Recently in Informational Category

The mail system will be upgraded. (date yet to be determined). During the transition from old to new, the old system will be shut down. It will take from 5:00pm Friday until 5:00pm Sunday to copy the mail from the old mail store to the new mail store. During the copy process, the new mail system will be available to you at http://www.wou.edu/webmail New incoming mail will be delivered only to the new mail system after Friday at 5:00pm. When the copy is completed, your old mail will be available in the old system and the new system.

Please direct support request to the Service Request Desk at 88925

Lab computers will be upgraded to Office 2007 by the start off Fall term 2009. Faculty are given the opportunity to upgrade when their computer is replaced. Faculty with older computers will be done on request. Staff computers are done at the discretion of the departmental manager. Those that wish to upgrade and do not have a new computer, will need to purchase a new copy if there is not a valid upgrade license in place for their computer. Tricia Flaherty (flahert@wou.edu) will be able to help you with licensing.

Over the summer we have been testing a much needed upgrade to our e-mail / calendar system. The current system is about 2 years out of date. As migration strategies are finalized, I will post updates to this blog entry.

The Student Technology Committee voted to fund four digital signage packages on campus. You will see them begin to appear during the early weeks of Fall term. They will be located in APSC Admissions level, Administration Building first floor, WUC Monmouth avenue entrance and Hamersly Library first floor. In addition there will be one each in Natural Science lobby and UCS service request desk. Public Safety is identifying additional locations. Staff in each of these locations will provide the content for their area, through a web-based interface. A video overview of digital signage can be found here.

The e-mail store had grown to 2 terabyte of disk space. The e-mail system was running low on available space. After an analysis of how the disk space was being utilized, it was determined that 500 megabyte of space was used by data within the Trash folders. There is now a utility that continuously runs and automatically purges mail from the Trash folders that is greater than 60 days old. Purging your trash on a regular basis will free up additional disk resources.

Teresa Hutchinson has taken on additional duties, including supervision of the Service Request Desk and the Student Computer Labs. Please direct any computer lab software or hardware request to Teresa. She will continue to manage Telecommunications. Joan Guralnick's position will not be replaced.

Nathan Sauer and Paul Lambert are currently in the low voltage electrical apprenticeship program. They have taken on Telecommunications duties in addition to their current duties. Ken Sauer's position will not be replaced.

Additional network border security implemented 2008/2009

• Intrusion Prevention System


• MARS -- Monitoring, Analysis, and Response System


• Firewalls


• NAC (Network Access Control)


• Wireless LAN Controllers

OSU will be developing a Student Information System data warehouse for WOU over the next several months.

Phase I will focus on SIS data and include some Institutional Resource data. Phase I production will be available by Fall 2009. Phase II will include data from sources other than Banner, including Financial Aid, COE database, Housing, etc. Throughout each phase, the data brought into the new model development will be able to be integrated with existing FIS and HRIS model data using the BI Query software. Additional support in integrating data is available throughout the process from the WIT team.

The 5th-site team will provide development and on-going training opportunities at no additional cost to WOU.

Joy Bautz will meet with small groups of WOU staff. Members include:
Mike Huber, Nancy France, Linda Stonecipher, Michael Soukup, Josh Lind, Stan Little, Michael Ellis, Darin Silbernagel, Rob Findtner, Faye Whitenack, Judy Vanderburg, Eric Snow, Michele VanDeusen, Eric Borst, Ryan West, Dorothy Hendrickson, David McDonald, Chris Kampton, Bruce Vickers, Kathy Hill, Tamie Saffell, Ella Taylor, Tiffany Smith, Hilda Rosselli, Peggy Pedersen, JoNan LeRoy

• Carla Simonson, the WIT (Warehouse Integration and Training) team manager, will lead the warehouse design. Joy Bautz on the WIT team is the primary model developer.


• Connie Atchley, the 5th-site programming manager, will lead the programming effort.
  Jeremy Hickerson and Issam Rifai will be the programmers.

• Paper SIR process continues to be available

• Smith Hall 121 - remodeled


• HL 107


• HSS 108


• TODD 347


• NS 123


• ED 240


• MH 109, 114, 115


• MOD 102, 103, 107


• OMA 101, 102, 103


• NS 006

• APSC 212 (1)


• NS 101 -- remodel -- Steve Taylor (3)


• NS 017 -- Jeff Templeton (2)


• WUC Columbia Room -- Jon Tucker (5b)


• HL 108 (5)


• HSS 112 (after building remodel completion)


• TODD 349 (4)


• NS 115 -- Arlene Courtney (7)


• NS 004 -- Mike Lemaster (6)


• ED 116 (during room remodel)
  

Sophos e-mail gateway is currently in an upgrade state. Full functionality is estimated to be completed by December 5, 2008.

This is the same vendor we have used in the past, but with a complete re-write.

Functionality includes:
--blocking e-mail from known spam / virus providers
--blocking e-mail to unknown recipients
--assigning probability scales to possible spam content, then taking appropriate action
--blocking viruses
--provides links to information on viruses that have been blocked
--provides inbound / outbound protection
--the rule-set database will be updated within 5-20 minutes of outbreaks

Users will be able to release their own quarantined messages when we are finished with the installation. They will also be able to manage their own black-list / white-list

More information to follow.

Faculty / Staff Network Fees
Wired only connection $12 / month
Wireless only connection $17 / month
Wired and Wireless connection $17 / month

Student Wireless Fees
Wireless $5 / term

Notes
incremental cost of wireless over wired is $5 / month
STFC pay for all but $5 / term of the students wireless fee
wireless is currently not secure (1-Dec-2008)
WPA2 security will be available by January 2, 2009
-- data will be encrypted from the client, through the access point, to the wireless lan controller
no capacity issues starting January 2, 2009

SSID's available by January 2, 2009
-- wou-secure --- WPA2 security
-- wou-guest --- free one day pass available from SRD and WUC
-- wou-phone --- hand-held ip-telephony devices

WOU recently purchased 3n InstaCom Campus Alert system. PSU purchased this product several months ago and has successfully implemented the product. They have willingly shared implementation documentation with us. Thanks PSU!

During an emergency broadcast, the system tries to contact individuals until either the individual confirms receipt of the message or until the number of broadcast cycles has been met or the broadcast duration is over. When a user confirms delivery, the system suspends sending further notification to that individual.

Delivery order is randomized as a result of each of you defining your delivery method order. Within the next several weeks, training and system configuration will be completed. At that point you will receive an e-mail sent out by the 3n system asking you to register your preferences. The e-mail will have Jay Carey's name in the from field of the e-mail. At any time, you will be able to modify your contact information and priority.

Additional information will be available soon here.

The three thin-client labs on campus reduces energy costs. They are located in ITC001, ITC310 and WUC.

