Issue 2 - Texas Tech University Health Sciences Center

Transcription

Issue 2 - Texas Tech University Health Sciences Center
TechTalk
The official newsletter of the TTUHSC Information Technology Division
Network Access Control
Page 2
Merlin: The New Online
Admission Wizard
Page 4
Desktop Best Practices
Page 6
Volume III, Issue II
February 2009
In This Issue:
Message From The CIO .................................. 1
Portal How To’s ............................................... 5
Meet Lubbock PC Support Team .................... 3
TechLink Conversion to H.323........................ 7
PHI & PI in Portable Devices .......................... 4
Update on Data Center Upgrades.................... 7
techtalk
Editor: Amy Santana
Editorial Team:
Vickie Gustafson
vickie.gustafson@ttuhsc.edu
Crystal Hernandez
crystal.hernandez@ttuhsc.edu
Amy Santana
amy.santana@ttuhsc.edu
INFORMATION TECHNOLOGY (IT)
DIVISION CONTACT
INFORMATION
AMARILLO:
1400 S. Coulter Street
Amarillo, TX 79106
(806) 354-5404
helpdesk.amarillo@ttuhsc.edu
EL PASO:
4800 Alberta Avenue
El Paso, TX 79905
(915) 545-6800
elp.helpdesk@ttuhsc.edu
www.ttuhsc.edu/elpaso/it
LUBBOCK:
Technology Services and
Information Services
3601 4th Street - STOP 9083
Lubbock, TX 79430
(806) 743-2870 - Reception
(806) 743-2875 - Help Desk
ithelpdesk@ttuhsc.edu
www.ttuhsc.edu/it
Office of the CIO and
HealthNet Education Services
3601 4th Street - STOP 7755
Lubbock, TX 79430
(806) 743-1500 - Reception
(806) 743-1555 - HealthNet
message
from the
chief
information
officer
The Network Infrastructure Upgrade (NIU) project is nearing completion. Now
that the spring semester is underway, we will be completing the installation of
new network infrastructure at our campus in Amarillo. There are three major
benefits of the new network for our institution. The wired and wireless networks
will be faster, we will have the ability to shape and allocate network resources
to ensure mission critical services receive priority, and the security of the
technology infrastructure and our data will be enhanced.
One of the articles in this edition of TechTalk highlights Network Access Controls
(NAC). NAC is one of the new network security services that will be enabled in
the new network. NAC will permit the Health Sciences Center to ensure network
users are authorized to be in the area of the network they are trying to access.
Additionally, NAC will provide the tools which are needed to make sure devices
gaining access to the network are up to date on required security patches and
have virus protection enabled. If the patches are not current, the device will
be granted limited access to the network and tools will be provided to update
the security posture of the device. NAC will impact everyone, so take a few
minutes to read the article. Some will see NAC as an inconvenience, but in today’s
time it is necessary to protect our valuable resources and, more importantly, the
personal and confidential data of which we are custodians. Rest assured, the
policy issues and the roll out strategy for NAC will be broadly discussed in our
community and approved by the President’s Executive Council before it impacts
you.
Many of you may have heard I will be leaving the Health Sciences Center in
May. For the past 13 years, it has been my distinct pleasure and great honor to
have been associated with the community of outstanding people who are the
Texas Tech University Health Sciences Center. Thank you for all the support and
kindness you have given to me and my family over the years. Best wishes to you
and your families!
Michael T. Phillips
Chief Information Officer
PERMIAN BASIN:
800 West 4th Street
Odessa, TX 79763
(432) 335-5108
helpdeskodessa@ttuhsc.edu
www.ttuhsc.edu/odessa/it
TechTalk
PAGE 1
Network Access Controls
By Steve Hargrove, Ent. Security Analyst II
Coming Soon to Your Computer!
The infrastructure to support Network
Access Controls (NAC) is currently
being deployed on the network at
TTUHSC. Every computer that accesses the network will be affected by this
new system. So it is very important that
everyone understands what NAC means
and how it will affect your daily operations.
