed in the morning was returned to service and the CPU utilization on the router immediately climbed to 99%
  • The suspect host was removed

Forensics:

  • February 15, 2015
    • Our unix systems administrator has been reviewing the suspect servers logs and discovered the server had been compromised.  This server is running openstack OS.
    • We know that whoever compromised the server did not gain direct access to it via ssh or telnet
    • Forensics work continues…

Moodle Updates

Moodle development continues in an effort to provide 99.999% up-time and good page load-times.  Current up-time is 99.967%.  Page load times are good, except during large “Course Development” events.

Recent changes:

  • Added additional “Course Development” servers
  • When a server reaches a high enough load to render the web-page unusable, a restart script will automatically be executed on the high load server

Current design:

  • Whether you enter Moodle through a “Course Participation” link or a “Course Development” link, you are accessing centralized data that is shared by all web servers.
  • The current entry point for “Course Participation” is https://moodle.wou.edu
    • One of five Moodle web-servers will respond to https://moodle.wou.edu
      • The algorithm used for selecting which of the five servers will be selected for the current requester, is “least load”.
  • The current entry points for “Course Development” is http://dep-web.wou.edu http://faculty-moodle.wou.edu and http://video-moodle.wou.edu
    • Course Development” is separated from “Course Participation” in order to provide a more consistent user experience for the students.  “Course Development“, tends to have a high load impact on the web-server being used for development.

MoodleCluster

Next iteration:

Moodle access will include the following changes, as represented by the graphic below.

  • Course Participation” remains unchanged
  • The three access points for “Course Development“, will be consolidated into a single link, https://coursedev.wou.edu
    • This change will balance the load across all three “Course Development” servers
    • All three servers, dep-web.wou.edu, faculty-moodle.wou.edu and video-moodle.wou.edu will respond to the URL https://coursedev.wou.edu
      • The algorithm used for selecting which of the three servers will be utilized by the current requester, is “least load”.
    • The three old URLs will continue to function, but will re-direct to https://coursedev.wou.edu

MoodleCluster2

 

One month load average as of 11/25/2014