Issue 2 - Texas Tech University Health Sciences Center
Transcription
Issue 2 - Texas Tech University Health Sciences Center
TechTalk The official newsletter of the TTUHSC Information Technology Division Network Access Control Page 2 Merlin: The New Online Admission Wizard Page 4 Desktop Best Practices Page 6 Volume III, Issue II February 2009 In This Issue: Message From The CIO .................................. 1 Portal How To’s ............................................... 5 Meet Lubbock PC Support Team .................... 3 TechLink Conversion to H.323........................ 7 PHI & PI in Portable Devices .......................... 4 Update on Data Center Upgrades.................... 7 techtalk Editor: Amy Santana Editorial Team: Vickie Gustafson vickie.gustafson@ttuhsc.edu Crystal Hernandez crystal.hernandez@ttuhsc.edu Amy Santana amy.santana@ttuhsc.edu INFORMATION TECHNOLOGY (IT) DIVISION CONTACT INFORMATION AMARILLO: 1400 S. Coulter Street Amarillo, TX 79106 (806) 354-5404 helpdesk.amarillo@ttuhsc.edu EL PASO: 4800 Alberta Avenue El Paso, TX 79905 (915) 545-6800 elp.helpdesk@ttuhsc.edu www.ttuhsc.edu/elpaso/it LUBBOCK: Technology Services and Information Services 3601 4th Street - STOP 9083 Lubbock, TX 79430 (806) 743-2870 - Reception (806) 743-2875 - Help Desk ithelpdesk@ttuhsc.edu www.ttuhsc.edu/it Office of the CIO and HealthNet Education Services 3601 4th Street - STOP 7755 Lubbock, TX 79430 (806) 743-1500 - Reception (806) 743-1555 - HealthNet message from the chief information officer The Network Infrastructure Upgrade (NIU) project is nearing completion. Now that the spring semester is underway, we will be completing the installation of new network infrastructure at our campus in Amarillo. There are three major benefits of the new network for our institution. The wired and wireless networks will be faster, we will have the ability to shape and allocate network resources to ensure mission critical services receive priority, and the security of the technology infrastructure and our data will be enhanced. One of the articles in this edition of TechTalk highlights Network Access Controls (NAC). NAC is one of the new network security services that will be enabled in the new network. NAC will permit the Health Sciences Center to ensure network users are authorized to be in the area of the network they are trying to access. Additionally, NAC will provide the tools which are needed to make sure devices gaining access to the network are up to date on required security patches and have virus protection enabled. If the patches are not current, the device will be granted limited access to the network and tools will be provided to update the security posture of the device. NAC will impact everyone, so take a few minutes to read the article. Some will see NAC as an inconvenience, but in today’s time it is necessary to protect our valuable resources and, more importantly, the personal and confidential data of which we are custodians. Rest assured, the policy issues and the roll out strategy for NAC will be broadly discussed in our community and approved by the President’s Executive Council before it impacts you. Many of you may have heard I will be leaving the Health Sciences Center in May. For the past 13 years, it has been my distinct pleasure and great honor to have been associated with the community of outstanding people who are the Texas Tech University Health Sciences Center. Thank you for all the support and kindness you have given to me and my family over the years. Best wishes to you and your families! Michael T. Phillips Chief Information Officer PERMIAN BASIN: 800 West 4th Street Odessa, TX 79763 (432) 335-5108 helpdeskodessa@ttuhsc.edu www.ttuhsc.edu/odessa/it TechTalk PAGE 1 Network Access Controls By Steve Hargrove, Ent. Security Analyst II Coming Soon to Your Computer! The infrastructure to support Network Access Controls (NAC) is currently being deployed on the network at TTUHSC. Every computer that accesses the network will be affected by this new system. So it is very important that everyone understands what NAC means and how it will affect your daily operations. NAC is going to have an impact on everyone, so please take the time to read this article. It will certainly help you understand why NAC is so important and necessary to protect all the digital treasure contained on our network. What is Network Access Control and Why Do We Need It? At its most basic level, network access control (NAC) is the idea that who you are determines what areas of a network you can access. When completed, NAC provides a policy that, based upon your identity, determines your level of access across the entire network infrastructure. Different levels of access to network resources (servers, file shares, internet, etc) can be assigned based on who you are and your role at TTUHSC (Faculty/ Staff, Students, business