NAC is going to have an impact on
everyone, so please take the time to read
this article. It will certainly help you
understand why NAC is so important
and necessary to protect all the digital
treasure contained on our network.
What is Network Access
Control and Why Do We Need It?
At its most basic level, network access
control (NAC) is the idea that who you
are determines what areas of a network
you can access. When completed, NAC
provides a policy that, based upon your
identity, determines your level of access
across the entire network infrastructure.
Different levels of access to network
resources (servers, file shares, internet,
etc) can be assigned based on who you
are and your role at TTUHSC (Faculty/
Staff, Students, business partners,
visitors, etc). NAC also adds another
layer of protection to our network. In
this day of viruses, worms, trojans, bots,
DDoS threats, and hackers stealing credit
card and patient health information, we
need a way to more effectively manage our
network traffic to ensure the confidentiality, integrity, and availability of our data.
While NAC is not the be-all-end-all
solution, it is an important piece in our
continuing efforts to keep our network
safe.
Determining “Who You Are”
Because “who you are” determines the
access policy, the concept of “who”
becomes more involved than a simple
user id. IT uses three primary devices
to determine the correct access policy:
authentication, endpoint security assessment, and network environmental
information. When combined, these three
TechTalk
components determine “who you are.”
Authentication occurs when you log in
with your eRaider account.
You
enter your username and password,
which are your authentication credentials. A quality NAC solution will use the
same authentication system as other
applications. This is the case for the
TTUHSC NAC, as it will use our existing
authentication mechanisms (eRaider and
Active Directory) so you won’t have to
learn yet another user id and password.
Endpoint-security assessment is more
complicated. The basic idea is that,
when you login, NAC checks to ensure
that your laptop or workstation is upto-date on security patches, is running
antivirus software, etc. If the computer
isn’t in compliance, it will be given a different access policy than one that is
compliant. So, for example, a non-compliant laptop would not have the same
network access that a compliant laptop would have. Once the computer is
made compliant, (security patches are
applied, antivirus signature files are updated, etc) then NAC will change the access policy, allowing the correct access.
The final element, environmental information, is concerned with the environment
surrounding you. This typically focuses
on where you are physically or how you
are accessing the network. For example,
environmental information would reveal
whether you are connecting to the network through a wireless connection or a
VPN, whether you’re in the building or in
another town, and it’s possible to filter
network access based upon this information. A person accessing the network from
within the building may have more access
than someone located in another country.
How Does This Affect You?
All computers in the HSC network will
need to have a new client application
installed, called Health Agent. The
deployment of this software will be done
very carefully to ensure no impact to
our customers and ensure interoperability with existing applications.
Once a computer has the Health Agent
installed and enabled, it will automatically
‘shake hands’ with the NAC system and
allow you access to the network (if your PC
is “healthy”). Those computers that do not
have Health Agent installed (for example
a brand new PC) will have no network
access when they first plug into the
network. If they open a web browser,
such as Internet Explorer or Firefox,
they will be redirected to a login page
where they can then logon with their
eRaider ID. Once you have authenticated (logged on), one of two things can
happen: remediation or business as usual.
If your computer has failed any of the
endpoint-security assessments, (current antivirus software, Windows critical updates, etc) your system will be
put into remediation and you will see a
screen advising you to contact the Help
Desk. They will assist you in getting
the situation resolved, after which your
typical network access will be restored.
“Business as usual” is used to mean that
you have successfully authenticated and
passed the endpoint-security assessments. Your typical network access will be
immediately available at this time.
Furthermore, NAC allows us to configure
guest access, so people who visit the
campus will be able to connect as a guest
to access the Internet but have little-to-no
access to our internal network.
When Will NAC Be Implemented?
TTUHSC IT is currently developing the necessary access policies and
working with Nortel to configure the
NAC devices. We anticipate that we can
begin a phased rollout of NAC later this
year. As always, as we begin to move
forward with the project, we’ll make
every effort to keep you informed.
Additional information about Network Access Control is available at
h t t p : / / w w w. n e t w o r k w o r l d . c o m / re search/2006/040306-nac-primer.html and
http://www.interop.com/archive/pdfs/
NAC.pdf.
PAGE 2
The Cavalry to the Rescue:
Meet the Lubbock PC Support Team
By Cynthia Squyers, PC/Network Support III
Meet the gentlemen who are our hands-on team to fix any Lubbock TTUHSC computer, laptop, printer, or
scanner issues. You probably recognize many of them and now it is time to learn a little more about them.
Larry Winfrey
PC/Network Support IV
Larry joined the PC/Network
Support team in July 2007. He
has nearly 8 years of experience
in the IT industry. Larry graduated with his BBA
from Wayland Baptist University in June 2008.
Larry is married with 2 boys, 8 and 5, with a third
on the way. He loves spending time playing soccer
with his sons, playing the guitar and watching
Texas Tech football’s Air Raid offense.
Keith Erickson
PC/Network Support III
Keith joined the PC/Network
Support team in April 2006,
working at both the Help Desk and
in PC Support. He enjoys learning new technologies and
computer related operations, evident by the 5 different
operating systems he is currently testing on his computer.
Keith is married and just this year had his second child.
During his off time he enjoys playing with the kids and
watching college football, especially Notre Dame
football.
Dave Anderson
PC/Network Support II
Jason Morton
PC/Network Support III
Jason joined the PC/Network
Support team in October 2008.
He previously worked at HealthNet and the TTUHSC School of Pharmacy in
Amarillo for 2 years while he attended college. He
has 12 years experience in PC Support, Network
Administration, and Server Administration.
His wife and son accompany him on many summer
trips to the lake for boating and camping.
Kevin Brake
PC/Network Support II
Kevin joined the PC/Network
Support team in August 2007. He
has 14 years of experience with
computer maintenance and repair. Of those 14 years
7 were spent in Beaumont, TX where he built and
installed all their computers, printers, and servers; the
other 7 years were spent at the Lubbock Avalanche
Journal where he maintained a variety of equipment.
Kevin is married with one son and two daughters. When
not at work, Kevin enjoys home improvement, reading
and aquaria.
Eric Simpson
PC Support Student Asst.
Dave joined the PC/Network Support
team in December 2007. He previously
worked at Covenant Medical Center before joining the
HSC team. David has a BS in Computer Science from
Chapman University and served in the USAF for 10 years.
Eric joined the PC/Network Support
team in the summer of 2007.
Eric is originally from Gordon, TX where he played
six man football. He graduated from Gordon High
School in 2004 with a graduation class of 18. His wife works for the City of Lubbock and they have 2
children. David’s daughter is a freshman at TTU and his
son is a 3rd grader in Lubbock ISD. When not at the HSC
he enjoys reading, computers, and watching movies.
Eric is currently working towards a Computer Science
degree at Texas Tech University. When Eric isn’t at
work or school he enjoys watching horror movies and
playing pool.
TechTalk
PAGE 3
or offer. Merlin: The New
Online Admissions
Application Wizard
By Angie Newsome, Programmer/Analyst III, Scott Hardage,
Programmer/Analyst IV, and Robby McCasland, Sr.
Director
As part of the upgrade from TechSIS to Banner Student,
TTUHSC Information Services has been working diligently
to develop a replacement for the admissions applications
processes. Merlin was implemented as the new Online
Admission Application Wizard at TTUHSC in June 2008.
Merlin is a modular system specifically designed to be
configurable by each of the Schools based on their
particular needs and requirements. The wizard assembles
common applicant information, collects application fees,
and provides downloadable forms.
