Category Archives: Security

Tech Day will be held on September 25

Tech Day 2014Do you have technology questions and don’t know who to ask? Have you ever wondered who all these “IT” folks are and how they can help you? Do you like free stuff? If you answered yes to any of these questions, you’re in luck!

The HSPH Information Technology department is hosting a Tech Day on:

September 25th from 12:30 to 2 in the Kresge Cafeteria Atrium

We’ll be showing off the latest tech from tablets to video conferencing, hosting mini-talks, and raffling away prizes.

Come join us, meet the team, and have a great time.

Tentative Agenda

Tables:

  • Dell — representatives from Dell will have the latest laptop, tablets and other machines available through the Harvard contract.
  • Harvard TPC — representatives from Harvard’s Technology Product Center will have the latest Apple products available through the Harvard contract.
  • Office 365 — User Services Team will demonstrate Office 365, a cloud-based email that HSPH will be migrating to in 2015.
  • WordPress — the HSPH web team will demonstrate and explain the School’s site-wide responsive design on a variety of devices.
  • Canvas — Media and Educational Technology Services (METS) will demonstrate Canvas, the learning management system that HSPH and Harvard are rolling out over the next year.
  • MediaSite — METS will demonstrate MediaSite, HSPH’s new course capture system that was launched in September 2014.
  • BlueJeans – BlueJeans video conferencing will host a remote session to demonstrate their video conferencing bridging service.
  • Virtual Desktops – The server team will be demonstrating our new virtual desktop, which will allow you to work on the same desktop from anywhere…

Tours:

  • We will offer quick 10 minute tours of the two new distance learning studios in Kresge LL and the HSPH server room.
Tech Day 2012

Hundreds of people stopped by a previous tech day to view new products and services.

Mini-talks (15 minute Q&A talks in Kresge 110):

  • Apple support: What do we offer?
  • Personal security (HRCI, Encryption, Privacy, and Virus Protection)
  • Digital signage
  • Google analytics
  • General Q & A

Vulnerability in Microsoft’s Internet Explorer

Updated: Wednesday, April 30th
Dear Members of the Harvard Community,
The U.S. Department of Homeland Security recommends that all users temporarily discontinue the use of Microsoft Internet Explorer (IE) due to a critical security flaw.
Harvard Information Security recommends that all members of the Harvard community use another browser, such as Mozilla Firefox or Google Chrome, until a fix has been issued for IE.
If Harvard internal sites require the use of IE, please limit use to those specific sites.
For more information about this flaw, please visit the Harvard Information Security website, security.harvard.edu.
Sincerely,
Christian Hamer
University Chief Information Security Officer

___________________________________

Tuesday, April 29th

Many of you may have heard or read in the news of the recent vulnerability in Microsoft’s Internet Explorer. Microsoft has released a work around until a patch is designed to fix this issue. SPH IT is now pushing out this work around to SPH configured Windows 7 PCs. Once this is done the risk is mitigated until the patch is released fixing the vulnerability.

For those not using a Windows PC configured by the SPH IT department or using any Windows XP PC (which is no longer supported by Microsoft and will not be patched at all) we recommend not using Internet Explorer but use a more secure web browser, such as Firefox or Chrome, for all non-Harvard web sites.

Please contact the Helpdesk (helpdesk@hsph.harvard.edu or 617.432.4357) with any questions or concerns.

Thank you,

Bill Mahoney
Director, Information Technology

 

New Policy on Access to Electronic Information Posted

Harvard University has posted a new University-wide policy on access to electronic information.

The policy on electronic information is grounded on six important principles:

  • Access should occur only for a legitimate and important University purpose.
  • Access should be authorized by an appropriate and accountable person.
  • In general, notice should be given when user electronic information will be or has been accessed.
  • Access should be limited to the user electronic information needed to accomplish the purpose.
  • Sufficient records should be kept to enable appropriate review of compliance with this policy.
  • Access should be subject to ongoing, independent oversight by a committee that includes faculty representation.

Read the full Harvard Gazette article.

Guidance on the “Heartbleed” Internet security vulnerability

To All SPH Faculty, Staff, and Students:

Last week, a security flaw dubbed “the Heartbleed bug” was discovered in a common Internet security protocol (OpenSSL) that protects credentials, such as usernames, passwords, and credit card numbers. An explanation of this flaw can be found on the Harvard Information Security website at: http://security.harvard.edu/heartbleed.  Harvard IT professionals across the University, and our own server team, web team, and Andy Ross our security manager, acted quickly to assess and patch any websites or applications that may have been vulnerable.  The Harvard PIN system and other enterprise applications were not affected as a result of Heartbleed, and Harvard Information Security currently has no indication that any information has been compromised.

Although there is a low risk that your Harvard account credentials were compromised, you are at greater risk if you use the same password for your Harvard accounts as for your personal accounts, such as personal email, social media, and other websites. We strongly recommend that you change your Harvard password immediately if you have also used it for external non-Harvard accounts.   Furthermore, it is important to not use the same password for Harvard and personal accounts going forward. It is always good practice to periodically change all your account passwords, and this may be a good opportunity to refresh your Harvard passwords even if you believe you are at low risk of being affected by Heartbleed.

You can find full instructions on how to change your Harvard passwords on our I/T Dept. website at: http://isites.harvard.edu/fs/docs/icb.topic731455.files/password_information_41414.pdfIf you have an SPH encrypted laptop,  pay close attention to the instructions under section 2.2 and 2.3.   Also, BEFORE changing your OUTLOOK Email password (see section 2.5), be sure to turn off all your portable devices (iPhone/iPad/Android/Tablet), to avoid your email getting locked out on that device.