partners, visitors, etc). NAC also adds another layer of protection to our network. In this day of viruses, worms, trojans, bots, DDoS threats, and hackers stealing credit card and patient health information, we need a way to more effectively manage our network traffic to ensure the confidentiality, integrity, and availability of our data. While NAC is not the be-all-end-all solution, it is an important piece in our continuing efforts to keep our network safe. Determining “Who You Are” Because “who you are” determines the access policy, the concept of “who” becomes more involved than a simple user id. IT uses three primary devices to determine the correct access policy: authentication, endpoint security assessment, and network environmental information. When combined, these three TechTalk components determine “who you are.” Authentication occurs when you log in with your eRaider account. You enter your username and password, which are your authentication credentials. A quality NAC solution will use the same authentication system as other applications. This is the case for the TTUHSC NAC, as it will use our existing authentication mechanisms (eRaider and Active Directory) so you won’t have to learn yet another user id and password. Endpoint-security assessment is more complicated. The basic idea is that, when you login, NAC checks to ensure that your laptop or workstation is upto-date on security patches, is running antivirus software, etc. If the computer isn’t in compliance, it will be given a different access policy than one that is compliant. So, for example, a non-compliant laptop would not have the same network access that a compliant laptop would have. Once the computer is made compliant, (security patches are applied, antivirus signature files are updated, etc) then NAC will change the access policy, allowing the correct access. The final element, environmental information, is concerned with the environment surrounding you. This typically focuses on where you are physically or how you are accessing the network. For example, environmental information would reveal whether you are connecting to the network through a wireless connection or a VPN, whether you’re in the building or in another town, and it’s possible to filter network access based upon this information. A person accessing the network from within the building may have more access than someone located in another country. How Does This Affect You? All computers in the HSC network will need to have a new client application installed, called Health Agent. The deployment of this software will be done very carefully to ensure no impact to our customers and ensure interoperability with existing applications. Once a computer has the Health Agent installed and enabled, it will automatically ‘shake hands’ with the NAC system and allow you access to the network (if your PC is “healthy”). Those computers that do not have Health Agent installed (for example a brand new PC) will have no network access when they first plug into the network. If they open a web browser, such as Internet Explorer or Firefox, they will be redirected to a login page where they can then logon with their eRaider ID. Once you have authenticated (logged on), one of two things can happen: remediation or business as usual. If your computer has failed any of the endpoint-security assessments, (current antivirus software, Windows critical updates, etc) your system will be put into remediation and you will see a screen advising you to contact the Help Desk. They will assist you in getting the situation resolved, after which your typical network access will be restored. “Business as usual” is used to mean that you have successfully authenticated and passed the endpoint-security assessments. Your typical network access will be immediately available at this time. Furthermore, NAC allows us to configure guest access, so people who visit the campus will be able to connect as a guest to access the Internet but have little-to-no access to our internal network. When Will NAC Be Implemented? TTUHSC IT is currently developing the necessary access policies and working with Nortel to configure the NAC devices. We anticipate that we can begin a phased rollout of NAC later this year. As always, as we begin to move forward with the project, we’ll make every effort to keep you informed. Additional information about Network Access Control is available at h t t p : / / w w w. n e t w o r k w o r l d . c o m / re search/2006/040306-nac-primer.html and http://www.interop.com/archive/pdfs/ NAC.pdf. PAGE 2 The Cavalry to the Rescue: Meet the Lubbock PC Support Team By Cynthia Squyers, PC/Network Support III Meet the gentlemen who are our hands-on team to fix any Lubbock TTUHSC computer, laptop, printer, or scanner issues. You probably recognize many of them and now it is time to learn a little more about them. Larry Winfrey PC/Network