Information Systems Connection

With several EMU email accounts having recently been compromised because the EMU mailbox owners were tricked into giving away their passwords, I feel I need to, again, remind the campus community that you should never, never, never give away your EMU password.  Did I mention NEVER?

Email messages are being sent to @emu.edu email addresses nearly every day with very clever messages that attempt to trick employees and students into thinking they need to reply or click on a link to go to a web page and provide their username and password.  Our systems block many of these but some inevitably get through our filters.

These are called “phishing” email messages which attempt to have you disclose your EMU email password.  The “phishers” want your username and password so that they can access your email account, not necessarily because they want info about you – although that could be the case in some rare circumstances.  Most likely it is because they want access to an email account from which to send spam – and when that happens to an EMU email account we are ALL put at risk of not being able to send email – because the big email processors (Google, Microsoft, Verizon, AOL, Yahoo) will quickly “blacklist” email servers that they see sending spam.  And the process of getting removed from a spam server blacklist is very difficult.

You can absolutely count on the following to be true:

1. Information Systems will NEVER ask for your password.
2. Information Systems will NEVER send you an email telling you that there is a problem with your account.
3. Information Systems will NEVER send you a link** to a page where you need to re-enter your username and password to “reset” your account.

Please – “just hit delete” whenever you see an email message telling you that something is wrong with your EMU account and you need to “do something” to fix it.  First, our systems would not have these kinds of problems and, second, if there is ever some kind of problem with your account we will NOT use email to communicate with you to resolve it.

I am baffled as to why users continue to be tricked by these messages.  Could it be that we are all drowning in email and we “just want to get through them” and which causes us to zone out and we don’t really stop to think about what we are doing when one of these trickery messages appear?

Slow Down!  Think!  Hit Delete!

Don’t fall for the clever come-on by the phisher!  Everyone is counting on you to “do the right thing” – JUST HIT DELETE!

** We may send you a reminder that your account password will expire in “X” number of days but our instructions will always be to go to MyEMU (my.emu.edu) and then click on the “Royal Password” link on the left column and follow the directions to change your password.

In 1995 EMU implemented its first campus-wide network using the Novell networking system.  At the time it was the most popular networking system in operation, particularly on college campuses.  Over time, Microsoft networking systems improved and by 2000 Microsoft became the predominant system used in commercial environments and colleges and universities also began migrating to it. EMU’s decision to move from Novell eDirectory (eDir) to Microsoft Active Directory (AD) networking came in the late 2000’s, primarily because we believed (and continue to believe) that having our core business system converted to a Windows server system (i.e. Jenzabar EX) prior to migrating to Microsoft networking would be advantageous in the long run.

Over a year’s worth of planning preceded our actual migration work.  This is a huge project and with countless connections and dependencies, many of which ordinary users will never see or recognize.  The main categories of work to be completed for the project are:

User Impact

In all of our planning efforts we have attempted to minimize disruptions for the users.  However, because we must “live in two worlds” (Novell and Microsoft) for nearly a year (June 2011 thru May 2012) at times it is necessary for us to “bridge” these two worlds with special procedures.  One of the most visible of these “bridges” is the need for users to enter their password in a second prompt when logging into the network.  This is a temporary procedure and will be eliminated when a user’s computer is upgraded to Windows 7.  For users of Lab Computers or Teacher Workstations, the second prompt should be eliminated at the beginning of the spring semester when these computers become part of the domain.

Information Systems will be moving files on the student Novell server (ST) to our Microsoft Royals domain servers.  This will change what happens when students and (some) employees log into the network during and after the moving is performed.  We want to make students, faculty and staff aware of the following details:

Date/time for the student data moving process:

Begins at noon on Thursday, 04 Aug
Ends at noon on Friday, 05 Aug

Student files that will be moved:

• Students’ P: drive files
• Students’ Z: drive files (for faculty, these are the W: drive files)
• Students’ G: drive files (few students have G: drives)
• Classdata V: drive files
• Apps M: drive files

(more…)

Criminals continue to develop increasingly clever ways to trick computer users into exposing their personal/confidential information, submitting their username and/or password, unknowingly downloading malicious programs onto their computers or falling for a money fraud scam.  This is yet another reminder for users to exercise caution, be skeptical and when in doubt, “don’t do it” – whatever “it” is that just doesn’t seem right.

What are some “best practices” for using the Internet?

