Kansas State University


IT News

Author: Harvard Townsend (harv@ksu.edu)

Chief Information Security Officer

IT security training for 2012 now available

State policy requires that all state employees receive annual training in IT security. The 2012 version for K-State is now available and must be completed by all employees, including student employees, by July 31. This year’s training builds on the foundation of last year’s introduction to basic IT security topics. It contains a single module, has no narration and should only take 20-30 minutes to complete.

To take the training, go to the SecureIT training page, login with your eID and password, and click on part 1 of “2012 Secure IT @ K-State Training.”

Continue reading “IT security training for 2012 now available”

Warning: Increase in phishing scam emails trying to steal K-State eID passwords

Attention, K-State faculty, staff, and students.

Since the start of the spring 2012 semester, K-State has seen a significant increase in the number of phishing scam emails that are trying to steal eID passwords. Thus far, at least 10 K-Staters have been tricked into providing their eID and password to criminals under the guise of needing to upgrade their webmail account or exceeding the mailbox storage limit.

THESE ARE ALL SCAMS. K-State IT support staff will NEVER ask for your password in an email. Do not under any circumstances reply to these scam emails or click on a link in the email and fill out a form with your eID and password.

Abide by this simple rule and you will be safe from these scams and others:  NEVER provide your password to anyone in response to an email!

Continue reading “Warning: Increase in phishing scam emails trying to steal K-State eID passwords”

Network maintenance moved to 11 p.m.-3 a.m. Wednesday, Jan. 11

This Wednesday, Jan. 11, from 11 p.m. to 3 a.m., IT Services staff will install new routers and firewalls at the campus network border. During this maintenance window, the campus will likely experience brief outages of Internet connectivity lasting 5-10 minutes each (i.e., computers on campus will be unable to connect to anything off campus and vice versa during those few minutes). Also, K-State’s VPN service will be disrupted as that service is moved to the new firewalls. No other services should be affected.

The purposes of the project are:

  1. Replace aging border routers that will soon reach the end of support
  2. Install firewalls to improve security at the campus border
  3. Upgrade K-State’s connection with KanREN (and therefore the Internet) to 10 Gbps (this will tentatively happen on Jan. 15, pending arrival of appropriate interfaces for the KanREN routers)

If you have any questions or concerns about this maintenance window, call Harvard Townsend (785-532-2985) or email network@ksu.edu and security@ksu.edu.

Check the “Status of ITS resources” page for updated information

Enhanced wireless security went live July 12

On July 12, Information Technology Services increased the security of the wireless network by migrating from WEP to WPA2 Enterprise. K-Staters will find three new SSIDs (network names) in their list of wireless networks available on campus:

  • KSU Wireless (for all K-Staters)
  • KSU Guest (for campus visitors)
  • KSU Housing (for residence hall and Jardine residents only)

K-Staters will use the more secure KSU Wireless network. To access “KSU Wireless”, users will be routed to an automated configuration tool that requires signing in with an eID and password.

Campus visitors will use the KSU Guest network, which is unencrypted and will not require an eID/password. KSU Guest will be restricted to not allow access to K-State Online, webmail, iSIS, HRIS, Service-now, VPN, and the financial information system, which will protect those systems.

The current wireless network (k-state.net) that requires the WEP key will be disabled Oct. 25.

Our goal is to improve the security of the wireless network and simplify access. Since mid-June, SIRT and system administrators have been testing the new WPA2 Enterprise wireless network. Watch for more about WPA2 Enterprise in future articles.

For more information, see Wireless Networks at K-State and use the Wireless Network setup tool to configure your device.

Malware for Macs hits campus

Malware targeting Apple Mac computers was inevitable – hackers couldn’t continue to ignore this popular platform where users tend to be complacent because they buy into the myth that Macs are more secure. They are not inherently more secure; they’ve just been ignored by cybercriminals… until now. Several K-State departments have reported Mac computers infected with fake antivirus malware called MACDefender or something similar.

Like its Windows scareware counterparts, MACDefender tries to trick the user into buying useless or non-existent security software for up to $99 by convincing them their computer is infected. The only thing they’re infected with is the fake AV software, and those tricked into making the purchase give their credit card information to criminals.

Continue reading “Malware for Macs hits campus”

New device simplifies secure disposal of computer hard drives, tapes

K-State recently purchased a device that simplifies the proper disposal of magnetic storage media such as computer hard drives, tapes, and floppy disks. The device is a Garner HDTD-8800 DeGausser, for those who care about such details, which is basically a very strong magnet that scrambles data on the storage media in a manner that prevents recovery of the data. Located in K-State’s Recycling Center behind Weber Hall, Facilities staff now process all hard disks, tapes, and floppy disks with the degausser before disposal.

Continue reading “New device simplifies secure disposal of computer hard drives, tapes”

Update Java software now; computer attacks occurring

A vulnerability in Java, a programming language used in many applications and installed on most computers on the K-State campus, is being actively exploited on the Internet to take over control of computers. K-State’s network is being attacked many times a day, looking for computers to compromise via this vulnerability in Java, and at least three K-State computers have been compromised recently by this exploitThis vulnerability affects version 6 Update 23 or older of the Java Runtime Environment (JRE).

K-Staters need to:

  1. Update JRE in Windows to the latest version, which at the time of this writing is 6 Update 25 (Update 24 actually fixed the bug, so that version is safe too). You can get the latest version from Oracle’s Java website, or update it from the Java Control Panel in Windows.
  2. Configure Java to automatically check for and download updates in that same control panel. If configured for automatic updates, the Java icon (above) will appear in your system tray (usually in the lower right corner of the screen) to alert you that an update needs to be installed.

Continue reading “Update Java software now; computer attacks occurring”

IT security roundtable May 6: Traveling Safely

Summertime makes Manhattan seem like a ghost town as K-State students, faculty, and staff hit the roads and airways for distant lands. The potential rewards of personal and professional travel are great, but so are the security risks. Thus, this month’s IT security roundtable will discuss tips on how to travel safely so people can protect themselves from identity theft, financial fraud, and other threats related to information and technology while on vacation.

Join us 9-10 a.m. Friday, May 6, in Hale 501 (Hemisphere Room) to learn about: Continue reading “IT security roundtable May 6: Traveling Safely”

Two new staff join IT Security and Compliance

With the addition of two new staff to the security team in the office of Information Security and Compliance (ISC), K-State’s ability to protect information and technology resources is greatly enhanced.

Richard Becker, network manager in Computing and Telecommunications Services (CTS), will be joining the security team as a network security analyst. He started half-time on Monday, April 18, and will continue half-time in CTS until he becomes full-time in security on Monday, May 16. Continue reading “Two new staff join IT Security and Compliance”

More options for required IT security training available soon

Soon a new text-only version of K-State’s online IT security training will be available to allow people to move through the material at their own pace. Relevant information from the audio version that is not already displayed is being added to the slides to make sure all the content is covered. Watch InfoTech Tuesday for the announcement of this availability in early March.

Thus far, more than 850 K-State employees have completed the online version of the training, and 767 have attended the live version.

Continue reading “More options for required IT security training available soon”