If you have any questions or concerns about this security issue or need assistance to change your passwords, please contact the Helpdesk at 617-432-HELP or Helpdesk@hsph.harvard.edu  (Mon-Fri: 8 a.m.-6 p.m.)

Taso Markatos
CIO, SPH I/T Dept.

Fraud/Phishing alert from Bank of America

Bank of America has contacted Harvard University to make us aware of a recent email scam that has affected the University of Michigan and two local schools. The emails will appear to come from an official University department with a link asking employees to either confirm their login information or update their payroll or Open Enrollment benefits. If employees enter their data, it is captured by the perpetrators of the fraud. Once that credential data is captured, the information may then be used to change direct deposit information.

As always, please be suspicious of any link in email. If asked to log in to PeopleSoft or another sensitive system, do not follow the link. Instead, enter the URL directly into your web browser, or connect via a trusted source such as harvie.harvard.edu.

If you suspect that you are the victim of a fraudulent email, please contact the HSPH Helpdesk for support.

Thank you

National Cyber Security Awareness Month Events

In recognition that October is National CyberSecurity Awareness month, Harvard University Information Technology Security will be conducting information security briefings in the LMA area for faculty, students and staff.

Two will be at the Harvard Medical School (HMS) and one at the School of Public Health (SPH).

Below is the schedule:

October 4th 10 – 11 am at HMS TMEC 227

Topics: Cloudy with a chance of identity theft. Why a good password is very often your best defense   and  Is it ever not social? Protecting yourself in the age of social networking.

October 10th 12 -1 PM at SPH Kresge G1

Topics: Is it ever not social? Protecting yourself in the age of social networking.  and  Have device, will travel. How to be mobile and safe.

October 17th 2 – 3 pm at HMS TMEC 227

Topics: Have device, will travel. How to be mobile and safe.  and  Taming Lions, Tigers…..and Windows, Turn your operating system into a lean, mean, malware fighting machine.

Please come out and participate in a practical discussion on how to maintain your privacy.

Summer Security Tips

As HSPH faculty and staff begin heading out for the summer, we want to remind everyone of some important information security policies.

  • Harvard policy requires that all Harvard-owned laptops must be encrypted. If your laptop is not encrypted, please call our Helpdesk (432-help) to arrange for laptop encryption.
  • If you are traveling outside of the U.S. with an encrypted laptop or device, please consult the following link for some important information:
  • High Risk Confidential Information should not be stored on any mobile device (laptop, netbook, smart phone, USB key, etc.)
  • This fall the Information Technology Department will resume hosting information security briefings to update the HSPH community on new policies and changes regarding data security.

Thank you,
HSPH Department of Information Technology

HSPH Secure Passwords Rescheduled to Monday, Feb 7th

Date changed to Monday, February 7th due to weather.

On Monday, February 7th, we will complete our secure password migration for all HSPH systems. This will only affect a small number of HSPH users.

For those of you who have already completed this process in July-September, there will be no change on Thursday.

Each user affected will be required to reset their password after logging into either Novell on a computer or the Groupwise email system.  

Additionally, we have rolled out a new service that will allow you to reset your password 24-7-365 without having to call the HSPH Helpdesk.

To use the HSPH self-service system, each user will be required to establish four security challenge questions.

Starting on Thursday, you can visit https://password.sph.harvard.edu to setup your challenge questions and change your password.

It should take users no longer than 5 minutes to make the required changes.

For complete information on secure passwords and screen shots outlining the process, please visit:

HSPH Complex Password Policy ( http://isites.harvard.edu/fs/docs/icb.topic745555.files/complex-password-policy-email.pdf )

Please contact the Helpdesk at 617-432-4357 or helpdesk@hsph.harvard.edu if you have any questions.

Thank You!
HSPH IT Helpdesk

Data Loss Protection Software Implemented at HSPH

The fourth item in Harvard University’s Information Security Mandate “Finding High Risk Confidential Information (HRCI),” requires that each School must ensure that all University-owned computers and servers are annually scanned to locate High Risk Confidential Information (HRCI).

In response to this University mandate and over the next few weeks, the HSPH Department of Information Technology will begin deploying a new security product called Data Loss Prevention (DLP), from McAfee.  This product will be used to scan all HSPH-owned PC’s and servers for HRCI annually. Once the automated scan of your computer is completed, each user will receive an email from the DLP system, listing any files which meet the preset patterns for HRCI, such as social security numbers. The user is then responsible for investigating and remediating the information as necessary.

As a reminder to everyone, the Harvard Enterprise Information Security Policy states that no High Risk Confidential Information may be stored on any PC, laptop or other portable media, and approval must be obtained from the University and school Security officers  prior to storing any HRCI data on a secure server.

The University’s complete Information Security policy can be found at: http://www.security.harvard.edu/
Note: this offering is for PCs only, Macs are not targeted at this time.

For questions or assistance with this policy, please contact Andy Ross, HSPH Security Manager at 617-432-1279 or aross@hsph.harvard.edu.

Computer System Maintenance on Thursday, September 16, 2010

On Thursday evening, September 16th, we will be performing our normal system maintenance to all servers and network equipment.

The maintenance window will last from 7:00 PM til 1:00 AM.

The following services will have one or two small outages:
(You can continue to work, but may have brief pauses while services restart)

The following services will be unavailable for the duration of the maintenance window:

The IT Department recommends that you reboot your PC after any system maintenance.

This will ensure that the proper software updates are applied to your computer.

Be Green!  We also request that you shutdown your PC before you leave everyday.

All future planned maintenance windows are Thursday nights from 7PM to 1AM and on the following dates:

  • 10/14/2010
  • 11/11/2010
  • 12/16/2010