Green is good, and ultra-low power consumption is really good

The typical power consumption of a Sun Ray 2 client is an astonishing 4 watts. Compare this to PCs, which operate on 80 watts or more. Even most other thin clients suck down 20 watts or more. By installing a thousand desktops with Sun Ray clients instead of PCs, you go from 80kW to 4kW in the green savings direction. A quick look at your hourly cost per kilowatt (kWh) can give you an idea of just how much Sun Ray clients can save you over PCs.
Run silent, run cheap

At just 4 watts of typical power consumption, the Sun Ray 2 client doesn't produce as much heat or require the noisy fan of a PC. It's silent. And, it runs cooler, which improves reliability.

Summer 2008, UCS will be installing equipment into 7 labs / smart-classrooms in the new Math Nursing Building. Other smart-classrooms will follow starting winter / spring breaks 2008/2009. They include HL107, ED116-117, HSS108, TODD347 and NS123.

In order to provide maximum security, reliability and performance we will utilize a monthly maintenance window from 11pm - 7am. I propose the first Thursday of each month beginning January 2008. I am looking for feedback.

Users should expect that all computing / network services will be unavailable during the maintenance window.

The Student Technology Fee Committee approved the expenditure of $70,000 in funds towards installing smart-classrooms in the new Math classrooms in the old Oregon Police Academy building. The funds will be a result of additional fees gathered because of the strong enrollment numbers this year.

----------------------------------------------------

The Astra Schedule project is currently in the implementation phase. It is scheduled to be place in production on January 20, 2008. A team of four will be attending training in mid-January. Mike Ross is the project lead.

-----------------------------------------------------

There are currently two positions open in UCS. One is a Lead Windows Administrator and the other is a Desktop Support Analyst. Advertisement began last week. We hope to have both of these positions filled by the middle of January. The Computer Science Department is funding the Desktop Support Analyst position and 1/2 of the Lead Windows Administrator position. Thank you Computer Science!!

--------------------------------------------------------

The new computer Language Lab located in MOD 104 is scheduled to be completed by the end of January. The lab will support the Macintosh and Windows operating systems. Each station will include audio and video support. There is a minimal equipped instructor's station.

--------------------------------------------------------

On November 1, 2007, Telecommunications joined our department. We welcome Teresa Bybee, Ken Sauer and Bill Nicks. Teresa is located in ITC009, while Ken and Bill maintain their old offices in the basement of the Administration Building.

---------------------------------------------------------

50% more horsepower is scheduled to be added to the terminal server farm by the start of winter term. The terminal servers were fully utilized during fall term.

----------------------------------------------------------

Computers with inventory stickers whose numbers begin with 2002 are due for replacement this year, and all such replacements should be completed by May. In May, if you have not received your new computer, please inform UCS.

----------------------------------------------------------

The BANNER consolidation over Thanksgiving break was very successful; WOU was the first four institutions to consolidate BANNER. Users should notice increased performance. Bill thanked his team for giving up a portion or all of their respective holiday breaks, often into the early morning hours. From WOU, Bill specifically noted the contributions of Faye Whitenack, Michelle Van Deusen, Bruce Vickers, Dorothy Hendrickson, Brian Wendler, Michael Soukup, and Darin Silbernagel, and from OUS the project manager was Connie Ashley, the lead programmer Jeremy Hickerson, and Jim Rouff the DBA If you had access to both Student Web and HR, your Student Web password will now be your only password, as HR and Finance was moved into the Student Web database.

-------------------------------------------------------------

The Mac-minis running both Windows and OS/X have and issue with the Windows VGA video driver. The side effect was a frozen screen on Windows startup. An update to the faulty driver is being installed over the winter break in MOD104, NS116 and NS004.

-------------------------------------------------------------

Smart classroom equipment will be installed in NS 125 during winter break. This will complete the list of installations for the 2007/2008 academic year as recommended by the Academic Information Committee.

--------------------------------------------------------------

-------------------------------------------------------------

Last spring the Student Technology Fee Committee approved a budget that included creating five additional smart-classrooms. The following rooms have been completed:
-- Education 217, HSS 111, Natural Science 116, Natural Science 202.
-- Natural Science 125 will be completed over winter break.

There were year-end General Fund dollars available at the end of last academic year. The following projects were funded as a result of these funds:
-- 12 new Mac-minis with dual boot capabilities were installed in Natural Science 004
-- A 26 station language lab is under construction in MOD 104. Completion date January 2, 2008
-- A flat-panel monitor with video input console installed in Hamersly Library 116.
-- A projector and screen with video input console will be installed in Hamersly Library 205. Completion date: winter term.
-- A flat-panel monitor with video input console will be installed in Hamersly Library 301. Completion date: winter term.

Please comment on this DRAFT Information Security Policy

---------- DRAFT -- DRAFT -- DRAFT -- DRAFT -----------------------

OUS Information Security Policies – DRAFT 9

Executive Summary

• OUS has a responsibility to protect its Information Assets, business processes, and follow appropriate laws and regulation relating to information security.
• OUS will meet its obligations by each member institution implementing an ongoing information security program.
• Each Institution’s CIO will have responsibility for institution’s program and will assign Chief Information Security Officer (CISO) duties to appropriate group or person.
• Each Institution’s CISO or equivalent will be responsible for planning, monitoring, and reporting on the information security program.
• Each Institution will create Information Systems Policies that cover at a minimum: Classification Standards that at least identify essential and highly sensitive data, processes, and systems; security baselines commensurate with classification; and labeling and handling standards for highly sensitive data, processes, and systems.
• Each Institution will create Personal Information and User Policies that cover at a minimum: Securing Personally Identifiable Information; Acceptable Use of Computing Resources; and employee polices for security-sensitive personnel.
• Each Institution will create Security Operations policies that cover at a minimum: a notification and escalation plan for breaches of personally identifiable information, a risk assessment program; and an incident response plan.
• Each Institution will create Network and Telecommunications Policies which at a minimum ensure that highly sensitive information assets are in a secured zone on the network and are not transmitted outside of secured zones in clear text.
• Each Institution will establish physical security standards that protect essential or highly sensitive Information Assets which are critical to the functioning of the institution.
• Each Institution will establish a Disaster Recovery Plan for essential Information Assets.
• Each Institution will develop awareness and training programs for all Information Asset users regarding Information Security.
• OUS Internal Audit will conduct periodic Information Security Policy Audits.

1 Purpose

The Oregon University System and its member institutions, collectively referred hereinafter as OUS, have a responsibly to protect information entrusted to them, ensure the effective operation of business critical processes, and must abide by the security policies established by the State Board of Higher Education as well as laws and regulations at the federal, state, and local level relating to information security. OUS must meet a standard of due care regarding the protection of institutional information assets as well as those belonging to OUS students, faculty members, customers, and research partners.

OUS “Information Assets� includes information and systems that are owned by OUS, information that OUS is obligated to keep secure by applicable law or by contract, and information exempt from disclosure under public records laws. OUS Information Assets are found in written, spoken, electronic, printed, magnetic, optical and other mediums.

The purpose of this policy is to document OUS management’s intent regarding the protection of these Information Assets. It is to be used by each OUS institutions’ management to develop, document, implement, and maintain local information security policy and programs.

2 Goals

OUS member institutions will develop and implement ongoing information security programs, and assign clear and appropriate roles and responsibilities to the administration, IT personnel, and institutional community members. The basic objectives are to achieve and maintain:

TRUST - Ensure that institutions establish a baseline of security that will serve as a basis for the ongoing trust of OUS’s information systems, engender confidence between OUS and its students, faculty members, customers, research partners, and the citizens of the State of Oregon.

INTEGRITY - Establish the concepts of due care, best practice, and security baselines as the basis for protecting the Information Assets of OUS in a manner commensurate with their sensitivity, value, and criticality to ensure they meet expectations of form, fit and function.

ACCOUNTABILITY - Maintain the accountability of information users, preserve management options if there is asset misuse or abuse, ensure security of OUS’s physical assets, and provide for business continuity.

3 Authority and Scope

This policy applies to the Oregon University System as organized and empowered by ORS Chapters 351 and 352, and is specifically authorized under ORS 351.087. This policy is applicable to all OUS member institutions as well as all employees, students, contractors, consultants, agents, and vendors working on their behalf. It is applicable to all OUS Information Assets, regardless of form or media. It applies to information gathering, protection, use, processing, storage, communications, and transit.

OUS Member Institution policies, procedures, standards, and work instructions are required to comply with this policy.

4 Roles and Responsibilities

The OUS Chancellor shall have overall oversight responsibility for the provisions of this policy.
The OUS Chief Information Security Officer (CISO) shall have responsibility to develop, implement, maintain, and monitor compliance with this policy.
Each member institution’s Chief Information Officer (CIO), or equivalent, shall have oversight responsibility on their campus for institutional provisions set forth in this policy and shall be responsible for ensuring that intuitional policies are developed in accordance with this policy.
Each member institution’s CISO or equivalent shall be responsible for developing, implementing and maintaining institution level policy, procedures, standards, and plans to meet the requirements of this policy.

5 Institutional Policy Requirements

5.1 Security Management

Each member institution should establish an ongoing information security program and assign clear and appropriate roles and responsibilities to their Administration, CIOs (or equivalent), and all local University community members. The CIOs (or equivalent) of each member institution will be responsible for establishing the program and ensuring that it is effective. At a minimum, member intuitions shall specifically assign the responsibility to plan, facilitate compliance, and report on the status of their program to a person or appropriate group to act as Chief Information Security Officer.

Each member institution should create clear and consistent policy in accordance with their information security program, which outline general information security operations including such things as risk assessment procedures, incident response responsibilities, security testing, and day to day security compliance. The specifics of those policy requirements are outlined in the following sections.

5.2 Information Systems Security

Information Systems are composed of three major components: data, applications, and infrastructure systems. All three must be addressed in order to ensure overall security of these assets. OUS Member institutions should establish policy, procedures, security controls, and standards which govern these assets. These policies should ensure that fundamental security principles, such as those documented as pervasive principles in the Generally Accepted Information Security Principles , are established and maintained.

At a minimum each member institution shall establish:

a) Information system classification standards. These standards shall ensure that Essential and/or Highly Sensitive data, applications, and infrastructure systems are identified and standards for handling them are developed. Member institutions may deem it appropriate to establish multiple levels of sensitivity or criticality.

b) Security baselines for information systems. Security Baselines are a minimum set of operational guidelines which affect the relative security of an Information Asset. Baselines shall be appropriate to the level of sensitivity and criticality of the systems and ensure that the due care and best practice principles are met.

5.3 User and Personal Information Security

Everyone interacting with information assets has a responsibility to ensure the security of those assets. Each member institution must create policies that articulate the rights, responsibilities, and roles of anyone interacting with Information Assets. Policies must take into account federal, state and local laws, as well as other institutional policies. For example, FERPA requirements will require attention when dealing with student records and HIPPA requirements will require attention when dealing with health information. Policies should be made readily available to all interested parties.

At a minimum each member institution shall establish:

a) Personal Information Policies. Member institutions are required to specifically define procedures for dealing with personally identifiable information. Information, such as social security numbers, credit card numbers, and driver’s license information, is naturally sensitive and appropriate steps should be taken to protect the privacy of this type of information.

b) Acceptable Use Policies. Member institutions are required to develop policies which define the parameters of acceptable use for all users of information resources within the organization. These policies must ensure that the use of Information Assets 1) is consistent with standard security practices, 2) ensure that those resources operate effectively, and 3) that appropriate laws relating to Information Assets are followed. For example these policies may include user account management, resource use limitation, definitions of inappropriate behavior, copyright restrictions, commercial use restrictions, and confidentiality requirements. These polices should also include definitions of enforcement mechanisms in case of violation. Member institutions shall make it clear that prior notification is not a requirement for applicability of the policy and they shall clearly state that there should be no expectation of privacy while using institutional resources.

c) Security Sensitive Personnel Policies. Employees that have access to essential or highly sensitive data and processes should be designated as serving in critical or security-sensitive capacities as per OAR XXX.XXX and be subject to the appropriate employment policies of the institution.

5.4 Security Operations

OUS member institutions have a responsibility to construct operational standards and policies that ensure due care is taken to secure Information Assets. These operational standards and policies should include reasonable and appropriate proactive and reactive measures to protect Information Assets from unauthorized access, disruption of normal operations, and which comply with appropriate laws and regulation. In particular, member institutions should provide anti-virus software, a system to distribute current anti-virus definitions, and a security patch management system for commonly used operating systems.

At a minimum each member institution shall establish:

a) An incident response plan. This plan shall include a threat containment strategy, an intrusion detection system, and a mechanism for tracking and reporting security breaches.

b) A notification and escalation plan for security breaches involving personally identifiable information. This plan shall include clearly defined criteria used to determine that personally identifiable information has been exposed and has been, or it is reasonably believed to have been, obtained by an unauthorized person. This plan shall also include clear escalation and notification steps when such an event occurs and the means by which the member institution’s administration, OUS’s administration, appropriate law enforcement agencies, and the people that could be identified by the information in question, are notified of the breach.

c) An ongoing risk assessment program. This program should regularly identify and track all Essential and/or Highly Sensitive Information Assets, and verify that the appropriate security baseline is in place and being followed with respect to those Information Assets.

5.5 Network and Telecommunications Security

OUS member institutions have a responsibility to ensure secure management of their local networks. Member institutions should have the ability to control who connects to their networks, the ability to create secure zones with restricted access on their networks, and be able to ensure the effective operation of their networks.

