IT to Install Campus Network Firewall

Spam: A Growing Problem

Do you feel like you now spend more time deleting unwanted email than you did a year ago, or even a few months ago? These days, "spam," or unwanted junk mail and adult-content messages, plague almost everyone who uses email. Recent accounts indicate that spam has increased nation-wide by 450 percent over last year’s levels.

The technology for detecting and blocking spam continues to improve. This fall Information Technology will be evaluating commercial software that prevents the delivery of spam, with the ultimate goal to stop spam at the central gateway for UW email. This process would resemble what we already do to block email containing viruses. With such a block in place, most spam would never reach your inbox.

In the meantime, here are some tips that may reduce the amount of spam delivered to your inbox. Unfortunately, the steps are likely to reduce, but not eliminate, the undesirable messages.

Tip 1: Sign up for an alternative secondary email account through a third party. (Providers like Hotmail or Yahoo! offer free email services.) There are different ways for spammers to obtain your email address, but two of the most frequent are Web site registration and listing your address on marketing materials. If you give your email address to a site (such as an online catalog), you run the risk that thousands of companies, some of them unscrupulous, will obtain it. Marketing companies often compile email addresses into a database and then sell them to other companies and spammers. The best way to prevent your primary UWYO address from ending up in the hands of spammers is to consider carefully the companies you give your address to. Don’t list your primary address when filling out marketing details for promotions, warranties, free offers, online use, software downloads, or other sales and ordering information. Instead get a secondary email account for this use. When selecting a secondary account, choose a provider who offers virus scanning for attachments. Two free services that provide virus scanning are www.hotmail.com and www.yahoo.com.

Tip 2: Be very selective when replying to an unsolicited email, even if the message claims to unsubscribe you from a list. In many cases the sender is attempting to confirm the email address and will continue to send junk mail if they receive a response. Often the "Reply To" address is simply forged. Look at the Reply-To address. Does it appear to be a legitimate company? If it doesn’t don’t reply.

Tip 3: Keep your email address off of Web pages, chat rooms, and Usenet groups. Some computer programs have the capability to harvest email addresses from Web sites. If you need to have an email address listed on a Web site then consider using a graphic representation of it instead of text. Graphics are ignored by the scanning programs. Type the email address in a graphic editor such as Microsoft Paint and save the address as a bitmap or .jpg graphic file. If you must post to chat rooms or Usenet groups, use the secondary account mentioned in Tip 1.

Tip 4: Use Outlook to filter and manage email messages. You can filter messages based on a list of email addresses for companies that send junk and adult content. Contact your user consultant for help. To automatically move junk mail from your Inbox,

1. On the standard toolbar, click on the
   Organize icon.
2. Click on Junk E-Mail.
3. In the bulleted items for Junk and for Adult Content messages, in each of the first lists, click Move. When you click Move, the second list on each line will change from a list of colors to a list of folder destinations.
4. You can leave the default destination (Junk E-Mail), click Deleted Items, or click the Other folder and choose or create one.
5. Click Turn On to enable the feature.
6. Repeat steps 3 through 5 for both the Junk and Adult Content lines.

If an unwanted message is not filtered and reaches your Inbox, right click on the message and choose Junk E-mail from the menu. This will add the sender’s email address to the list of junk email and adult content filters.

Additionally, Outlook can search for commonly used phrases in messages and automatically move them from your Inbox to the Junk E-mail folder, your Deleted Items folder, or any other folder you specify. The list of terms that Outlook uses to filter suspected junk email messages can be found in a file called Filters.txt.

When you first begin using these features or when you make modifications to them, you should review messages that are automatically removed from the Inbox to verify that wanted messages are not accidentally removed.

For more information about avoiding and managing spam and using the Outlook filters,talk to your user consultant or see Microsoft’s advice at
http://office.microsoft.com/ assistance/2002/articles/ olmanagejunkandadultmail.aspx.

