Security Improvements Will Require Strong Passwords
04/21/2005
When you log into online services such as StuInfo, mail.msu.edu, or the Human Resources system, your NetID and password verify your identity. MSU uses a popular authentication scheme known as Kerberos to see if the NetID and password you enter are valid.
On May 11, 2005, ACNS plans to upgrade its Kerberos authentication service from version 4 to 5. Users should not notice any changes. However, new strong password rules will go into effect that day; if you change your password on or after May 11, you’ll have to follow the new rules. The rules are:
- Your password must be 8 characters long or longer
- The password must contain:
- At least one upper case letter
- At least one lower case letter
- At least one digit (numeric character)
Passwords that follow these guidelines are much harder for a human or an automated attacker to guess. If you find it hard to remember passwords that meet these conditions, one mnemonic is to make up a nonsensical sentence, such as:
I fed the cat 2 too many treats last night
Take the first letter of each word as your password. This yields a password of:
Iftc2tmtln
which meets all of the conditions for a strong password.
Moreover, when you change your password after May 11, it will be encrypted using a more robust encryption scheme (known as ‘Triple DES’). The combination of strong passwords and better encryption will greatly enhance password security.
Although you don’t have to take any action on May 11, all users will need to change their password before September 27, 2005. On that date, if you have not changed your password, your MSU NetID will be disabled. ACNS plans to e-mail reminders periodically to customers who haven’t changed their password as September 27 approaches.
More details appear in Frequently Asked Questions format at:
http://techbase.msu.edu/viewpathfinder.asp?id=3973
System administrators do not need to make any changes, as the new service will operate in Kerberos 4 compatibility mode. However, if you support an application that depends on Kerberos, we urge you to test the application prior to May 11. Sysadmins can find more information on testing the new system in advance of the upgrade by visiting http://msu.edu/service/afs/migrate
Beware: Change Tracking in MS-Word Could Reveal Your Prior Thoughts
04/18/2005
Members of the MSU community who write sensitive or official documents should beware of the possible ramifications of using some features of Microsoft Word:
– The “Track Changes” feature allows the author and collaborators to review changes to a document under revision.
– The “Insert Comment” feature allows a reviewer to add a comment akin to a yellow sticky note for others on a team to see.
– The “Versions” feature allows you to save a snapshot of the document every time you reach a milestone in editing.
If you send the final version of your document as a Word .doc file, you may leave historical versions of text that have long since been edited away. You may not even be aware of this; for instance, if you’re looking at the “Final” view (as opposed to “Final Showing Markup”) in Word 2003, your text truly appears to be the final version.
One solution is to use Adobe Acrobat PDF to distribute final versions of documents. You can convert from MS-Word to PDF using the Acrobat Distiller or various third party tools.
Another, more involved solution requires accepting all changes and removing all comments and prior versions. For more information please see http://techbase.msu.edu/viewpathfinder.asp?id=3961&service=help
New Guide Aids Review of Computer and Network Security
04/18/2005
The need for vigilance in guarding the security of our computers and networks is intense and growing every day, and needs to be practiced at all levels of the University. To assist unit administrators and their IT staff with this effort Libraries, Computing & Technology has published online a document entitled: “Computer and Network Security: Questions Everyone Should Ask.”
This guide poses questions about security procedures intended to promote useful discussion regarding effective security practices. Computer and network security is complex and changes rapidly, and this document is not intended to be comprehensive — links to several very comprehensive, expert and actively-updated security resources are provided in the guide.
The guide appears in Acrobat PDF format at:
http://lct.msu.edu/documents/securityformsuadministrators.pdf
Notice of the publication of this guide was sent to MSU Deans, Directors, and Chairs. A copy of the text of that notice appears at:
http://techbase.msu.edu/viewpathfinder.asp?id=181#15298
Breakfast Series Session Explores Hybrid / Blended Courses
04/14/2005
MSU Virtual University Design and Technology (vuDAT) invites you to attend the next session in our ongoing Breakfast Series: Online Pedagogy and Best Practices: Adventures in Online Teaching and Learning
DATE: Wednesday April 20, 2005
PLACE: Main Library, North Conference Room, 4th Floor, West Wing
TIME: 9am-10:30am (8:30am for refreshments)
TOPIC: Anatomy of a Hybrid Course
– Demonstration of an ongoing Hybrid/Blended Course
– Demonstration of video use in a Hybrid/Blended Course
– Question and Answer segment
PRESENTER: Dr. Gail M. Dummer, Professor, Department of Kinesiology, Michigan State University.
SERIES LEADER: Barbara Truitt Beckmeyer, Producer
FACULTY ADVISORS: Carrie Heeter, Susan Melnick, and Joan Predko
For more information, please contact Barbara Truitt Beckmeyer at beckmey3@msu.edu
If you are unable to attend this session you may find it archived on
Teach Online @ http://teachonline.msu.edu/
Workshop to Explore Combining Online and Traditional Instruction
04/11/2005
A three day workshop beginning May 18 will assist instructors who teach ‘hybrid courses’ those courses that combine online and traditional elements. Sign up by April 15 for this limited-enrollment class.
