Home - Office and Services - Information Technology - Information Technology News
Information Technology News

Latest Posts

Network Security Update

By Ellen Holm on March 16, 2015

In the coming weeks, Colgate in conjunction with a third party provider (Grey Castle Security), will be scanning our network to identify specific vulnerabilities and to address immediate information security risks. They have specific expertise in working within the high education setting and have worked successfully with other NY6 schools in the past few weeks.

While our Acceptable Use Policy states “for security and network maintenance purposes, authorized individuals within Colgate University may monitor equipment, systems, and network traffic at any time to ensure compliance with the Acceptable Use Policy”, we wanted to inform the community. Hackers perform similar types of scans every day, all day.

Vulnerability scans look for misconfiguration, missing patches, and other security information that if unaddressed could lead unintentionally to an information security breach. We will not be able to, nor will we, read any data.

We do not expect any disruption in service. Please contact Ellen Holm, Director of Infrastructure Services, eholm@colgate.edu or Kevin Lynch, CIO, kplynch@colgate.edu with any questions or concerns.


Securing Personal Mobile Devices

By Ellen Holm on March 9, 2015

Many of us use personally-owned mobile devices to access Colgate resources, such as email. To protect against unintentional data loss and to reduce potential liability, use the following links to find instructions on how to secure your devices.

Enable a passcode on your device. A passcode secures your device, much like your ATM PIN. Choose a passcode that is hard to guess. Birthdays, anniversaries, sequences and “going around the keypad” such as 1397 are not good to use as passcodes.

How to set a passcode for your device:

Enable encryption on your device: Knowledgeable thieves can use a computer to bypass your passcode. Encrypting your device ensures that the data can not be read by others.

How to enable encryption on your device:

Enable location and remote-wipe features: If a device is lost or stolen you can remotely disable access to the device.

Here are the ways you can configure these services on your devices:

What is Confidential Data? Confidential Data are data that could have legal, reputational and/or financial damage to the University through loss, theft or unauthorized use or access and includes data protected by regulation, law, contract, and/or University policy. The following data types are Confidential:

  • Federally Protected Student Data under FERPA (e.g. SSN, Student Performance, Disciplinary Records)
  • Personally Identifiable Information (PII) under NY State (e.g. SSN, Bank Account, Driver’s Licence Numbers)
  • Student Loan Information under GLBA (e.g. SSN, Financial Aid Status, Bank Account Numbers, Personal Tax Records)
  • Protected Health Information (PHI) under HIPAA & NYS MHL (e.g. Health Insurance Information, Physical & Mental Health Condition)
  • Credit Card Holder Data under PCI-DSS (e.g. PAN, CVV, Expiration Dates)
  • Donor Information (e.g. Bank Account Information, Estate Records, Names, Addresses, Donation Amounts)
  • Account Authentication Data (e.g. Passwords, Passcodes, PINs)
  • Government Issued IDs (e.g. Driver’s License Numbers, Passport Numbers, Visa Documents)
  • Disciplinary Records (e.g.  EGP Investigations, Campus Safety Records)
  • Faculty and Staff Personnel Records (e.g. Promotion and Tenure Files, Performance Reviews, Payroll Information)
  • Confidential Governmental Data (e.g. data identified by US Government regulations)

Contributors: Peter Setlak and Mark Hine.


Can Colgate ban Yik Yak?

By Ellen Holm on February 19, 2015

Like any website or Internet-based service, Colgate could use firewalls to block users of our network from accessing Yik Yak. Decisions to block access to any service or website are made extremely carefully – balancing security needs with the protection of privacy and freedom in education. Additionally, blocking Yik Yak would not preclude individuals from accessing and posting to Yik Yak through other means.

Several colleges have blocked Yik Yak from their networks, including Utica College and Augustana College, but posts continue. Yik Yak requires a mobile device with an Internet connection and presence within a geographic area. When Yik Yak does not have a successful wifi connection, it will automatically flip to use the mobile device’s cellular signal to ‘yak’ within an area.  In other words, anyone in the area with an active mobile Internet connection can post to Yik Yak without using our wifi. ‘Yakkers’ need not even be Colgate students, staff or faculty. For these reasons, even when other colleges have blocked Yik Yak, the posts have continued with individuals ‘yakking’ through the cellular network.

If you see a post that threatens physical violence on Yik Yak or through other online activity, please preserve the information through a screen capture of the post and note the time you viewed the post. For e-mail, please preserve the e-mail. To report a threat, please call Campus Safety through the emergency line (x7911) or through the routine line (x7333).

 


ITS ALERT: Phishing Email, February 17, 2015

By Peter Setlak on February 17, 2015

ACTION REQUIRED:  PHISHING EMAIL / SECURITY ALERT

OVERVIEW:

A phishing email has been reported. The email has the subject, “Review Documents”

WHO DOES THIS AFFECT?

Everyone on campus is urged to take caution when using email.

WHAT YOU SHOULD DO:  

1. Delete the email.

2. Never give out your username and password.

3. Never click on links in emails that are unsolicited.

If you have questions, need assistance, or replied to the email, please open a ticket with the help desk or call x7111.

To learn more about phishing and how to spot it, please visit http://colgate.edu/itsecurity/phishing

Thank you for your patience and cooperation.

To see a copy of this particular phishing email, continue reading.

Read more


ITS ALERT: Phishing Email, February 12, 2015

By Peter Setlak on February 12, 2015

ACTION REQUIRED:  PHISHING EMAIL / SECURITY ALERT

OVERVIEW:

A phishing email has been reported. The email has the subject, “Failure to comply may result in the loss of your account within the next 24 hours.”

WHO DOES THIS AFFECT?