1. UPDATE SOFTWARE: Keep your computer operating system and anti-virus software up-to-date.  Info Systems does this automatically for EMU owned computers. If a notification appears saying that an update is ready to install, allow it to proceed.
2. STRONG PASSWORDS: Make sure your passwords are strong.  They should be eight or more characters that include numbers, letters and at least one capital letter. Longer is better. They should NOT be your birthday or phone number, a person’s name or a word that is in the dictionary.
3. KEEP PASSWORDS TO YOURSELF: Never, ever give your password to someone else. Period!
4. THINK BEFORE YOU LINK: Financial institutions will never send you a link to use to login to your account. Whenever you receive any link in an email, don’t click it unless you really know where the link is going and that you have a good reason to go there. Just because it looks like a link (i.e. http://www.something-yadda-yadda) doesn’t mean it is the link that is displayed.  Most email programs allow you to hover over a link to reveal the actual web address that might be hidden by it.  When in doubt, don’t click it.
5. JUST HIT DELETE: You are not obligated to open every email you receive.  If you receive a message from someone unexpectedly become skeptical quickly. If the content seems “odd” be quick to delete the message.  If you receive an odd message from someone you know, contact them to determine if it was a legitimate message.  If it was and you deleted it, they can send it again.
6. CHECK USING GOOGLE: If you receive an email message that seems odd but you are curious to know if it might be a scam and you feel like doing some checking, select a phrase that is in the message and put it into Google surrounded by double quotes.  If it is a scam there is a high probability someone has already posted it somewhere on the net.  Scams and variations on them circulate on the Internet for years.

Things to remember if you receive a scam email message.

1. HIT DELETE: Deleting is always a good thing – and it is not necessary to notify Info Systems about messages you delete, regardless how strange the message may be.
2. MOST SPAM/SCAM MESSAGES CAUGHT: Info Systems cannot stop all scam/spam email from getting to your mailbox but we use some very powerful processes that prevent more than 99% of it from getting to you.
3. DELETE AND FORGET: There is nothing Info Systems can do to “track down” where the scam message originated.  Delete the message and forget it.
4. FAKE PLEAS FOR CASH: All “desperate traveler, pleading for assistance” messages are scams.  Be assured that your friend, whose name appears in the FROM field, did NOT really send you that message.    You can also be pretty sure that your friend has already been informed by others that these messages have been sent.  JUST HIT DELETE and go on to your next email.

Oops! You realize that your email account was compromised or that you were tricked and submitted information “you shouldn’t have” or downloaded some “bad stuff”.  What should you do now?

1. CHANGE PASSWORD: If you submitted your password, change it immediately and if it was for your EMU email account, please inform the Helpdesk that you did the “no-no” (and that you changed your password).  Knowing that an EMU account has possibly been compromised is information that is useful to us.
2. DON’T CLICK: Beware of “fake anti-virus” or “fake update” notices.  If you receive a pop-up stating that “unusual activity has been seen on your computer” you can be absolutely certain that this is not true.  Do NOT click anything that invites you to do so.  Close any open programs, preferably by using keystrokes. In Windows Use CTRL-TAB to switch to the program to be closed then ALT-F4 should close the active window. In Macintosh use COMMAND-TAB to navigate in the switcher to the program icon to be closed then, while still in the switcher, hit Q to quit the program.
3. PULL THE PLUG: If you realize that malicious code is in the process of being downloaded, disconnecting  your computer from the network or doing a power-button shut-down quickly are emergency measures that could limit the damage of malicious software downloads.  Be sure to perform a complete disk scan using your anti-virus software before reconnecting to the network to identify any malicious files that could have been downloaded.

Information Systems is undertaking a major systems change over the next year that will affect many of you at some point.  The successive versions of Novell NetWare software that EMU has used since the campus was networked in the 1990’s is being phased out in favor of Microsoft’s Active Directory and related products.  We anticipate better integration with other software as a result, as well as the ability to offer a broader range of services to the EMU community.  The main components involved in this change are:

1. Directory services, which stores all user accounts and provides central authentication to most other services, such as e-mail, myEMU and Moodle.
2. File services, providing network drives, such as P, Z and G.
3. Print services to all networked printers (which is most of them on campus).

Information Systems has committed a great deal of time and effort to ensuring that this transition is a smooth one.  However, this is a very complex project that involves many systems with many dependencies.  We ask for your patience and grace as there will likely be some hiccups and unintended consequences along the way that we will work to resolve promptly.

A number of system additions and changes have already been made, though the bulk of the effort for this project will be expended this fall.  The following approximate schedule has been planned:

Summer 2011

• Systems installation and testing.
• Pilot migration for one administrative department.
• Migration of student data.  (Because Info Systems doesn’t manage student computers, this task is relatively easy.)

Fall 2011

• Migration of administrative departments, requiring work to be performed on every computer in a department at a specified time.
• Migration of academic departments, requiring work to be performed on every computer in a department at a specified time.

Spring 2012

• Migration of remaining EMU-owned computers.

Another change that will occur at some interval after a department migrates from Novell to Microsoft is a move of computers running Windows XP to Windows7.  The upgrade to Windows7 will also provide us with the opportunity to upgrade Windows users to Office 2010. Our planning for Windows7 and Office 2010 upgrades is not yet complete but as soon as we finalize these plans, including training plans, we will announce them to the campus.