Microsoft Exchange Improves Email for Mac Users

by Roland Miller, Computer Support Specialist, Geology and Geophysics and Steve Jackson, Master Technician, Information Technology

Information Technology now offers a better way for campus Macintosh users to read and send email. The Microsoft Exchange email servers, which are dedicated to faculty and staff, can be accessed by Mac users through IMAP.

Receiving your email from Exchange has several advantages over receiving your email from ASUWLink:

• Global address list – all users on Exchange are included in the global list. This will help other people find your email address if they only know your name.
• Improved Web access – The Outlook Web Access at https://exchange.uwyo.edu is more advanced than the Web access available on ASUWLink. It provides secure access to your email from the Internet. And with only a Web browser you can get to your Inbox from anywhere in the world.
• UWYO domain account – all users on Exchange also have a UWYO domain account. Many current and future UW Web services will require users to have a UWYO account. Having one will prevent you from being locked out of any content made available in this way. A UWYO domain account is also used to gain access to the faculty and staff dial-in modem pool at 721-0400.
• Improved attachment handling – some issues that Mac users on ASUWLink have had receiving attachments will be alleviated by moving to Exchange.

The following questions are often asked by Mac users who have already migrated to Exchange.

Q. Will I get a new email address or keep the old one?

A. You will keep your current address (username@uwyo.edu).

Q. How long does it take to change from ASUWLink to Exchange?

A. 24 to 48 hours.

Q. Will I lose any email, or will messages to me "bounce back" (returned to the sender undelivered)?

A. None of your email will be lost or bounced during the transition.

Q. Will I still have an email account on ASUWLink after the transition?

A. Yes, your existing ASUWLink email account will remain on the server; however, new email will be automatically directed to your new Exchange account.

Q. Will my email that’s already on ASUWLink be moved to Exchange?

A. No. You’ll need to forward any email that you need from ASUWLink to Exchange. Contact Steve Jackson (766-2749 or action@uwyo.edu) for other options.

Q. Can I use my current email software?

A. Yes, as long as it will allow you to connect via IMAP.

Q. Can I gain access to Exchange via POP?

A. Yes, however IT recommends and supports connections via IMAP only.

Q. Why does IT recommend and support only IMAP?

A. IMAP means that your email resides on the Exchange server instead of on your local Mac so you can’t accidentally delete it. It also means you can read and reply to your email from anywhere with a Web browser via Outlook Web Access.

Q. Is there a full Outlook client for the Mac like there is for Windows?

A. Yes, it is called Outlook 2001 for Mac. It is a free download from Microsoft, however it is not officially supported by IT. (See Editor’s Note Below)

Q. Whom can I contact for more information?

A. Steve Jackson (766-2749 or action@uwyo.edu) is available to answer your questions.

If you are ready to switch to Exchange and have no questions, please call 766-HELP (6-4357), Option 1, to request the change. If you don’t have a UWYO account, ask that one be created along with an Exchange account. If you already have a UWYO account, simply request that an Exchange account be created. Your email preference will also need to be changed from ASUWLink to Exchange. If you do have questions, the Help Desk, user consultants, and Steve Jackson are available to assist you.

Editor’s Note: IT does not support any Mac client including the Mac Exchange client. IT recommends that Mac clients use IMAP on the Exchange servers since Windows Exchange servers support enhanced SMTP (ESMTP).

 

VPN Server Installed

To increase University of Wyoming network users’ security and privacy, Information Technology has installed a Virtual Private Network (VPN) server. Created to allow access to UW computing resources through the public telecommunication infrastructure and the Internet, the VPN employs encryption and other strong security protocols. It allows two computers to create a private, secure communications tunnel through the Internet. This ensures that only authorized users can access the UW network and that their data cannot be intercepted.

The VPN will allow authorized users to securely connect from off campus using various commercial Internet service providers (ISPs), for example, MSN, AOL, or Juno. Using VPN, remote users are connected to the university’s internal network as if they were connecting from on campus. This allows remote users to access servers and other devices restricted to UW network users and isolated from the outside. This will become more important as the campus firewall is gradually implemented (see "IT to Install Campus Network Firewall," this issue) and more UW systems become restricted from outside access.

Beginning this month (September) some UW users will need to install the Windows VPN software on their laptops, home computers, and other systems if they connect to the UW network from off campus and do not use the UW modem pools or UW DSL access. Off campus users who only connect to the UW network via Web access do not need to install the VPN software. If you use Microsoft Outlook and other administrative applications, such as PeopleSoft and BSR, from off campus you will need to install the VPN software. Users who reach their email through Outlook Web Access (http://exchange.uwyo.edu/) or who utilize IMAP to access Exchange do not need the VPN software for email.

The Windows VPN client and installation instructions are available at http://www.uwyo.edu/vpn. This site asks that you login using your Windows domain username and password. You will need to add the appropriate domain to your username (i.e., "uwyo/username" or "uwstudent/username"). VPN software clients are also available for Apple OS X, Linux, and Solaris. Additional information about the UW VPN can be found at www.uwyo.edu/vpn.

If you have any questions regarding the use, installation, or your need for VPN access, please contact your assigned user consultant or call Information Technology at 766-HELP.

---

UW Partners Program Recommends Business Class PCs

When purchasing a PC, it’s important to realize that "consumer class" computers are very different from "business class" computers.

Consumer products are built with any number of components that can change from one order to the next. You can even receive computers in the same order that were built with different components, potentially requiring different drivers and hardware for each system. The result is that the knowledge, tools, parts, and support for each machine is different. When users need to upgrade consumer class PCs, they may find that vendors will not support certain components or provide drivers for the upgrades. With consumer class computers, the user must be prepared

• never to upgrade or change the original operating system (OS),
• not to receive any vendor technical support for the upgrade, or accept the fact that to get support the original operating system may have to be reinstalled and the system rebuilt. Rebuilding a system takes a tremendous amount of time – the current system has to be backed up, wiped clean (reformatted), and "rebuilt" from scratch with its original OS.

In contrast to the consumer systems, business class computers are designed to be upgraded and supported by users, support staff, and the vendor, enabling users to meet the demands of changing technology.

• Components and drivers – Business class systems are engineered with a standard set of components that do not change for long periods of time. The components have drivers that are cross-platform, meaning that you can upgrade or change the system’s configuration. Vendors who offer business class computers are aware of the need to provide drivers that are "backwards compatible." For instance, they provide new software to make older components work with the updated operating systems.
• Application requirements – Because of the attention paid to engineering, components, and drivers in business class computers, you can upgrade when you need to. Should the need arise to have a bigger hard drive or more memory to run a required application it shouldn’t negate the support you would receive for your system. With a business class machine it doesn’t.
• Business environment – These systems are specifically designed for the networked environment, such as the one we have at the university. They are easy to configure, compatible, and extensively tested.
• Total cost of ownership – Longer life cycles and lowered costs of ownership are achieved through consistency and compatibility of the product. Longer term support potential exists between the vendor and the customer. Total support costs decrease because less time is needed to maintain and upgrade business class systems.

IT may not be able to support consumer class PCs if they are prone to problems. In such cases, departments are responsible for communicating with the vendor to reach a satisfactory solution. IT strongly encourages departments to follow the UW Partners Program’s recommendations for business class PCs when buying new computers.

To learn more about the UW Partners Program, its committees, purpose, and recommendations, visit http://www.uwyo.edu/partners and click on the Partners Computer Hardware Recommendations link.

Editor’s note: IT support staff has recently experienced problems with certain new consumer class PCs ordered by UW departments for campus use. As an example, some vendor-installed network interface cards (NIC) do not function properly on the UW network; The network card usually has to be replaced. Departments must pay $55 for the new card and wait for it to be installed. Changing the original components of a system, as in this case, may void the warranty or other agreements for support from the vendor.

Protecting Your Desktop – How You Can Help

Today’s networked world provides endless resources to computer users for academic, administrative, research, teaching, remote support, and technology purposes. It also poses a threat to anyone connected to the Internet and that means almost every computer on the University of Wyoming campus. Information Technology created the IT Security Office due, in part, to an increase in computer hacker attacks on UW systems. These attacks have resulted in hackers commandeering some UW systems. At times, hackers have even installed and run unwanted services on a given user’s computer, using that computer to deliver illegal material.

To help stem this growing problem, the IT Security Office will soon be implementing a new campus-wide security infrastructure (see "IT to Install Campus Network Firewall" in this newsletter). User consultants have also developed a standard configuration for the Windows operating system that should enhance the security of personal desktop systems. The Security Office, together with user consultants, will work to protect computer systems on campus. Newer systems are more secure than older systems, though they require periodic updating. As the user consultants visit older systems, they will check them to verify that security software and settings are up to date. But they need your vigilance. To help keep your desktops and laptops, new and old, secure, follow the guidelines listed here:

1. Use strong passwords and change them periodically. Hackers like to "crack" passwords by using password cracking programs. The more complex you make your password, the harder it is for it to be discovered. Be especially prudent in setting the local administrator password for your system. Don’t leave it blank or make it the same as your username (contact your user consultant if you need help). Consider the general industry suggestions for choosing your passwords:
   • Passwords should not be found in the dictionary (including foreign languages).
   • Passwords should not be your username, first or last name, SSN, or birthdate.
   • Passwords should be 8 characters or longer.
   • Passwords should contain both upper and lower case letters and should have at least one non-alpha numeric character (for example, !@#$%^&*()_-+=).
     
2. Be proactive in applying all patches, service packs, and updates for the operating system, browser, and applications. Windows XP and Windows 2000 have made it easy for the everyday computer user to apply the latest security settings.
   
   If you use Windows XP: Turn on the Windows automatic updates feature. If it’s not already enabled, right click on My Computer, and click on Properties. Choose the Automatic Updates tab and check the box next to, "Keep my computer up to date." Then, whenever you connect to the Internet, your computer can check the Windows Updates site for the latest Windows, Microsoft Internet Explorer, and Microsoft Windows Media™ Player, as well as other selected updates, and download them automatically. After they are downloaded, Windows XP requests your permission to install them. Choose to install them immediately – don’t delay.
   
   If you use Windows 2000: Let Windows Update notify you of critical updates. Visit the Windows Update site (http://v4.windowsupdate.microsoft.com/en/default.asp) and install Windows Critical Update Notification 3.0. Then, whenever you connect to the Internet, your computer will automatically notify you if new security updates are available. If you are notified, go to Windows Update right away to stay secure.¹
   
3. To keep your Microsoft applications and products up to date and secure, check these two sites:
   
   Microsoft Office Product Updates: http://office.microsoft.com/ productupdates/
   
   Microsoft Download Center:
   http://www.microsoft.com/downloads/
   
4. Don’t enable any services on your personal workstation, such as a Telnet server or internet information services (IIS), which contain things like file transfer protocol (FTP) and Web services. These services increase the potential for intrusion. Unless you are a system administrator and are knowledgeable in security and services, we advise you to avoid these services, which are disabled by default during installation of the operating system.
   
5. Of course, you can help to keep your computer safe by using anti-virus software. IT provides free anti-virus software to all UW faculty and staff. Install TrendMicro’s OfficeScan 5.02 from \\uwapps\antivirus\officescan to protect your system from virus attacks.
   
6. Many departments and colleges need to share files among faculty and staff. The best way to do this is to use the central server, Warehouse, which is maintained by IT staff to ensure backups, stability, access, and security. Should the need arise to share files from a single personal computer, ask your user consultant for assistance if you are unsure of the best procedure. There are good ways and not-so-good ways to share your files with others. Your user consultant will be happy to help you set this up!

Contact the IT Help Desk at 766-4357 (6-HELP), Option 1, for assistance with any security questions. Your data and security are a top priority.

¹ http://www.microsoft.com/security/ articles/update.asp.