At a minimum each member institution shall establish:

a) Secured Zones for essential and highly sensitive Information Assets. These zones shall be created by employing standard network technology to restrict access at the network level to authorized personnel only.
b) Policies that prohibit transmission of unencrypted Highly Sensitive data outside of secured zones.

5.6 Physical and Environmental Security
Each member Institution should establish procedures for the physical protection of its Information Assets. At a minimum, member Institutions shall develop policies and procedures to protect physical areas containing Information Assets that represent Essential or Highly Sensitive information systems which are critical to the functioning of the institution. Member institutions should also consider physical security for computers and other local Information Assets housed in departmental work areas or under departmental control, such as laptop computers, PDAs, etc.

Protection of physical equipment, or of software and data residing on storage media, from theft, loss, damage or improper use should be addressed. Particular attention must be paid where access to or function of essential or highly sensitive information systems is concerned. Member institutions are encouraged to adopt policies which only allow highly sensitive data to be permanently retained on portable equipment if protective measures, such as encryption, are implemented that safeguard the confidentiality and integrity of the data in the event of theft or loss of the portable equipment.

In addition, physical inventories of equipment should be completed and maintained in accordance with the OUS Financial Administration Standard Operating Manual (FASOM) Section 8.03C.

5.7 Business Continuity/Disaster Recovery

As part of ongoing business continuity planning, member institutions are responsible for preparing, periodically updating, and regularly testing a campus Disaster Recovery Plan. This plan should address recovering from a disaster that renders Essential Information Assets unavailable for an unacceptable period of time. Such a Disaster Recovery Plan should establish the frequency of testing member institution disaster recovery procedures. Member institutions should ensure that any local operations procedures are coordinated with overall institutional disaster preparedness plans.

5.8 Awareness, Education and Training

Member institutions are required to develop methods for increasing the level of awareness of information security issues among their constituents. Awareness and training programs may be carried out using a number of different approaches, including document distribution, software distribution, web publishing, and internal or external training sessions. These programs should be carried out on a regular basis, and they should be periodically reevaluated in order to assess their effectiveness.

At a minimum, users should be made aware of their roles and responsibilities within the organization as they relate to the security of Information Systems. Users should also be informed of all policies and procedures which may apply to them. Contact information for central IT Security personnel, as well as department IT personnel, should be made available. Users should be informed of whom to contact, and appropriate measures to take in the event of a security incident. Policies and procedures should be made readily available in accessible locations.

Educational or training materials should be made available in order to educate users on standard security practices. Training on basic computer security concepts should be provided. These concepts include the following: operating system patching, built-in firewalls, anti-virus software, password management, and browser and e-mail security. Additional training should be offered in areas that are of particular concern to the institution.

6 Policy Review Process
The OUS CISO will review this policy annually to ensure that it complies with applicable law and Board Policies. Should this policy be revised, the CIOs (or equivalent) of each member institution will be notified to ensure local policies are reviewed and revised as appropriate.
7 Audit
The OUS internal audit office will conduct periodic information security policy audits to ensure compliance and notify each member institution of any deficiencies.

Appendix A
Glossary

Anti- Virus – Programs that identify malicious code installed on computers without the owner/operator’s knowledge or consent.

Applications – Computer programs that collect, process, or otherwise manipulate data.
Best Practice – Generally accepted industry practices which have been broadly adopted and considered standard.
Built-in Firewall – Functions within the local operating system of a computer that limit what other machines on the network can connect to it.

Business Continuity – The ability for business processes and functions to continue and for an organization to continue to function despite emergencies, major disruptions, etc.

CIO – Chief Information Officer. The executive level position in an organization that is generally in charge of the Information Technology division and is responsible for the overall IT operations of an organization.

CISO – Chief Information Security Officer. Generally the CISO function is one of being responsible for the Information Security Program.

Data – Information stored electronically, or in print.
Due Care – The conduct that a reasonable man or woman will exercise in a particular situation, in looking out for the safety of others. If one uses due care then an injured party cannot prove negligence. This is one of those nebulous standards by which negligence is tested. Each juror has to determine what a "reasonable" man or woman would do.
Essential Information Assets – Those Information Assets that are critical to the function of the member institution and without which the normal business functions of the member institution can not occur.

FERPA – Family Educational Rights Privacy Act. This federal act protects student records, other than directory information, as private information available only to those with an educational need to know.

HIPPA - Health Information Protection and Privacy Act. This federal act protects health records as private information.

Highly Sensitive Information Assets – Those Information Assets that OUS is obligated by law or contract to protect, or that represent obviously confidential data which if released would represent some actual legal liability to the member institution.

Incident Response – The planned reaction to a breach of security which includes identifying the breach, closing it, and mitigating its effect.

Information Assets – Information and systems that are owned by OUS, information that OUS is obligated to keep secure by applicable law or by contract, and information exempt from disclosure under public records laws. OUS Information Assets are found in written, spoken, electronic, printed, magnetic, optical and other mediums.

Information Systems – A collection of computers and processes which interact with each other to manipulate, transmit, and store data.

Infrastructure Systems – Computers and network devices and the operating systems which run them.

Institutional Community Members – Faculty, Staff, Students, Vendors, Visitors, Affiliates, Courtesy Faculty, etc. In short, all persons who have a relationship with the Institution and therefore may interact with Information Assets of the Institution.

Intrusion Detection System – A program or series of programs that watch network traffic and other activities to identify intrusion attempts and compromised machines.

Risk Assessment – In the context of information security, risk assessment is the determination of both the importance of all Information Assets and their likelihood of being accessed by an unauthorized person or of their function being intentionally impaired by someone.

Security Baseline – A minimum set of operational guidelines which affect the relative security of an Information Asset. These guidelines would typically cover such things as firewall settings and network access controls, local permissions, password change policy, operating system patch management, anti-virus policy, and physical access controls.

Security Breach – Theft or unauthorized acquisition of Information Assets by a person that harms or poses an actual threat to the security, confidentiality, or integrity of those assets.

Security Controls – Procedures to follow which help establish and maintain Authentication, Authorization, and Access to Information Assets. These controls include such things as verifying identity, giving access to Information Assets based on job function or duties, network appliances that restrict connections coming from the Internet or unsecured zones, etc.

Threat Containment – Reactive measure to ensure that a security breach is contained to affected systems and that those systems are not able to be used to launch successful intrusion attempts to other systems.

Operating System – The series of programs loaded on a computer that operate it. Common operating systems include Windows, MacOS, and Unix.
OUS Member Institutions – The Chancellor’s Office, University of Oregon, Oregon State University, Portland State University, Oregon Institute of Technology, Western Oregon University, Southern Oregon University, and Eastern Oregon University.
Password Management – The practice of creating and maintaining passwords on a system that are not easily guessed, programmatically determined, or otherwise obtained by unauthorized persons. This generally means requiring a base level of complexity in the password, and that it is changed on a regular basis.

