Security Update for Microsoft Windows
Information Technology strongly encourages Windows users to install the security
patch recently released by Microsoft – patch MS03-026. Microsoft issues security
patches on a regular basis. Users should apply security patches whenever they are
announced. The MS03-026 bulletin is of special concern because of a problem, or “exploit,”
in the software that allows remote users to obtain full access to your computer.
MS03-026 fixes this exploit.
The MS03-026 exploit itself is not detectable by antivirus software. However,
antivirus software may detect the worms and viruses that take advantage of the
exploit. Often, such worms and viruses pose severe threats because they do not require
any user interaction to cause infection. Moreover, such worms and viruses can spread
rapidly. The recent “W32.Blaster” worm that used the MS03-026 exploit was detected
on campus by TrendMicro’s OfficeScan antivirus software. OfficeScan runs on most UW
desktop systems, but it may not always offer adequate protection. To prevent future
infections, either by direct infection or through a worm or virus that uses an
exploit, it is critical to keep your computer updated with the most current patches.
Unpatched systems are vulnerable to worms and viruses, which threaten the university’s
network and could destroy all of your computer’s data.
Because of firewall restrictions in place at UW, the MS03-026 vulnerability remains
relatively safe from off-campus attacks. That said, on-campus systems can still become
infected by a variety of means. For example, an infected laptop or infected home
computer can spread viruses to the campus network while connected through Virtual
Private Network (VPN) services. Once an on-campus system becomes infected it can
launch attacks and infections against other computers on the UW network. This occurred
with the recent MSBlaster worm. The firewall restrictions blocked off-campus Internet
attacks but on-campus computers still became infected.
Please see www.uwyo.edu/infotech/aboutit/newsletter/fall2002.htm#protect
for information about patching Windows systems, as well as other suggestions for
making your system more secure. Contact the IT Help Desk at 766-4357 (6-HELP), option
1, for assistance with any security questions. Your data and security are a top
priority.
Further details of the MS03-026 exploit can be found at www.microsoft.com/security/security_bulletins/ms03-026.asp
and in the Exchange email sent from Information Technology on August 15, 2003: www.uwyo.edu/infotech/aboutIT/stories/MSBlast0803.htm.
UW to replace the Student Information System
The Student Information System (SIS) at UW is a mainframe-based application that
was originally installed in the 1980s. Although IT has upgraded the SIS application
and it remains stable and supported by the vendor, SCT, only sixteen other
universities continue to use it. As the system ages, its flexibility in adapting to
the ever-changing needs of the university decreases. The system’s older technology
and limited customer base raise concerns about its capacity for being upgraded and
on-going vendor support.
Meanwhile, the industry of student information systems continues to advance. The
products available now can do much more for the campus than our current SIS system. In
order to meet the ever-growing needs of students, staff and faculty and to be able to
implement the changes to institutional processes dictated by the ever-changing higher
education environment, UW has decided to replace the SIS system. The replacement
process has already begun with a thorough review of available products, comparing them
to the university’s needs. A new system will give UW the benefits of an integrated
database that includes more university departments and organizations and can provide a
more convenient "one-stop-shop" approach to student data management.
Earlier this year, the executive SIS Visioning Team tasked the SIS Development Team
to develop and detail the requirements for a new system, document and streamline
processes, identify potential vendors and request proposals (RFPs) from them, analyze
the resulting proposals and recommend a new system to the president and board of
trustees.
Three vendors received the request for proposals: SCT, PeopleSoft, and Oracle.
Oracle decided not to participate. SCT and PeopleSoft sent representatives to campus
July 24–25 to meet with functional and technical users and clarify requirements. SCT
then returned to campus July 29–31 to demonstrate its products, including the core
Banner Student module and Luminus portal product. PeopleSoft’s demonstration, from
August 5–6, included its core Student Administration product and the PeopleSoft
Portal. The visioning and development teams found both vendors’ demonstrations
helpful. August 15 was the deadline for vendors to submit their responses. In the
coming weeks, the development team will evaluate the proposals and contact the
companies’ references, ultimately recommending one product, along with next steps,
to the visioning team, the president and the board of trustees.