Merlin is also capable of gathering course work details and grades needed for preliminary evaluations of
applicants, as well as reviewing the current status and
existing requirements. The system not only acts as an
application viewer that is printable for school personnel
but it is also utilized in setting up interview dates, times,
locations, and specific numbers of interviewees. Merlin
then sends out email notifications to groups or individual
applicants with admission offers and handles the
acceptance, declination, and processing of those offers.
Applicants can apply for one or more program and,
depending on the School, they can track the status of
required documents (transcripts, reference letters, etc).
Once an interview invitation or admissions offer is
received, students are provided with a link to Merlin where
they login and either accept or decline the invitation
Periodically, information from Merlin is uploaded into the
Banner Student System through a series of data feeds.
This data is used for various administrative purposes
by the Office of the Registrar and the Schools. Merlin functions as a data gathering tool with an interface for configuration by each of the Schools.
Admissions personnel utilize Merlin to gather information
about applicants that apply for their specific programs.
Because of the vast differences between each of the
Schools, Merlin is highly configurable and allows for a low
level of specialization within each program associated with
a particular school. Because of this, training and feedback
focus groups have been employed in order to garner an
understanding of the system and process, respectively.
TTUHSC Information Services meets with the Admissions representatives from the schools on a biweekly
basis to discuss the system and prioritize changes and
improvements to the system. This collaboration has provided the mechanism to continuously improve the system
with the aim of making it increasingly user friendly for
matriculating students and the Admissions Office
personnel.
PHI & PI in Portable Devices
By IT Security Team
Reminder:
Patient health information or personal information such as social security numbers should not be stored on portable
devices. This includes USB memory sticks, data phones, PDA, Laptops and other portable media devices. For more
information about storing patient health information, please see TTUHSC Information Technology Policy 1.4.14,
accessible online at www.ttuhsc.edu/it/policy.
TechTalk
PAGE 4
Portal How To’s
By Scott Hardage, Programmer/Analyst IV, Robby McCasland, Sr. Director, and Angie Newsome, Programmer/Analyst III
With the 2005 joint venture between Texas Tech University and the Texas Tech University Health Sciences Center,
many new programs are being designed to simplify and enhance user experiences. One of those programs is the
Lumnis Portal. It replaced the WebRaider Uportal and has updated the way students, faculty, and staff navigate
content associated with the two institutions.
Because of this change, students are able to
register for classes and access the online learning environment. Faculty and staff are able to access human
resources, student and finance information through the various portal channels and users can customize their portal environment with bookmarks or add channels with content that is important to the specific user.
According to the set roles within the system, users are able to see information that pertains to them by default. For
example, a TTUHSC student will have access to announcements that specifically deal with information about
TTUHSC whereas a TTU student will have news and announcements pertaining to TTU. If, however, a TTUHSC
student would like to see information pertaining to the TTU campus, customizations are available. The main goal of the portal is for users to have one place to go for all of their needs associated with TTU and TTUHSC.
Channels will continue to be added that are related to the Banner system to improve functionality and to give users
access through the portal to those systems they need in their daily activities. In an effort to get you started, the
following link provides a video on “How To Add a Channel” http://www.ttuhsc.edu/it/webct/demo/webraider_demo.htm
Below are examples of what can be found under each tab within your portal.
Under the “Home” tab you can find important annoucements, portal news
and a search engine. This tab can be customized with channels for the local weather
or ‘Sights of Texas Tech.’
Under the “MyTech (for Students)” tab you can find
Tech Announcements, a student services link, and
personal, student account, and registration
information.
Under the “Faculty/Advisor” tab you can find personal
information, faculty/advisor dashboards, faculty
schedules, and important links for faculty and
advisors.
Under the “News” tab are links to the Daily Toreador,
Texas Tech News Clips, news releases, and Texas Tech
Today.
TechTalk
Under the “HSC Employee” tab you can find all of
your work-related information (leave balances,
earnings statement, timesheets, leave reports, etc).
Monthly calendars, annoucements, and important
Texas Tech links are also available under this tab.
Under the “F & A Work Tools” tab you can find links
to HR, HR Announcements, budget and finance
information, and purchasing/payment services.
Under the “HSC Student” tab you can find links for
the Tech Drive, campus events and information, IT
help central, and the newspaper.
PAGE 5
Desktop Best Practices
By Larry Winfrey, PC/Network Support IV
Computer attacks grow more sophisticated and professional by the day. Computer attacks in the past were
easy to spot, therefore, easy to avoid. Today’s attacks seem legitimate by comparison, so it is
necessary for computer users to be vigilant when using their desktop computers. Here are a few rules to
keep your identity and desktop safe from some common desktop dangers. We recommend these practices at
home as well as at work.
“MY PASSWORD IS...”
This phrase causes any IT person’s hair to stand on end.
Never, never, never give your password out! Just because
someone says they need to work on your computer does not
make it safe to give them your password. Your password is
the key to your identity on the network. Giving it out allows
unauthorized users the ability to impersonate you on the
network. Anything that person does will appear to have been
done by you. IT Staff will never ask for your password, nor
do they need it. It is also a bad idea to have your password
written on a sticky note and hidden anywhere near your desk.
If you must write your password down for remembering when
you create it, store it in a secure, lockable location, and then
destroy the reminder as soon as you have the password
memorized. Oh, did we mention NEVER give out your password?
WHEN YOU NEED TO TAKE A WALK, YOU MUST LOCK IT!
When you leave your computer, LOCK IT!! You can click the
start button, shut down, and then click Lock Computer. A
faster way to lock your computer is to press the windows
key and the L key at the same time. This will immediately lock
the computer. The reason for locking your computer is to
prevent its use by unauthorized users or visitors to
the HSC. Anything that happens on your computer is your
responsibility. Even walking away from your computer
for a minute gives unauthorized users the ability to
compromise the network. If the network is comprimised with
your logon credentials, it is you that will be held responsible.
Don’t Trust The Source!
Viruses are notorious for spreading through user’s email
inboxes, impersonating the computer or user that the virus
came from. Always scan all attachments with McAfee.
Unless the attachment is an image or document that
you are expecting, delete it. If you are at all unsure
about the attachment, ask the person who sent it to you
first. If you don’t know the sender, call the help desk.
Don’t Take the Bait!
Phishing scams are getting more and more legitimate looking.
In the past, phishing emails were full of misspellings
and grammatical errors. Current phishing emails are very
convincing and even the most careful customer can be
tricked into responding to a phising email. Banks, ISP’s,
TTUHSC, and any legitimate organization will not ask
for your confidential information by email. Any email you
recieve that asks for your information should be
considered a phishing attack and deleted. SPAM IS BAD, DON’T OPEN UP FOR IT!
Spam is on the rise again. Securing your email from spam
is really quite simple. Do not give out your work email address to any web site. If you are required to provide an email
address when signing up for membership at a web site, you can
create an account at one of the many free email providers available on the Internet. Google, Yahoo, and Microsoft
provide free email accounts. These accounts are great for nonbusiness related web site sign ups. This practice will help to
limit the amount of spam you receive in your work email inbox.
TRUST NO ONE!!!
Malicious users are very good actors. They will often
use a hacking method called Social Engineering. Social DON’T GET CAUGHT IN A DRIVE-BY!
Engineering has nothing to do with being a computer genius Spyware and adware cause major PC problems and reduce
and is often the easiest way to gain access to a network. the performance of the computer and the productivity of the
Users are very trusting people, and this trust can be user. To protect your computer from these threats do not
detrimental to network security. A malicious user could allow web sites to display pop up ads. Internet Explorer income into the building or make a phone call pretending cludes a pop up blocker that will help protect your PC. Some
to be with the IT department. They will be very convincing websites will attempt to download and install software on your
and will act as if they only want to prevent any further computer, do not let them. If a website tries to install a proproblems. They will ask for your information about your gram on your computer cancel the installation and close the
computer, your username and password. The hacker is rely- browser window. There are many reputable sites for software
ing on the user’s unfamiliarity with the IT Staff. Once the hack- downloads; however, there are more disreputable sites. The
er has your username and password, it is a simple matter to best way to protect your computer is to not download any softcompromise the network. Never give out your password. If a ware. New computers in the institution are setup with all the
person that you don’t recognize asks to look at your computer, software necessary. Downloading weather applications, media
players, games, and other software is only inviting infection.
ask for their HSC ID.
These simple measures are all it takes to thwart a malicious user. If you notice any suspicious activity, report it. Be
vigilant with protecting your computer and your identity. With properly configured software and equipment, the only
difference between a secure and insecure network is the user.
TechTalk
PAGE 6
TechLink Conversion to the H.323 Internet Protocol (IP)
Communication Standard
By Warren Dyer, Senior Director, Telecommunication Services
The TechLink intercampus videoconferencing network formerly referred to as HealthNet, connects 35 distance
learning classrooms and 21 conference rooms throughout the TTUHSC System via the TTUHSC Wide Area
Network (WAN). Current TechLink infrastructure is based on an obsolete and end-of-life communication standard known as H.320, which is used to transmit most of the 7,400 videoconferencing events held annually on
the network. A major issue with continued use of H.320 is that the existing video infrastructure designed to
support this standard has also reached end-of-life. As a result, it is not only less reliable, but more costly and
difficult to maintain. Further, this outdated infrastructure is partially responsible for the low visual image quality
frequently experienced when using TechLink. Beginning in February 2009 however, the TechLink network will
undergo a two-month long conversion to the H.323 (IP) communication standard. This will result in the installation of later model video coder-decoder (codec) equipment, and the removal of legacy H.320 (non-IP) codecs
and associated infrastructure; a modular upgrade that will occur without disrupting TechLink services. When
complete, the conversion to H.323 is expected to noticeably improve the visual clarity of graphics, text, video,
and other forms of imagery used as content for meetings, distance learning classes, and similar videoconferencing events. As an added benefit, videoconferencing with the IP communication standard will require fewer
network resources than with the older non-IP format. Depending upon the purpose of a specific conference,
the IP standard may require only ¼ to ¾ the bandwidth needed for a comparable non-IP session. This will enable the bandwidth saved through IP videoconferencing to be automatically reallocated in support of other
applications on the TTUHSC WAN. For more information regarding this project, please contact Warren Dyer at
3-1500, x-244, e-mail warren.dyer@ttuhsc.edu; or Paul Thomas at 3-1500, x-232, e-mail
gpaul.thomas@ttuhsc.edu.
Update on Data Center Upgrades
by Gordon Essary, Senior Director
In my last article, I outlined additional upgrades planned for the Data Center. The status of each planned upgrade is
listed below.
Physical Security Enhancements
All entrances to the data center controlled by a key have been re-keyed to a common master and a very limited
number of essential personnel have a copy of the key. Most all data center personnel enter and exit the data
center via two doors controlled by a badge reader. The current security cameras will be replaced and
additional cameras added. Proposed date for the security camera replacements/additions has been pushed
back to the second quarter of 2009.
Additional Fire Suppression System
The new FM200 fire suppression system is now in place and fully functional. The original Halon system
remains in place and is configured as a manual backup system should it become necessary.
Additional Cooling System
The new CRAC (Computer Room Air Conditioning system) installation is currently in progress. The piping
installation for the glycol and chilled water lines is mostly complete, but the installation of the condensing unit
pad has not yet begun. Estimated date for completion of installation is early second quarter of 2009.
Additional Uninterruptible Power Supply
The additional uninterruptible power supply is in house, but installation has not yet begun. Estimated date for
completion of installation is early second quarter of 2009.
TechTalk
PAGE 7