Personally Identifiable Information – A combination of name and one or more other data elements which could uniquely identify an individual for the purpose of providing restricted access. This term may be formally defined shortly in anti “ID Theft� legislation. Common data elements used in combination with name are: Social Security number, driver’s license numbers, date of birth, account number (such as credit or debit card number), account passwords (including pass phrases such as mother’s maiden name), identification number issued by a foreign nation, passport number, biometric data, etc.

1. Computer lab locations and configuration
2. Smart classroom location and configuration
3. What are the specifications for a standard computer workstation
4. Who will get replacement computers this academic year (2006-2007)
5. What software will be included on my new computer
6. How do I print from the student computer labs including PC's, MAC's and thin-client stations
7....

1. Where are the computer labs located on campus and how are they configured?
Answer:
Each ITC computer lab is detailed here.
All other campus computer labs are detailed here.
Please note that the following suites are exclusively available on thin-client stations located in many locations on campus: Macromedia Studio version 8 (includes Dreamweaver, Fireworks, Flash Pro, Contribute, Flash Paper), Adobe Creative Suite (Photoshop, Acrobat Pro, Illustrator, InDesign, GoLive, Version Queue) and SPSS. Any software that is available on the Terminal Servers (thin-client servers) is available from your computer at home. Please see Joe Crowe's video describing how to connect to the terminal server from home.

2. Where are the smart-classrooms and how are they configured?
Answer:
A list of all classrooms including smart-classrooms can be found here.
The computer equipment in each of the thirty smart-classrooms includes either a PC, MAC or both. Exceptions include ITC310 and ITC 002. ITC 310 contains both a PC and a thin-client. ITC 002 only contains a thin-client. Every smart-classroom console has easy access to network and video jacks that your laptop will easily plug into.

3. What are the hardware specifications for the standard workstation for the 2006-2007 replacement computers?
Answer:
PC -- Optiplex GX620 Small Form Factor Pentium D 945/3.40GHz, 1G RAM, ...
MAC -- Mac mini, 1.83GHz Intel Core Duo with Apple Wired Keyboard & Mighty Mouse Kits and AppleCare ...
Thin-client -- Sun SunRay 2 with 1 - DVI video port, 1 - 100Mb/sec network port, 2 - USB ports, audio in/out. Sun SunRay 2FS with 2 - DVI video ports, 2 - 100Mb/sec network ports (wire/fiber), 3 -USB ports. Additional thin-client information can be found here. Current pricing on the SunRay 2 is $199 and the SunRay 2FS is $399. We continue to use 19" Dell monitors with the thin-clients at a cost of $247. There are currently six terminal servers. (thin-client servers) They are Sun X4100's with 2 dual-core opteron processors and eight gigabyte of RAM.

4. Who will get replacement computers this academic year? (2006-2007)
Answer:
All faculty and staff that have a primary workstation purchased in 2001 will receive a new computer. This includes 55 PC's, 2 Macs, 10 SunRay 2's, 2 SunRay 2FS's. The thin-clients are going only to staff that have been contacted and are willing to use this new technology. This purchase brings our $78,000 replacement budget balance to $0. We received significant discounts from Dell for the mass purchase of both workstations and monitors.
Deployment is expected to begin the end of October and the goal is to have them all in place by the end of January, 2007.

5. What software will be included on my new computer?
Answer:
All stations include the Microsoft Office Suite. ...more to come

6. How do I print from the student computer labs including PC's, MAC's and thin-client stations?
Answer:
To print to computer lab printers you will need to do the following:
.. i In the application (Word, Excel, etc..) go to “File� on the menu bar
.. ii Select print from the “File� menu list.
.. iii You will now need to select the printer you wish to print to. By default it will be a PDF writer, however if you wish to print to paper select the desired printer for the location you are in. For example in the Library you will select Lab-HLREF to print in the reference area, in the APSC main lab you will select Lab-APSC101.
.. iv Before you select print, select any options by clicking properties. A good example of this would be printing double sided or duplexed.
... v You will need to release the print job. The credits will be reduced by 1 per black and white page and 5 per color page.
.... a Double click on the Printing icon on the desktop or go to: http://www.wou.edu/printers
.... b Log in using your network username and password
.... c Select the print job you wish to release and click “print�

What are some easy ways to distribute podcast at WOU?
1. Open your P: drive and create a podcast folder.
2. Save the podcaster utility to your newly created podcast folder.
3. Copy your mp3 files to the podcast folder.
4. When subscribing to your podcast using iTunes or any RSS feed append your URL with podcaster.php An example would be http://www.wou.edu/~kernanb/podcast/podcaster.php

If your media files have been created by the GarageBand application and are in the m4a (MP4) format you can use the same directions as above, except replace instruction 2. with:
2. Save the podcaster utility to your newly created podcast folder.

--------- You are now a published podcaster!!! ----------------

Tape backups are performed on a Overland NEO8000. Full backups are run monthly and level backups nightly. Special needs backups, including hourly, can be run for the cost of the storage media. The cost of a 600 gigabyte tape is $80.

Full backup tapes are stored off site. Recoveries can be performed by calling the Service Request desk at 88925. If the tape is in the library, the restore can typically be done same day. If the tape is stored off-site the turn-around time may be longer. When turning in your service request, please communicate the needed turn-around time to the service request desk.

Core Hardware Infrastructure
The majority of the equipment in our server farm is manufactured by Sun Microsystems. The main server is a Sun Fire E6900 configured into two domains. It is engineered for 99.99% hardware reliability. Each domain contains 32 gigabyte of RAM and 8 dual-core UltraSPARC processors.

Both domains of the E6900 are attached to a Sun/Hitachi 9980 Lightening Series SAN. The 9980 is engineered for 99.999% hardware reliability. It currently provides 7 terabyte of useable disk space, with room for an additional 7 terabytes in the current cabinet and capacity for another three cabinets.

We use three redundant Sun V20z's as Windows domain controllers. They are powered by two Opteron processors. They include 4 gigabyte of RAM.

The thin-client architecture includes 6 Sun X4100's. They are powered by two dual core Opteron processors. Two of the X4100's have 16 gigabyte of RAM and four have 4 gigabyte of RAM. Three of the boxes are providing Solaris terminal services and three are providing Windows 2003 terminal services. There are 85 thin-clients several remote desktop clients and 80 Tarantella clients utilizing these servers. This summer an additional 50 thin-client stations will be added accross campus.

We utilize the Overland NEO8000 for tape backup. We currently own three direct-attached LTO3 tape drives. (400/800G capacity per tape) Each tape drawer has a capacity of 80 tapes and we own 3 of the 6 available drawers. All data is backed up at least once per day with some data being backed up every hour. The standard retention policy is one year.