For details on the project to replace SIS, please see www.uwyo.edu/newSIS. The site is updated
regularly to keep the campus informed of plans and decisions made by the development
and visioning teams. If you have questions regarding the project, please contact
Daniel Ewart, director, IT Department of Information Systems, at 766-4866 or dewart@uwyo.edu.
Wireless Network: an update
This summer, Information Technology installed wireless gateways and Virtual Private
Network (VPN) services on the UW wireless network (also know as “WiFi” or “802.11”).
These additions make the system more accessible and easier to use, and they provide
better security. The wireless gateways provide user authentication by prompting users
for their UW username and password. The VPN services allow users to create VPN
connections that will encrypt their data, thus keeping it from being seen or
intercepted by other users (for a description of VPN see www.uwyo.edu/infotech/aboutIT/newsletter/fall2002.htm).
Despite these changes, the Lightweight Extensible Authentication Protocol (EAP/LEAP)
will continue to function as usual. Users who don’t use EAP or LEAP can be
authenticated for wireless access by opening a web browser and entering their UWYO or
UWSTUDENT username and password. (Note: If you haven’t yet authenticated with
the wireless network, the wireless system will present you with a specific web page
whenever you try to use your browser). MAC addresses will no longer be authenticated.
The Central Student Fee Committee (CSFC) made a large
contribution to help bring this central solution to university students, faculty and
staff. Recently CSFC placed wireless logos in campus locations where the CSFC provided
the funding for wireless access. CSFC funded wireless access points are located
primarily in study areas and other areas that emphasize student access.
New wireless access points funded by the CSFC include the Geology Library and
atrium, the Fine Arts open-study areas and lobby, the student congregation (vending)
areas in Engineering on all four floors, the Animal Science lobby and study area, the
first-floor study room in Business and the student lab and library in Hoyt Hall. For
up-to-date information on the UW wireless service, including instructions, maps,
security, plans, locations and more, please visit www.uwyo.edu/infotech/wireless.
Campus firewall installed
Information Technology has implemented a number of new systems and network
configurations intended to help make university computers less vulnerable to hacking
attacks and viruses. During the past year, IT has installed Virtual Private Network (VPN)
services (www.uwyo.edu/infotech/vpn),
intrusion detection systems and virus checking for email. IT has also blocked all
Internet access ports (IP ports) typically used by hackers and has put into effect
several other appropriate restrictions.
More recently, IT installed a hardened network firewall between the Internet and
University of Wyoming’s internal network. A hardware and software device that
protects an internal network from external attacks, the firewall protects the internal
network by assigning computer (IP) addresses to devices inside the network. The
assigned "inside" addresses are not accessible from outside networks. The
firewall provides campus users with connections to the outside by translating the
inside addresses into addresses that are accessible from the outside.
Since May, IT has connected the Residence Halls’, Bureau of Mines (WRI) building’s
and the new University Annex’s (the old Farm Bureau building) networks behind the
firewall. During the next few months, the networks in all remaining campus buildings
will be placed behind the firewall.
Moving a building’s network behind the firewall requires that all computers in
the building be assigned and configured with new IP addresses. Most users simply need
to reboot their computers on the date their network is moved. Servers that require
public access from off-campus require additional reconfiguration after being moved
behind the firewall. Complete details, including a schedule for each building, are at www.uwyo.edu/firewall.
In order to make the campus network more secure, IT must balance the benefits of
stronger security with the inconveniences of new security measures. Whenever possible,
IT will implement changes gradually and notify network users in advance. Some
situations, however, may require the immediate implementation of blocked or restricted
network access.
No firewall is perfect. For this reason, IT asks that you keep your desktop, laptop
and any departmental servers properly updated and patched. This often requires
frequent updating of your computers. And, no matter how secure the UW network, keep in
mind that your computer is always vulnerable to attacks from other computers on campus
and computers that have remote access to the UW network.
“Voice over Internet”: new telephones operate over campus data
network
During the summer, IT implemented a new communications technology on campus.
Telephones equipped with voice over internet protocol (VoIP) were installed in the
recently purchased Farm Bureau Building (now the University Office Annex). VoIP
telephones offer essentially the same services as conventional “wired” telephones.