Hybrid courses combine the best aspects of online and traditional instruction for a flexible learning experience that benefits students, faculty, and administrators. The hybrid courses at MSU promote active, participatory learning, enhanced by using technology, in which classroom seat time is reduced and redesigned.
This three-day workshop enables participants to develop their hybrid course ideas with access to a team of professional designers experienced in creating online coursework. Virtual University Design and Technology (vuDAT) producers will explore: 1) workload expectations and management; 2) decision-making suggestions; 3) communication tools; 4) preparation of students for the experience; and 5) assessment options.
The workshop will include hands-on activities, discussion of best practices, and opportunities to design and review projects for courses in a collaborative environment. The online portion will be available to participants after the workshop is complete.
Faculty should come with an existing course to ‘hybridize’ and be comfortable with basic computer technology, e.g., navigating the internet, using e-mail, using Microsoft Office and a Learning Management System.
To ensure personal design assistance, the workshop is limited to 12 participants. Online applications available at http://www.vudat.msu.edu/hybrid.php and are due April 15. Notification will be April 22.
Patti Banyas holds a BFA in Visual Communications from Kendall College of Art and Design, a MA in Telecommunications (Digital Media Art and
Technology) from MSU, and is currently enrolled in a PhD program in
Educational Psychology at MSU.
This workshop is co-sponsored by the Office of Faculty and Organizational Development and the Office of Libraries, Computing & Technology.
There is no fee for MSU faculty to attend this event. The workshop takes place Wednesday – Friday, May 18 – 20, 2005 8:30 a.m. at 4:30 p.m. Breakfast and lunch are included. Presenters include MSU Virtual University Design and Technology Team, led by Patti Banyas. The event will take place on MSU?s campus, location to be announced.
Service Status Tools Tell You Whats Up and What’s Not
04/11/2005
It’s a fact of life with computing: despite our best efforts, sometimes computers or networks experience outages. And all computer systems need occasional hardware or software maintenance. You can find out what’s up or down or what’s scheduled for maintenance work using the service status reporting system.
ACNS uses a tracking database to manage customer contacts and problem reporting. We also use this system to track production service outages. When a service goes down unexpectedly, ACNS Operations posts an Alert notice. The Alert will remain active until the problem is resolved. Operations staff or systems managers will update the Alert as conditions change or new information becomes available.
When a system manager needs to take a service offline for maintenance, a notice of Scheduled Maintenance is entered into the database.
Where can you see these notices? Several places:
- ACNS’ Computing help page, http://help.msu.edu , shows active Alerts, Scheduled Maintenance, and Recent Activity (Alerts and Maintenance within the last 72 hours).
- Currently active Alerts appear on the http://computing.msu.edu home page. (To reduce clutter, only current Alerts show on this page.)
- At http://help.msu.edu/status customers can interrogate the tracking database via the Web. The other views of this information are displayed using a technology called RSS and may be delayed up to five minutes; help.msu.edu/status pulls information directly from the database as you click.
Sometimes you want to know what was down, not what is down. For instance, let’s say you are a professor and want to know for sure that the brief ANGEL outage your students report really took place last night. From any of these pages, click on the View Past Activity link to see historical outage information. You can even go back in history 30 days or up to a year.
Some people may want to be notified via e-mail when a service outage occurs. We’ve set up three LISTSERVs to meet this need:
- Servicestatgen is for most users. An e-mail will be sent anytime an outage (Alert) or scheduled maintenance event of a production system occurs, and when it is closed.
- Servicestatdet is for those customers who want the most details. An e-mail will be sent for each update that is posted during an outage (Alert) or Scheduled Maintenance during the life cycle of an event.
- Servicestatalrt is for those customers who want to only receive information about outages (Alerts). An e-mail will be sent anytime an outage (Alert) of a production system is initially created and when it is closed.
For details on signing up for these mailing lists, please click on “Subscribe to the Service Status Listserv” link at the bottom of the status page at http://help.msu.edu/status.
While we strive to ensure that the information in the status tracking system is up-to-the-minute, the system can’t achieve perfection:
- At the beginning of an outage, we may not know what the problem is. Our goal is to put up an Alert promptly, even if all we know is that some customers are reporting an issue.
- Some failures will inhibit reporting. For instance, a network outage may interfere with your ability to reach the status pages, or a problem with LISTSERV will prevent status e-mails from going out
ACNS Operations primarily manages the services status reporting system. ACNS and Administrative Information Services (AIS) are working to include status of AIS services as well. In fact, AIS already regularly posts information about maintenance as well as any major outages involving AIS services.
Understanding Open Source Software (WKAR Radio Interview)
04/03/2005
WKAR’s Scott Pohl discusses open source software with Rich Wiggins. What does “open source” mean? Why might you choose it?
Listen to the discussion by visiting:
