Recently in Security Category

Your privacy depends on your password. To keep your personal information secure, University IT Services recommends that you change your password regularly.

In keeping with best practices to secure the University's student, personnel, and financial records, University IT Services is making changes to our critical systems that will require all users to change their passwords at least every 90 days and use strong passwords. Strong passwords have a minimum length of eight characters, contain a mixture of upper and lower case characters and at least one digit and one special character (i.e., "#", "$", "&", etc.). You will not be able to reuse your last five passwords. In addition, to discourage password guessing to gain unauthorized access, critical systems will lock a user's account after five invalid login attempts.

The Technology Help Desk is putting in place a service that will enable them to provide assistance "24x7" to users who have forgotten their passwords or who are locked out of the system. University IT Services will make these changes to our critical systems as soon as "24x7" password support is available to the community.

More information about these changes will be provided in the next two weeks as we get closer to implementing these changes in how you will manage your password for critical systems.

IT Management Team

From PC Support Services

Summary: The Conficker worm (a type of computer virus) is attacking unprotected computers. Infected computers spread the infection further and may result in loss of data and exposure of personal information. Computers with the latest updates from Microsoft and Symantec are protected. If your computer is not protected, PC Support Services asks that you update your Windows operating system and your Symantec antivirus software. Please follow the simple instructions below, or call the Technology Help Desk at (973) 275-2222 if you are not sure if your computer is protected or if you want assistance updating MS Windows or the Symantec antivirus software.

Yesterday Microsoft Corporation released a critical security patch for Windows XP and Windows Vista users. This fixes a vulnerability that would allow malicious Web sites to inject viruses or other malware into your computer. University IT Services strongly recommends that all members of the University community apply this critical security patch.

If you have a University issued laptop or desktop computer, you probably don't need to take any action yourself. UITS configures the laptop and desktop computers it issues to automatically download and install critical updates from Microsoft.

If you are unsure if your computer is set to automatically update its software, or if you are concerned about a non-University issued computer that you use to access University IT systems, please call the Technology Help Desk at 973-275-2222. A technician can assist you in checking your system and, if necessary, downloading and applying any needed software updates.

Stephen G. Landry, Ph.D.
CIO

From Information Technology Services

Microsoft has identified a new and serious security vulnerability in Microsoft Internet Explorer. The "zero-day" vulnerability allows unauthorized individuals to take over computers by simply directing them to infected websites. Users do not have to download anything for their computers to become infected. The vulnerability affects all versions of Microsoft Internet Explorer.

In order to help protect your computer, an update from Microsoft must be downloaded and installed. Users with the Windows Update feature activated on their computers will get the patch automatically. If you are not sure whether your computer is protected, or if you want assistance downloading the patch, please call the Technology Help Desk at 973-275-2222. Instructions for installing the patch are provided below. After you install this item, you may have to restart your computer.

From Student Affairs and Enrollment Services

Laura A. Wankel, Ed.D., Vice President
Division of Student Affairs and Enrollment Services
400 South Orange Avenue
South Orange, New Jersey 07079-2684
Tel: 973-761-9075 Fax: 973-275-9797

At Seton Hall, one of our core community values is a recognition of the inherent dignity of each and every person. Unfortunately, not everyone shares our values. I am writing to you today to address the issue of the JuicyCampus website. As most of you know, JuicyCampus allows people to anonymously post comments about their institutions and their colleagues. Much of what is posted on the JuicyCampus website is hate speech and it is only worthy of condemnation.

As an institution, the University does not have any means at its disposal to realistically restrict access to the JuicyCampus website. However, that does not mean that we are powerless as a community.

First of all, I would ask all members of our community to avoid the website. The owners of the site make their money from advertising, and that source of revenue will soon dry up if no one is viewing their content. Second, keep in mind that this situation is an illustration of the tremendous power of speech. Words can hurt, but words can also heal. If you know of someone who has been hurt by something posted on the site, please reach out to them and let them know that you are there for them. Finally, if you think that a crime has been committed by the owners of the website (for example, by allowing the posting of personal contact information), please feel free to contact the office of the New Jersey Attorney General to file a complaint (http://www.state.nj.us/lps/).

Seton Hall has a mission to foster an environment of respect for all persons. This is part of why you chose to come here. This is a mission that requires that we all agree to do our part by living the values that we claim to hold. Thank you for all your efforts to strengthen our community by keeping Seton Hall a "home for the mind, the heart and the spirit."

Seton Hall University is completing a complete revamp of its Web site. This revamp has been led by a steering committee including faculty and administrators and the work has been done by a cross functional team from Public Relations and IT. The new Web site being constructed uses new technologies, including the CommmonSpot Web Content Management System for academic and administrative Web pages, Microsoft Expression for personal Web pages, and the Banner Luminis portal system for pages that require user login to access. As this work progresses, University IT Services will decommission the old Microsoft FrontPage Web servers. The current schedule for decommissioning the old MS FrontPage Web servers is as follows:

• On Wednesday, December 24th, at 12:01 AM, the MS FrontPage Web servers will become "read only." They will continue to serve Web pages to the Internet, but users will not have the ability to update or modify those Web pages.
• On Sunday, March 29th, at 12:01 AM, the MS FrontPage Web servers will be removed from the campus network. After that time, Web pages residing on the MS FrontPage Web servers will not be accessible from the Internet.

Any department or organization that still has Web pages on the MS FrontPage server should contact Marie Somers, Director of Web Development in University IT Services, at 973-761-7566 or via email at somersma@shu.edu as soon as possible to make arrangements to have those Web pages moved to one of the current Web servers.

Another wave of phishing emails has arrived.

"Phishing" is an email or Web site that looks as though it is from an official organization, such as a bank or credit card company, that is intended to trick you into revealing personal information. That information can be used for identity theft or other forms of fraud.

Members of the University community have reported receiving emails purporting to be from the IT group asking for user ID's and passwords. The email states that these are required because of an upcoming email upgrade. These emails have been sent to many colleges and universities. They are usually filtered out by the University's anti-spam system and appear in users' spam folder. The University is especially concerned by these emails, however, since users may assume these emails are somehow connected with the upcoming move from Lotus Notes to Microsoft Exchange. These emails are a phising attempt, and should be ignored.

Seton Hall University IT will never send you an email asking you to reveal personal information. Neither will most banks, credit card companies, or other legitimate businesses.

If you have any questions about whether or not an email is legitimate, or if you have any questions about SHU IT, please call the Technology Help Desk at 973-275-2222.

Steve Landry, CIO

University IT Services today released an updated draft of the University's Information Security Policy.

The Information Security Policy outlines a number of steps the University is taking to protect confidential information and the integrity of the University's information systems. It provides a framework for more detailed policies and procedures designed to further protect the University's information assets.

This revision was developed by Anand Malwade, IT Security Officer for in University IT Services. Anand recently joined Seton Hall University. Prior to coming to SHU, Anand was an IT security specialist for a major financial institution in NYC.

The revised Information Security Policy can be found online at:
SHU Information Security Policy DRAFT JUNE2008.pdf

This policy will be reviewed by the University's executive team and other constituencies over the next few weeks.

Please send any comments or suggestions regarding this draft policy to me (landryst@shu.edu) and Anand (malwadan@shu.edu).

Stephen G. Landry, Ph.D.