The difference? VoIP phones don’t require wire running from each telephone set all
the way to the central telephone switch. In other words, VoIP telephones can function
anywhere an Ethernet data jack is available. Sharing a computer connection, they
function over the university’s data network.
IT had been testing VoIP for approximately a year. Deployment of the technology on
campus was accelerated when it became apparent that underground conduit (for copper
twisted-pair cable and optical fibers) could not be installed in the Farm Bureau
Building in time for the university’s move-in date. Instead of installing optical
fiber and twisted-pair cable to connect the building to the campus network, IT
installed a gigabit wireless Ethernet system (with a 10-Mbps wireless system for
emergency backup). Because twisted-pair cable was not available, VoIP data technology
became the obvious solution for telephone services.
VoIP telephones offer many benefits over wired telephones. A VoIP telephone can
easily be moved from office to office (or even used at an Ethernet connection off
campus), whereas a wired telephone needs to be physically re-wired in each new
location (due to emergency 911 requirements, VoIP telephones will still need to be
centrally registered prior to being moved).
Moreover, VoIP telephones will soon be available for connecting laptop computers to
the phone system. Known as a “softphone,” these computers, used in conjunction
with VoIP software, can be used remotely as telephones. Effectively, the laptop
becomes the user’s telephone, appearing as if it were located on campus. VoIP
telephones open a world of opportunities for home office use and frequent travelers.
Associated with the VoIP telephone service is a new voicemail system called “Unity.”
The Unity system allows users to choose either a standard voicemail account, with
features similar to the current Meridian voicemail system, or a Unified Messaging
enabled account, which allows for advanced features including the integration of
voicemail (vmail) with Exchange email.
With Unified Messaging, Outlook users will be able to retrieve both email and vmail
from their Outlook inbox. A vmail message appears as an attachment in the Exchange
email account. Vmail message attachments can be played over the computer’s speakers,
or directed to a VoIP telephone set. Just like email messages, vmail messages can be
forwarded and saved in an Outlook mailbox folder or .pst file.
Unified Messaging also provides another new and very powerful feature. Users are able
to call into the Unity system from a telephone anywhere in the world and not only
playback their vmail messages but also their email messages. The email messages are
“read” back to the user using the system’s text-to-speech voice synthesis.
Due to network restrictions and cost, VoIP telephones are currently available only
in the University Office Annex. At present, Unified Messaging is only available to
VoIP telephone users. However, in coming months IT plans to integrate the Unity and
Meridian voicemail systems. At that time, Unity Voice Mail and Unity Unified Messaging
will be made available to all campus users.
Hardware giving you trouble? Request your repair online
Do you have a printer that’s jamming
or needs cleaning, a keyboard with keys that stick, a monitor that has a fuzzy
picture, or a PC that won’t power up? Is anything keeping your PC or related
equipment from working like it should?
Client Support Services now has a convenient way for users to request repairs,
installation, estimates or advice about whether to fix or replace computer components.
It’s easy to do. Go to
www.uwyo.edu/InfoTech/services/support/comprepair.asp, fill
out the form, and click the submit button. It’s that easy!
Your request will be submitted to the Help Desk and forwarded immediately to either
the PC Maintenance or Apple Maintenance group where staff will make arrangements for
diagnosis or pickup of the problematic equipment.
Have questions? Please contact the Help Desk at 766-HELP (766-4357), option 1, and
one of our consultants will gladly assist you with the process.
Copyright-protected media: what you should know
Many users enjoy access to their favorite music via the Internet. However, it is
illegal to have and share unlicensed copyright protected material on university
computers, including music, videos and software. The University of Wyoming does not
track or monitor the activities of music and movie file sharing. But, the university
does receive regular notifications from both the Recording Industry Association of
America (RIAA - www.riaa.com) and the Motion Picture
Association of America (MPAA - www.mpaa.org) of
suspected copyright violations. Complaints regarding suspected copyright violations
are reviewed by the IT Security Office. Legitimate complaints result in having the
computer with unlicensed copyright material being disconnected from the university’s
network. The computer will remain disconnected until its user can demonstrate the
copyright-protected material has been removed.
The RIAA, MPAA, and other software companies’ representatives have recently begun
collecting evidence and preparing lawsuits against those who offer music or movies
online illegally and against those who store unlicensed software on their computers.
See www.riaa.com/news/newsletter/062503.asp
and www.mpaa.org/anti-piracy for
additional information. IT strongly advises users not to share copyrighted materials
and to remove any unlicensed material from computers on the university’s network.
Spyware “watches” your surfing habits
spyware (def.) –
Software that sends information about your Web surfing habits to its Web site.
Often quickly installed in your computer in combination with a free download you
purposefully selected from the Web, spyware, also known as “parasite software,”
transmits information in the background as you move around the Web.
The license agreement that most everyone accepts without reading may clearly
indicate what the software does, or it may not. It may state that the program
performs anonymous profiling, which means that your habits are being recorded, but
not you individually. Such software is used to create marketing profiles; for
example, people who like Web sites that feature product “A” often go to Web
sites that feature product “B” and so on.
– www.techweb.com
If you see excessive popup windows, a changed homepage, or new toolbars in your
browser, it’s likely that you’ve been infected with spyware. Spyware can install
software on your computer without your knowledge, watch everything you do on your
machine, and capture personal information. Spyware may be violating your privacy.
Have
you seen this line at the bottom of some email messages? “Upgrade Outlook® Add
Icons to your Email.” Often, these “advertisements” are accompanied by cute
smiley-face characters dancing around on your screen. You might think twice before
choosing “Click Here!” This is HotBar, and it is spyware.
What Is HotBar?
Hotbar is an application that enhances email and web browsers, while recording
information about the person using the application. It supplies animations and
backgrounds for email and allows the design and transmittal of e-cards from the mail
program. It adds “smart buttons” to the browser and allows the browser skin, or
wallpaper, to be changed to a variety of pleasing images.
Spyware “watches” your surfing habits
HotBar may be bundled with free software, or it may be advertised through junk
email that claims to provide an upgrade to Microsoft Outlook. Visiting some web sites
may result in an attempt to download and install HotBar. Even if “no” is selected
on the download popup, HotBar will continue to install. If HotBar’s toolbar is not
removed from the View/Toolbars menu, it will add buttons on the left-hand side of the
browser that lead to advertisers’ sites. These are often competitors of the site
being visited. Even when the toolbar is disabled, HotBar continues to gather
information about sites you visit and from on-line forms you complete. HotBar has a
silent update feature that downloads updated software without your knowledge.
What do you really get?
HotBar collects your personal information, including the full URL of visited web
pages, your IP address, the date and time for each page viewed, information about any
advertisements shown on the HotBar website, your browser type and version, and your
operating system and platform. It also transmits cookies to your computer so it can
track the pages viewed on the advertiser’s website. Personal information that you
provide voluntarily is also collected.
Our review indicates that HotBar does acknowledge that it collects personal
information such as names and email addresses, but it says it stores them separately,
and does not correlate or link them directly with the other data it collects. It also
claims not to use personal information to determine which advertisements and buttons
to display.
HotBar indicates as well that it won’t sell, rent, or disclose personal
information to outside parties without your express consent unless they believe, in
good faith, that such release is reasonably necessary to comply with law or law
enforcement or apply the terms of their user agreement.
How can HotBar be removed?
HotBar can be removed by using the complete uninstaller available on HotBar’s
site at http://hotbar.com/downloads/HbUninst.exe.
The deletion can also be done by using Add/Remove Programs in the Windows Control
Panel. Then, see www.safersite.com/PestInfo/h/Hotbar.asp
for a list of other files and registry entries that must be removed manually. This
type of removal is not recommended for inexperienced users.
For assistance with removal or to ask questions about HotBar, please call the IT
Help Desk at 766-HELP (766-4357), option 1.
eNews Extra:
Software Assurance, Microsoft Select License 6.0: Your chance to renew
Software Assurance Renewal Window
The University of Wyoming's new Microsoft Select License 6.0 became effective Aug.
1, 2003. This means that users who have Software Assurance for any licensed Microsoft
product—including FrontPage, Project, Publisher, Visio, VStudio.NET, and server
software— should consider renewing it. Once renewed, it may be upgraded at no
additional cost for the term of the new Select License 6.0 agreement, which is three
years (until summer 2006). Please see www.uwyo.edu/InfoTech/aboutit/news/newsletter/2003/03spring.asp#sa
for additional details.