Everyone on campus is urged to take caution when using email.

WHAT YOU SHOULD DO:  

1. Delete the email.

2. Never give out your username and password.

3. Never click on links in emails that are unsolicited.

If you have questions, need assistance, or replied to the email, please open a ticket with the help desk or call x7111.

To learn more about phishing and how to spot it, please visit http://colgate.edu/itsecurity/phishing

Thank you for your patience and cooperation.

To see a copy of this particular phishing email, continue reading.

Read more


ITS ALERT: Phishing Email, December 23, 2014

By Peter Setlak on December 23, 2014

ACTION REQUIRED:  PHISHING EMAIL / SECURITY ALERT

OVERVIEW:

A phishing email has been reported. The email has the subject, “Brian Has sent you a Document,” and is made to look like a file shared through Google Drive.

WHO DOES THIS AFFECT?

Everyone on campus is urged to take caution when using email.

WHAT YOU SHOULD DO:  

1. Delete the email. 2. Never give out your username and password. 3. Never click on links in emails that are unsolicited. If you have questions, need assistance, or replied to the email, please open a ticket with the help desk or call x7111.

To learn more about phishing and how to spot it, please visit http://colgate.edu/itsecurity/phishing

Thank you for your patience and cooperation.

To see a copy of this particular phishing email, continue reading.

Read more


Can Colgate Identify Yaks and Email?

By Peter Setlak on December 10, 2014

Can Yaks be tracked back to an individual if they are using Colgate’s network?

If a user or Colgate has a concern about the content of a post, we can work with law enforcement who, with additional information, can determine whether they have enough information to issue a subpoena to Yik Yak.

On their website, Yik Yak states: “When Yik Yak receives a request for user account information from a government agency investigating criminal activity, the Yik Yak team reviews each request to be sure that it satisfies all legal requirements. Yik Yak’s legal policy can be viewed here:http://www.yikyakapp.com/legal.

ITS can log registered devices that access Yik Yak from Colgate’s network; however, all of the communications are encrypted and the contents are unreadable. We may be able to see what devices are accessing the application, but we cannot distinguish between Yaks, updates, views, and votes. Due to the volume of use at Colgate, there are often multiple simultaneous connections at any given moment, so specific actions (posts, updates, views, votes, etc.) cannot be tied to an individual user based on our logs alone.

Can Colgate track the sender of an email?

Colgate can only accurately track the origin of emails sent using university email accounts.  Since the university issues all @colgate.edu accounts, we can easily identify the sender. Colgate performs investigations involving email and other forms of electronic communications only in accordance with its Stewardship and Custodianship of Email policy.

If a user sends an email from a provider such as Google, Yahoo or Outlook.com, we can only track it back to the service – not to the sender. Even though Colgate utilizes the Google platform as our email service provider, we do not have any access to user information for Google accounts created outside of our Colgate domain.

Outside email providers are protective of their users’ identity, and will only disclose user information as result of a subpoena, search warrant or court order from law enforcement officials. As one example, here is a quick video showing how Google responds to requests for user’s information.

 


ITS ALERT: Phishing Email, December 1, 2014

By Peter Setlak on December 1, 2014

ACTION REQUIRED:  PHISHING EMAIL / SECURITY ALERT

OVERVIEW:

A phishing email trying to trick users into giving up their username and password has been reported. The email has the subject, “Your mailbox is almost full.”.

WHO DOES THIS AFFECT?

Everyone on campus is urged to take caution when using email and to be aware that Colgate ITS will never ask for your username and password. Also, ITS will never ask you to update or confirm your email account via email due to congestion, deactivation or lack of use. Additionally, all users are urged to use strong passwords on all their accounts.

WHAT YOU SHOULD DO:  

1. Delete the email.
2. Never give out your username and password.
3. Never click on links in emails that are unsolicited.

If you have questions, need assistance, or replied to the email, please open a ticket with the help desk or call x7111.

To learn more about phishing and how to spot it, please visit http://colgate.edu/itsecurity/phishing

Thank you for your patience and cooperation.

To see a copy of this particular phishing email, continue reading.

Read more


ITS ALERT: Phishing Email, November 11, 2014

By Peter Setlak on November 11, 2014

ACTION REQUIRED:  PHISHING EMAIL / SECURITY ALERT

OVERVIEW:

A phishing email trying to trick users into giving up their username and password has been reported. The email has the subject, “Failure to comply may result in the loss of your account within the next 24 hours.”.

WHO DOES THIS AFFECT?

Everyone on campus is urged to take caution when using email and to be aware that Colgate ITS will never ask for your username and password. Also, ITS will never ask you to update or confirm your email account via email due to congestion, deactivation or lack of use. Additionally, all users are urged to use strong passwords on all their accounts.

WHAT YOU SHOULD DO:  

1. Delete the email.
2. Never give out your username and password.
3. Never click on links in emails that are unsolicited.

If you have questions, need assistance, or replied to the email, please open a ticket with the help desk or call x7111.

To learn more about phishing and how to spot it, please visit http://colgate.edu/itsecurity/phishing

Thank you for your patience and cooperation.

To see a copy of this particular phishing email, continue reading.

Read more


FAQ: How do I get “Header Information” from an email?

By Peter Setlak on November 11, 2014

When working through email problems with ITS, you may be asked for the email’s header information. This information contains details used by the email servers to route your message from computer to computer and finally to your inbox. This information is useful to ITS staff in and essential for troubleshooting email delays or for finding the true origins of phishing emails. Below are four ways to gather this header information (sometimes called, “raw source”). Once you get the header info, you can cut and paste it into a trouble ticket or email the text itself to an ITS staff member assisting you with your problem. Read more

css.php