Look for more detailed information regarding the schedule and impact of all of these changes closer to the start of the fall semester.

During the March 24, 2011 test of the EMU Emergency Notification System (ENS) we asked you to confirm that you’d received the test message and tell us how you received it. Over 120 of you responded. Many of you confirmed that you’d received the test message multiple ways–through the Via Radio HEARO devices, through a browser pop-up alert on your computer, through a text message on your cell phone, etc.–and we appreciate that too. Each confirmation from you gave us a better picture of how our ENS system works.

And the system does work! Messages are delivered quickly and widely. More than eighty percent of those who responded received an emergency notification within three minutes of the test beginning.  Keep in mind these are response rates: many of those who received the messages didn’t respond.

The Crisis Management Preparedness Team (CMPT) will be reviewing these results and making plans to further improve communication speed and coverage. We welcome your ideas and suggestions. You can contact Jack Rutt at ruttj@emu.edu or by calling 540 432 4478 (x4478 on campus).

Also, if you haven’t signed up for EMU Alerts–the cell-phone text message portion of the ENS–please do so by visiting my.emu.edu/ics/alerts .

(more…)

Information Systems has selected 15 May 2011 as the last date of general Blackboard availability. We chose this date in collaboration with program directors and the Information Systems Planning Council (ISPC). It coincides with the end of faculty contracts for the 2010-11 Spring semester and precedes the beginning of many 2010-11 Summer classes.

Faculty should archive their courses and/or migrate those courses to Moodle before the 15 May 2011 deadline. Faculty teaching Summer 2010-11 courses should plan to use Moodle.

Documentation about archiving and migrating courses may be found in the Moodle FAQs. Please contact the EMU Helpdesk at helpdesk@emu.edu or 540 432 4357 (x4357 on campus) with any questions.

There will be a period of ID Card Amnesty now until September 4^th at 5:00pm. Students with damaged and broken ID cards can turn them in and have them replaced for free! Lost ID cards will be replaced for only $10. After September 4^th the rate returns to $25 for lost, damaged or broken ID cards.

Be sure to visit Learning Resources in the Library if you need a new ID before September 4^th to take advantage of this special offer.

Shortly after 2pm on Thursday, January 22, Information Systems will be testing the EMU Emergency Notification System. This test will involve sending a test message via the following components of the EMU Emergency Notification System (EMU-ENS):

1. E-mail to everyone-urgent@emu.edu: An e-mail message will be sent to this list which contains the @emu.edu e-mail addresses of every current EMU student and employee. The message will clearly state that it is a test message. The message will encourage you to click a link in the message which will take you to the EMU-ENS confirmation page to give you the opportunity to confirm that you received the test message.
2. Web page Critical Information Alert (CIA): An alert will be posted to the EMU portal page (www.emu.edu/portal) stating that this is a test of the EMU-ENS. It will encourage you to click the MORE INFORMATION link of the CIA posting which will take you to the EMU-ENS confirmation page to give you the opportunity to tell us that you saw the test message. The EMU home page will also include a small triangle icon which, when clicked, will take you to a display of the test message posted via the CIA system.
3. EMU Alerts text message (SMS): A test message will be sent to all persons who signed up for SMS messages on the EMU Alerts system. No confirmation process is available with the SMS txt message but we will receive a report from the e2campus system telling us how many text messages were sent successfully.
4. EMU Alerts e-mail: A test message will be sent to all persons who signed up for e-mail messages on the EMU Alerts system. This e-mail message will encourage you to click a link in the message which will take you to the EMU-ENS confirmation page to give you the opportunity to confirm that you received the test message.
5. Network Access Control notification: A test message will be sent to all computers connected to the campus network system that have been authorized on the network by our newly installed network access control (NAC) system. This should appear to the user as a pop-up web browser page and will present a link that you will be encouraged to click which gives you the opportunity to confirm that you received the test message.

This exercise is ONLY A TEST of the EMU Emergency Notification System. The messages sent using each of the methods described here will clearly show that it is a test message.

For each alert component, other than the text (SMS) messages, users will be presented with a link to confirm that they received the alert. We strongly urge you to click on the confirmation link so that we can determine how many persons responded to each of the alert types. You are encouraged to click the links from each of the alert types you are exposed to, even if you had already clicked a confirmation link from another type of alert message.

In some cases you may be asked to enter your Royal username and password which provides us with additional information as to who, within our campus community, received the various kinds of alerts.

Thanks for your participation in this important test of the EMU emergency notification system.

If you have any questions, please don’t hesitate to contact the Information Systems Helpdesk.

Computing resources for all EMU students are described in this PDF file. Resources include email, online storage, wireless, computer labs and Blackboard, the web-based course management system used by faculty to put course materials and collaboration resources online.