Users will have until October 30, 2003, to renew Software Assurance. Users who
allow their Software Assurance coverage to lapse must acquire the “License &
Software Assurance” new bundle. Users may not purchase Software Assurance for
products that were previously paid for but not enrolled in Software Assurance.
For a listing of all Software Assurance licenses and pricing, see www.uwyo.edu/InfoTech/Services/software/select/.
Please address IDRs to Information Technology and include the user’s full name,
username, item name for the software license, and the part number of the software
license. Please send the IDR to Lynette Chance, Information Technology, Client Support
Services, Ivinson Building, Room 140.
What Is Microsoft Select License 6.0?
Information Technology manages and administers two Microsoft licensing agreements—
Campus Agreement 3.0 and Academic Select License 6.0. Campus Agreement allows UW
faculty and staff to install or upgrade to the latest versions of Office
Professional® for Windows and for Mac over the term of the agreement. For no
additional cost departments may upgrade the Windows operating system.
The other licensing program, Microsoft Academic Select License 6.0, enables faculty
and staff to purchase product licenses to run software that is not covered by Campus
Agreement. Through this program, UW is able to secure volume pricing on various
Microsoft products. This significantly reduces the costs to UW departments and
colleges. Some popular products available for purchase through Select License 6.0 are
FrontPage, Project, Publisher, Visio, VStudio.NET, and various server software.
Microsoft Select License 6.0 is effective August 1, 2003, through July 31, 2006.
For a complete listing of all Microsoft Select License 6.0 products and pricing,
see www.uwyo.edu/InfoTech/Services/Software/select/.
Prices and availability are subject to change without notice. Submit an IDR to
Information Technology following the instructions provided in the previous section.
eNews Extra:
Special computer accounts offered by IT: an update
Every UW employee and student is eligible for a UW computer account. To meet
individual departmental needs, Information Technology also provides special computer
accounts for such things as occasional outside consultants working on UW projects or
for shared use by university faculty or staff. These accounts have the same function
as normal computer accounts, including user login, network disk space, and access to
network resources. (For a full description of this service and similar alternatives,
see the Fall 2000 IT News article, “Email aliases and email lists, generic mailboxes
and special computer accounts,” available online at http://www.uwyo.edu/InfoTech/aboutit/news/newsletter/.)
Special accounts are provided when requested by UW departments, faculty, or staff.
There is a small monthly fee associated with each account or generic mailbox. Fees are
billed to the department’s monthly telecommunications bill. (For a listing of
related fees, see www.uwyo.edu/InfoTech/Services/clientfees.htm#Special.)
The fee covers the costs of software licenses, server resources, and administration.
To request a special computer account, contact your IT User Consultant or the IT Help
Desk at 6-4357 (6-HELP), option 1.
In the past, IT has provided departments with a limited number of special computer
accounts and generic email accounts for no charge. Although IT is no longer able to
offer new accounts of this type for free, all existing arrangements will remain in
effect.
There is a charge for UW affiliate accounts. As of July 1, 2004, all affiliate
accounts will be billed at the published rates. Affiliate accounts
have been under review, as mentioned in previous newsletters and on the Infotech Web.
eNews Extra:
PeopleSoft news
Human Resources Management System (HRMS)
The implementation of the new PeopleSoft Human Resources Management System (HRMS)
is scheduled for this fall. Meanwhile, during the current testing phase of the
project, both Human Resources and the Payroll Office continue to enter data into both
the old and new systems, compare payroll results between the two systems and ensure
that all necessary software, report and procedural changes have been completed.
New federal tax regulations made it necessary for UW to perform an upgrade to HRMS
8.3, a difficult and time-consuming task. In order to install the new tax tables and
rules, our HRMS team needed not only a service pack (SP1) software upgrade but also an
upgrade for PeopleTools to version 8.19. These updates are now complete. The
functional staff, the IT staff and consultants have also worked hard to prepare the
system for tracking employee time (Time & Labor), which is being extensively
tested at this time.
For anyone who is interested in HRMS 8.3, team representatives are available in
Knight Hall, Room 74, from 10 a.m. to noon on Fridays to answer questions, work
through issues or provide a refresher on the functionality of the system. Everyone and
all questions are welcome.
PIStOL Upgrade
The PIStOL upgrade to Financials 8.4 has reached a critical stage. A significant
number of application “fixes” (software corrections) have been released by
PeopleSoft since UW started its upgrade process. It has become clear that many of
these fixes need to be applied in order to solve problems that have been identified
during the testing process. Unfortunately, the same fixes used to solve certain
problems cause other difficulties in properly converting data. UW has enlisted
PeopleSoft’s assistance to resolve the problems. PeopleSoft technical and functional
experts will be on-site over the coming months to help the UW team develop and
implement a detailed plan to successfully work through the upgrade.
For the latest information on the PIStOL upgrade to Financials 8.4 or the
implementation of HRMS 8.3, please see “PeopleSoft at UW,” online at www.uwyo.edu/peoplesoft. If you need
additional information, please contact Chad Marley, IT Project Manager, at 766-4874 or
cmarley@uwyo.edu.
eNews Extra:
Worm_SoBig.F follows on the heels of MSBlaster
On Tuesday, August 19, 2003, a massive flood of email messages with subject lines
such as Re: Wicked Screensaver, Re: Thank you!, Re: Approved, and others began
arriving in email inboxes across campus (and the world). These email system-clogging
messages originated from the SoBig.F Worm. The worm-virus rapidly propagated itself
via users’ email address books and quickly became the fastest spreading virus ever.
If an unsuspecting user opened an infected email attachment, the virus would
replicate and spread by re-mailing itself to the email addresses in the user’s
address book. Using a random email address from the address book, this virus forges or
“spoofs” the sender’s email address in the “From” field. The propagated
emails appear as if they came from the random email address but were actually sent
from the infected user’s email account.
Due to the spoofing component of this virus, many users have received returned, “bounced”
or undeliverable messages referring to an email message that did not, in fact,
originate from the user. The bounced message is in response to the virus-propagated
message that actually came from the person who opened the infected attachment. In most
cases, the receiver of the bounced message did not have the virus, but rather it was
their email address that had been spoofed when the virus replicated itself. This is
especially true for UW users, having received bounced messages even though their
computers were not infected by the virus.
The University of Wyoming email servers protected campus users from this virus at
the outset of the virus attack. Infected SoBig.F attachments were detected and removed
from email messages by antivirus software before reaching campus inboxes. The messages
were delivered to UW users, but the virus had been removed from the messages.
The extreme number of virus-created email messages threatened to overwhelm the UW
servers and caused delays as the system fought to keep up with deleting the incoming
infected attachments. To lessen the impact and eliminate the delay the UW email system
was programmed to delete the entire message instead of just the attachment. While this
helped to curtail the flood of emails created by this virus, it does not eliminate the
delivery of the bounced or undeliverable emails coming back to spoofed email
addresses. In many cases, UW users are receiving these messages and believing they
sent the infected email. This is not the case. They are receiving the bounced message
because their UW email address was the random address spoofed when the virus
propagated itself from someone else’s address book.
For more complete information on the SoBig.F Worm, go to http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SOBIG.F
The recent viruses and exploitation of the Windows operating system vulnerability
(see Security Update for Microsoft Windows in this issue) have
created the potential for damage to the UW network and UW computers. This potential
has made it necessary for Information Technology to take more aggressive measures to
protect UW’s network. IT is using tools to scan for vulnerable, unprotected and
infected computers connected to the network. When vulnerable or virus infected
computers are found Information Technology may disable the computer’s external
Internet access (computers will not be able to browse off campus Internet sites, but
will still have access to internal UW computer resources). In certain cases it may be
necessary to fully disable the computer from accessing the network. Information
Technology will attempt to forewarn customers when circumstances allow. In severe
cases it may be necessary to immediately remove computers from the network without
notice.
SPAM has grown into
a massive problem – not just at UW but nation-wide. Studies estimate that SPAM
represents between 40 and 60 percent of all email. The SPAM problem is a difficult one
to solve. Although SPAM filtering software is well-developed, even the most
sophisticated software occasionally misreads some legitimate messages, treating them
like SPAM.