The network infrastructure includes a Cisco 7200 router at the border, a Cisco 6509 switch/router at the core and HP 4108, HP 4104, HP 2524 and HP 2824 switches at the leaf nodes. The leaf node switches are all communicating at 1 gigabit/sec with the 6509. We purchase 55 megabit/sec of non-transit from our border to NERO, our ISP. NERO rate limits the transit traffic to 50 megabit/sec to core campus and 20 megabit/sec to the resident halls.

Telecommunications and UCS continue to deploy wireless accross campus. The design includes full coverage of campus indoor and outdoor. We are deploying Cisco 1200 access points with 802.11a, 802.11b and 802.11g radios installed.

more to come here

Enterprise

Web mail
Calender
Wiki
Blog
Project Management
Survey
Personel and Project WebSpace supporting PLSQL, PHP, and Coldfusion
MySQL
Oracle

Software freely available to Faculty and Staff

Productivity Software
Star Office
PDF Creator
Thunderbird – Email Client
FileZilla – File Transfer
FireFox – Web browser

Statistics
PSPP

Graphics
The GIMP – Graphics Manipulation
DIA – Flow Charting
OpenBlender - 3D Modeling

WEB Programing Software
J Edit – HTML Editor
Netbeans – Java Compiler

Video Editing
JAHSHAKA – In line video editor

Anti-virus
Sophos

GIS
ArcGis

Software Available per purchased license

Productivity Software
MS Office
Adobe Acrobat
Visio
Outlook

Statistics
SPSS
SAS

Graphics
Photoshop
Fireworks
Flash
Director

WEB Programing Software
Dream Weaver
BlueJ
JpadPro

Video Editing
per request

Would you like to cut down on the number of allfacstaff or student e-mail you find in your in-box every day? By subscribing to digest mode you can reduce the deluge to one or two per day. You can subscribe to digest mode by following these instructions:

- login in to http://cougar.wou.edu/mailman/listinfo/[any list name]
---- example: http://cougar.wou.edu/mailman/listinfo/allfacstaff
- At the bottom of the page there is a Subscibers section where you will enter your email address to edit your options.
-- Enter your e-mail address in the text box next to the Unsubscribe or edit options button.
- Next, a new page will open up where a password will be required to continue.
-- If you do not know your password, you can click on the Remind button at the bottom of the page. This button will email you your password so you can return to this page with password in hand.
- After the correct password is entered a new page opens. Under the Subscription Options there is a Set Digest Mode switch. Set it to On, scroll down to the Submit My Changes button and click it.
- The same page is refreshed after the options are changed, click the logout button and you're done.

Steps involved in the web-server update:

Create web-server instance on sundown.wou.edu
This step is completed. You can see the results of our progress here.

Copy the files from maverick to sundown. It took 15 hours to copy the 150 gigabyte of files. This process will occur at least one more time just before we go production on the new web-server.

Create all the aliases that exist on the old web-server.
These are also known as re-directs. One example would be http://www.wou.edu/newmail

Permissions:
Every web directory is owned by one or more content providers. Ron is writing a script that will put the correct permissions on each directory. Once permissions are in place then your w: drive will need to be mapped to the correct location.

Ron needs you to help him out with the permission script. Please send your current path to the w: drive.

Test permissions:The data will be deleted at the new site, re-copied and Ron's permission script will be applied against the new data.

Go production:
Copy the files from old server one more time, apply Ron's permissions script and point the Domain Name Server to the new web server. This means that www.wou.edu will now point to the new web server. It will take about six hours for the name to propigate around the globe.

For an up to date status report, see Travis's blog.

Both Sakai and Moodle are two open-source course management systems that are now installed in a test environment at WOU. The cost of licensing either software package for use at WOU is $0.

The WOU test instance of Sakai can be previewed here. Sakai doesn't seem to differentiate between a student and an instructor, so go ahead and create a course.

The WOU test instance of Moodle can be previewed here. Once you have created an account, contact tdknabe@wou.edu and he will set you up as an instructor.

I would expect that if WOU commits to a non-WebCT solution for the future, there would be a transition period where both products would be in production allowing for sufficient time to transfer courses to the new system.

Additional thoughts on Sakai can be found here.

I will notify you here when both/either product(s) are in a production environment.

Please post your comments and evaluations to this blog.

In lieu of weekly staff meetings, UCS will be engaged in training, brain-storming sessions and other staff development activities three days per month and a staff meeting one day per month.

Todays event was a success. There was a group looking at various ways to utilize MRTG to activity monitor a variety of system events. Another group performed a Solaris 10 install and will do a Oracle 10g install next week. I spent my time researching various PHP IDEs and training tools. All team members were actively expanding their knowledge and some dared to learn technology outside of their comfort zone.

For additional information about how this idea was conceived, see Travis’s blog.

Today's participant comments on the development session can be found here:
Travis
Summer
Michael E.
Shaun
Joanie
Dale
Ron
Nathan
Joan
Tricia

PHP to MySQL connectivity is now available. This is a great option for those of you that would like to do your own web-based database development. (not for the faint of heart) To sign-up for an account, send an e-mail to phpadmin@wou.edu that includes: your name, your V number and a short description on what types of projects you will be creating.

MySQL Administrator is a client based tool for administering your database.

MySQL Query Browser is a client based tool for querying your database.

MyDB Studio is available for PHP/MySQL development.

Your URL should look something like this when using your PHP code:
http://www3.wou.edu:83/~username/filename.php

Banner 7.x was rolled into production over Labor Day weekend. Performance was not an issue during testing, but is currently very poor in production.

A slight performance increase can be achieved by upgrading the java interface (jinitiator) from version 1.3.1.13 to 1.3.1.21. After upgrading to the new jinitiator, the shortcut on your desktop needs to change also.

For sis: https://inb.ous.edu/forms90/f90servlet?config=sis_wou_prd_13121

For fis: https://inb.ous.edu/forms90/f90servlet?config=fis_wou_prd_13121

ETS at OSU (that is where Banner is located) is adding a third server. This will lighten the load on the other two servers which are currently being pushed to their limit. The third server will be added September 24, 2005 at 6:00a.m. I am hopeful that this will significantly increase performance.

Course management system software (CMS) is being used by many university campuses around the world. There are several top vendors including WebCT and Blackboard. They charge big bucks for the privilege of using their product. Several universities are developing and writing an open-source CMS that will be available to all at no cost. The development team named their product Sakai. The original development teams included: University of Michigan, Indiana University, MIT and Stanford University to name a few. In the next couple of months a preview copy will be available at WOU.

I have included information about the Sakai project below.

About Sakai
The Sakai Project is a community source software development effort to design, build and deploy a new Collaboration and Learning Environment (CLE) for higher education. The Project began in January, 2004.

Goals
The Sakai Project's primary goal is to deliver the Sakai application framework and associated CMS tools and components that are designed to work together. These components are for course management, and, as an augmentation of the original CMS model, they also support research collaboration. The software is being designed to be competitive with the best CMSs available.

The tools are being built by designers, software architects and developers at different institutions, using an experimental variation of an open source development model called the community source model (see below). To provide a support system for institutions that want to be involved in the Sakai Project, either by adopting Sakai tools or by developing tools for inter-institutional portability, the Sakai Project has also formed the Sakai Educational Partners Program (SEPP) and the Sakai Commercial Affiliates Program.

Disk storage space can be optimized by following these suggestions:
Instead of attaching a 277KB document to your e-mail and sending it out to allfacstaff, create a single blog entry and send only the link in your e-mail. The savings in disk storage will be approxiamtely 18 megabyte using my example PDF document. (277KB * 700 = ~19MB) ((0.5KB * 700) + 277KB = ~600KB)

To make a PDF document available to your blog:
Browse to your blog folder on your H: drive and create a PDF folder. (ex. H:/kernanb/public_html/blogs/pdf)
Drop you PDF document into the new PDF folder.
Create a link to the PDF document when you create your blog entry. To create the link I highlighted the word link, clicked on the chain icon, then pasted the URL to the PDF document into the URL field.

To have a blog account setup, contact Paul Lambert at lamberp@wou.edu

As of today, approxiamately 85% of campus users have been migrated to the new servers (the MASH domain). Our goal is to have 100% of the users migrated before the start of fall term. There will inevitably be a few users that are missed. If you haven't been migrated to the MASH domain, you will be unable to login to the computers in the smart classrooms. If you have been missed and are using the smart classrooms, please call the Service Request desk at 88925 and report that you need immediate migration attention.

E-mail, calendar, secure web and file services will all authenticate to the same password. To change your password, use the e-mail password change utility.

Here are a few tidbits of information about what is going on behind the scenes of the server migration.

Joe and crew has been making appointments with faculty/staff to migrate their workstation from aviation to mash. The events that occur leading up to and during each migration include:

-- running a script that Ron Swartzendruber wrote that creates a new ldap entry for each member of the current migration. This step gives the user login access to their new e-mail, calendar and web account.

-- creation of the new domain account is performed by Joe Crowe. Joe runs a csv file against a utility called csvde that creates a domain account for each active directory user. This step give each user access to their file and print services.

-- moving the user and group file services data from maverick and goose (aviation) to cougar (mash). Ron Swartzendruber wrote a mass move script that accomplishes this task.

-- moving old e-mail and address book information from messenger express to communication express.

-- modify workstation to include connection to mash domain

-- setup shares for each user. This includes each of your drive mappings, i.e. h:/ i:/ etc.

-- syncronize your ldap and active directory passwords. (file services, e-mail, calendar and web will all share the same passwords)

Cognos Higher Education Presentation Notes

What will business intelligence tools do for you?
--Enterprise view of data (metadata modeling)
--End user "self-service"
--Multiple data sources -- direct easy access
--Consistent, protected data
--Many views of "one version of the truth"
--Current data is enforced
--Includes connection portal

Cognos Architecture
--Dashboards
--Ad-Hoc / Analysis
--Managed reports for managers, legislature, ...
--Scorecards, key performance indicators
----view multiple related data
--Budget and plan on the fly

--Provide data to end users through the meta data layer
----must be developed by staff that are familiar with the data relationships

--Mobile enabled
--ms-office integration
--security
--portal
--web-based
--extranet

Questions you might ask about the student lifecycle
--How many applicants are admitted?
--What is our recruiting strategy?

Look and Feel
--briefing book
--Ability to drill down the data for detail and trends
--Graphical presentaion of data (maps, charts, graphs, tables, etc..)
--Drag and drop reporting
--Drill down and up for data detail levels
--Comes with some canned reports however, many have to be developed in house.
--typically takes 6 to 9 weeks to get base package up and running
--Ability to create nested data views for "cross tab" analysis
--Custom calculations within tools provided (ie percent change, growth, trends, Exceptions, ranges, etc)
--Conditional formating based upon custom defined criterea
--Ability to rotate and change views (ie table to graph, rotate axis)
--Create user dashboards and score cards
--Ability to create cross catagory reports (i.e. enrollment, revenue, expenses)
--Custom metrics reporting, score cards, watch lists.

Planning module
--custom modeling
--extends to the enterprise not just finance
--web or excel based
--work flow management
--built to be run by finance not IT
--role based permissions
--audit trail
--supervisor approval process
--user frendly
--web based
-sample data was not ssl wrapped
--ability to lockdown fields
--import to and from Excel
--push and pull data to/from Excel to Banner

60 hours per application for expert developer
--budget worksheet was the example used

Design Architecture
Data tier
--common metadata, consisten business view of physical data
Application tier
--high volume reporting, high speed analysis
Web tier
--.Net, Java, C++
presentation tier
--single point of access
--security administration
--customer apps

Cognos connection -- Portal development
--Query studio
----drag and drop
--Reports studio
--Framework manager
----multiple data source management
----Data modeling
--pulls data into data warehouse so that it is not going directly against production

Cognos provided a good functional review of their product, including a real world what-if type spreadsheet/database demonstration. The technical presentation was cut short because of the length of the functional review.

The product looks like it would provide some good easy to use decision making tools for the end user. The hidden cost behind a successful implementation, is the design and development of the metadata.

UCS is supporting the new Freshman Academy in several ways. Summer Runyan is developing a web-based application that will group together students with their mentors. Michael Ellis will write an interface between Banner SIS and the CBORD housing module that will take a group of Academy students and place them in close proximity to each other in the residence halls. Troy Knabe installed the Wiki and Blog servers so that Academy students could collaboratively and individually report on world events. Rick Thompson will coordinate training for his computer lab employees so that they will be able to provide wiki and blog technical support to Academy students in the main computer lab located in APSC 101.

This year UCS will close purchasing of computer related equipment on June 9, 2005. We do this for the following reasons:
1. All equipment must arrive on campus by June 30 to be purchased out of the current fiscal year.
2. Joanie and Tricia need enough time to close out the current years re-sale account, including JV's and invoices before June 30.

In the past, June has been the month from hell for Joanie and Tricia trying to get the impossible accomplished. They have spent many late hours during past Junes processing everything before June 30th. They need every last day I can give them to make it through this process with their sanity. Thanks for your understanding!

There is not currently a set of guidelines at WOU that specifically addresses blogging. With the permission of Jonathan Schwartz, Sun Microsystems President and Chief Operating Officer, I have modified the Sun policy to fit the needs of WOU. Use this document as a guideline for your blogging -- or ignore it all together. Your comments are encouraged.
---------------------------------------------------------------------

Many of us at Western Oregon University are doing work that could change the world. We need to do a better job of telling the world. As of now, you are encouraged to tell the world about your work, without asking permission first (but please do read and follow the advice in this note). Blogging is a good way to do this.

Advice By speaking directly to the world, without benefit of management approval, we are accepting higher risks in the interest of higher rewards. We don’t want to micro-manage, but here is some advice.

It’s a Two-Way Street The real goal isn’t to get everyone at Western Oregon University blogging, it’s to become part of the educational conversation. So, whether or not you’re going to write, and especially if you are, look around and do some reading, so you learn where the conversation is and what people are saying.
If you start writing, remember the Web is all about links; when you see something interesting and relevant, link to it; you’ll be doing your readers a service, and you’ll also generate links back to you; a win-win.

Don’t Tell Secrets Common sense at work here; it’s perfectly OK to talk about your work and have a dialog with the community, but it’s not OK to publish the recipe for one of our secret sauces. There are going to be judgment calls.
If the judgment call is tough—on secrets or one of the other issues discussed here—it’s never a bad idea to get management sign-off before you publish.

Be Interesting Writing is hard work. There’s no point doing it if people don’t read it. Fortunately, if you’re writing about a product that a lot of people are using, or are waiting for, and you know what you’re talking about, you’re probably going to be interesting. And because of the magic of hyperlinking and the Web, if you’re interesting, you’re going to be popular, at least among the people who understand your specialty.

Another way to be interesting is to expose your personality; almost all of the successful bloggers write about themselves, about families or movies or books or games; or they post pictures. People like to know what kind of a person is writing what they’re reading. Once again, balance is called for; a blog is a public place and you should try to avoid embarrassing your readers or the company.

Write What You Know The best way to be interesting, stay out of trouble, and have fun is to write about what you know. If you have a deep understanding of some chunk of Enrollment strategies, a hot new method of presenting Biology lectures or smart-classroom design, it’s hard to get into too much trouble, or be boring, talking about the issues and challenges around that.

On the other hand, a smart-classroom designer who publishes rants on marketing strategy, or whether Biology lectures should be more creative, has a good chance of being embarrassed by a real expert, or of being boring.

Quality Matters Use a spell-checker. If you’re not design-oriented, ask someone who is whether your blog looks decent, and take their advice on how to improve it.

You don’t have to be a great or even a good writer to succeed at this, but you do have to make an effort to be clear, complete, and concise. Of course, “complete� and “concise� are to some degree in conflict; that’s just the way life is. There are very few first drafts that can’t be shortened, and usually improved in the process.
Think About Consequences The worst thing that can happen is that a Western Oregon University admissions councilor is in a meeting with a prospective student, and someone on the student’s side pulls out a print-out of your blog and says “This person at Western Oregon University says that WOU sucks.�

In general, “XXX sucks� is not only risky but unsubtle. Saying “The registration process needs to be simplified for the first-time user� is fine; saying “The registration process sucks� is just amateurish.
Once again, it’s all about judgment: using your weblog to trash or embarrass the company, our customers, or your co-workers, is not only dangerous but stupid.

Disclaimers Many bloggers put a disclaimer on their front page saying who they work for, but that they’re not speaking officially. This is good practice, but don’t count it to avoid trouble; it may not have much legal effect.
Tools We’re starting to develop tools to make it easy for anyone to start publishing, but if you feel the urge, don’t wait for us; there are lots of decent blogging tools and hosts out there.

The template for this draft guideline is used by permission of Jonathan Schwartz, Sun Microsystems President and Chief Operating Officer

I have replaced the ip-address of the offender with xx. This type of activity is prohibited by the "Student Code of Responsibility". The offending computer is removed from the network and the student is reported to the Judical Conduct Committee. The first offense removes the student's computer from the network for three months. The second offense removes the student from the Residence Halls.

------------------------------------------------------------------

Re: Unauthorized Use of Twentieth Century FOX Film Corporation Property

Notice ID:27-1871
Notice Date:21 May 2005 17:04:57 GMT

Dear Sir or Madam:

TWENTIETH CENTURY FOX FILM CORPORATION and its affiliated companies (collectively, "FOX") are the exclusive owners of copyrights in motion pictures.

It has come to our attention that Oregon State System of Higher Education is the service provider for the IP address listed below, from which unauthorized copying and distribution (downloading, uploading, file serving, file "swapping" or other similar activities) of FOX'S property is taking place. The documentation included at the end of this notice specifies the location of the infringement. We believe that the Internet access of the user engaging in this infringement is provided by Oregon State System of Higher Education or a downstream service provider who purchases this connectivity from Oregon State System of Higher Education.

This unauthorized copying and distribution constitutes copyright infringement under Section 106 of the U.S. Copyright Act. Depending upon the type of service Oregon State System of Higher Education is providing to this IP address, it may have legal and/or equitable liability if it does not expeditiously remove or disable access to the property listed below, or if it fails to implement a policy that provides for termination of subscribers who are repeat infringers (see, 17 U.S.C. §512).

Although various legal and equitable remedies may be available to FOX as a result of such infringement, FOX believes that the entire Internet community benefits when these matters are resolved cooperatively. We urge you to take immediate action to effect removal of the detected infringement listed in the attached report, including:

(1) Notify the account holder of this infringement
(2) Require the account holder remove the infringing material
(3) Disable access to the infringing material
(4) Take appropriate action against the account holder under your Abuse Policy/Terms of Service

We appreciate your efforts toward this common goal. Please send us a prompt response indicating the actions you have taken to resolve this matter. Please reference the above noted Notice ID in all correspondence, which should be directed through:
http://webreply.baytsp.com/webreply/webreply.jsp?customerid=27&commhash=762733b190d4c3c9f2dec42c71a582de

The undersigned has a good faith belief that use of FOX's property in the manner described herein is not authorized by FOX, its agents or the law. Also, we hereby state, under penalty of perjury, under the laws of the State of California and under the laws of the United States, that the information in this notification is accurate and that the undersigned is authorized to act on behalf of FOX with respect to this matter.

Please be advised that this letter is not and is not intended to be a complete statement of the facts or law as they may pertain to this matter or of FOX's positions, rights or remedies, legal or equitable, all of which are specifically reserved.

Please contact us at the above listed address or by replying to this email should you have any questions. This infringement notice contains an XML tag that can be used to automate the processing of this data. If you would like more information on how to use this tag, please do not hesitate to contact BayTSP.

Very truly yours,

Sarah Bergman
Compliance Manager
BayTSP, Inc.
PO Box 1314
Los Gatos, CA 95031

v: 408-341-2300
f: 408-341-2399

[A pgp public key is available on the key server at ldap://keyserver.pgp.com if you would like to verify the authenticity of this notice.]

Evidentiary Information:
Notice ID: 1871
Asset: Star Wars - Episode III: Revenge of the Sith
Protocol: BitTorrent
IP Address: 140.211.122.xx
DNS: dyn-122-xx.wou.edu
File Name: Star Wars III ROTS
File Size: 1537671367
Timestamp: 20 May 2005 21:02:59 GMT
Last Seen Date: 20 May 2005 21:02:59 GMT
URL: 140.211.122.xx:6881\Star Wars III ROTS
Username (if available):