Support IV Larry joined the PC/Network Support team in July 2007. He has nearly 8 years of experience in the IT industry. Larry graduated with his BBA from Wayland Baptist University in June 2008. Larry is married with 2 boys, 8 and 5, with a third on the way. He loves spending time playing soccer with his sons, playing the guitar and watching Texas Tech football’s Air Raid offense. Keith Erickson PC/Network Support III Keith joined the PC/Network Support team in April 2006, working at both the Help Desk and in PC Support. He enjoys learning new technologies and computer related operations, evident by the 5 different operating systems he is currently testing on his computer. Keith is married and just this year had his second child. During his off time he enjoys playing with the kids and watching college football, especially Notre Dame football. Dave Anderson PC/Network Support II Jason Morton PC/Network Support III Jason joined the PC/Network Support team in October 2008. He previously worked at HealthNet and the TTUHSC School of Pharmacy in Amarillo for 2 years while he attended college. He has 12 years experience in PC Support, Network Administration, and Server Administration. His wife and son accompany him on many summer trips to the lake for boating and camping. Kevin Brake PC/Network Support II Kevin joined the PC/Network Support team in August 2007. He has 14 years of experience with computer maintenance and repair. Of those 14 years 7 were spent in Beaumont, TX where he built and installed all their computers, printers, and servers; the other 7 years were spent at the Lubbock Avalanche Journal where he maintained a variety of equipment. Kevin is married with one son and two daughters. When not at work, Kevin enjoys home improvement, reading and aquaria. Eric Simpson PC Support Student Asst. Dave joined the PC/Network Support team in December 2007. He previously worked at Covenant Medical Center before joining the HSC team. David has a BS in Computer Science from Chapman University and served in the USAF for 10 years. Eric joined the PC/Network Support team in the summer of 2007. Eric is originally from Gordon, TX where he played six man football. He graduated from Gordon High School in 2004 with a graduation class of 18. His wife works for the City of Lubbock and they have 2 children. David’s daughter is a freshman at TTU and his son is a 3rd grader in Lubbock ISD. When not at the HSC he enjoys reading, computers, and watching movies. Eric is currently working towards a Computer Science degree at Texas Tech University. When Eric isn’t at work or school he enjoys watching horror movies and playing pool. TechTalk PAGE 3 or offer. Merlin: The New Online Admissions Application Wizard By Angie Newsome, Programmer/Analyst III, Scott Hardage, Programmer/Analyst IV, and Robby McCasland, Sr. Director As part of the upgrade from TechSIS to Banner Student, TTUHSC Information Services has been working diligently to develop a replacement for the admissions applications processes. Merlin was implemented as the new Online Admission Application Wizard at TTUHSC in June 2008. Merlin is a modular system specifically designed to be configurable by each of the Schools based on their particular needs and requirements. The wizard assembles common applicant information, collects application fees, and provides downloadable forms. Merlin is also capable of gathering course work details and grades needed for preliminary evaluations of applicants, as well as reviewing the current status and existing requirements. The system not only acts as an application viewer that is printable for school personnel but it is also utilized in setting up interview dates, times, locations, and specific numbers of interviewees. Merlin then sends out email notifications to groups or individual applicants with admission offers and handles the acceptance, declination, and processing of those offers. Applicants can apply for one or more program and, depending on the School, they can track the status of required documents (transcripts, reference letters, etc). Once an interview invitation or admissions offer is received, students are provided with a link to Merlin where they login and either accept or decline the invitation Periodically, information from Merlin is uploaded into the Banner Student System through a series of data feeds. This data is used for various administrative purposes by the Office of the Registrar and the Schools. Merlin functions as a data gathering tool with an interface for configuration by each of the Schools. Admissions personnel utilize Merlin to gather information about applicants that apply for their specific programs. Because of the vast differences between each of the Schools, Merlin is highly configurable and allows for a low level of specialization within each program associated with a particular school. Because of this, training and feedback focus groups have been employed in order to garner an understanding of the system and process, respectively. TTUHSC Information Services meets with the Admissions representatives from the schools on a biweekly basis to discuss the system and prioritize changes and improvements to the system. This collaboration has provided the mechanism to continuously improve the system with the aim of making it increasingly user friendly for matriculating students and the Admissions Office personnel. PHI & PI in Portable Devices By IT Security Team Reminder: Patient health information or personal information such as social security numbers should not be stored on portable devices. This includes USB memory sticks, data phones, PDA, Laptops and other portable media devices. For more information about storing patient health information, please see TTUHSC Information Technology Policy 1.4.14, accessible online at www.ttuhsc.edu/it/policy. TechTalk PAGE 4 Portal How To’s By Scott Hardage, Programmer/Analyst IV, Robby McCasland, Sr. Director, and Angie Newsome, Programmer/Analyst III With the 2005 joint venture between Texas Tech University and the Texas Tech University Health Sciences Center, many new programs are being designed to simplify and enhance user experiences. One of those programs is the Lumnis Portal. It replaced the WebRaider Uportal and has updated the way students, faculty, and staff navigate content associated with the two institutions. Because of this change, students are able to register for classes and access the online learning environment. Faculty and staff are able to access human resources, student and finance information through the various portal channels and users can customize their portal environment with bookmarks or add channels with content that is important to the specific user. According to the set roles within the system, users are able to see information that pertains to them by default. For example, a TTUHSC student will have access to announcements that specifically deal with information about TTUHSC whereas a TTU student will have news and announcements pertaining to TTU. If, however, a TTUHSC student would like to see information pertaining to the TTU campus, customizations are available. The main goal of the portal is for users to have one place to go for all of their needs associated with TTU and TTUHSC. Channels will continue to be added that are related to the Banner system to improve functionality and to give users access through the portal to those systems they need in their daily activities. In an effort to get you started, the following link provides a video on “How To Add a Channel” http://www.ttuhsc.edu/it/webct/demo/webraider_demo.htm Below are examples of what can be found under each tab within your portal. Under the “Home” tab you can find important annoucements, portal news and a search engine. This tab can be customized with channels for the local weather or ‘Sights of Texas Tech.’ Under the “MyTech (for Students)” tab you can find Tech Announcements, a student services link, and personal, student account, and registration information. Under the “Faculty/Advisor” tab you can find personal information, faculty/advisor dashboards, faculty schedules, and important links for faculty and advisors. Under the “News” tab are links to the Daily Toreador, Texas Tech News Clips, news releases, and Texas Tech Today. TechTalk Under the “HSC Employee” tab you can find all of your work-related information (leave balances, earnings statement, timesheets, leave reports, etc). Monthly calendars, annoucements, and important Texas Tech links are also available under this tab. Under the “F & A Work Tools” tab you can find links to HR, HR Announcements, budget and finance information, and purchasing/payment services. Under the “HSC Student” tab you can find links for the Tech Drive, campus events and information, IT help central, and the newspaper. PAGE 5 Desktop Best Practices By Larry Winfrey, PC/Network Support IV Computer attacks grow more sophisticated and professional by the day. Computer attacks in the past were easy to spot, therefore, easy to avoid. Today’s attacks seem legitimate by comparison, so it is necessary for computer users to be vigilant when using their desktop computers. Here are a few rules to keep your identity and desktop safe from some common desktop dangers. We recommend these practices at home as well as at work. “MY PASSWORD IS...” This phrase causes any IT person’s hair to stand on end. Never, never, never give your password out! Just because someone says they need to work on your computer does not make it safe to give them your password. Your password is the key to your identity on the network. Giving it out allows unauthorized users the ability to impersonate you on the network. Anything that person does will appear to have been done by you. IT Staff will never ask for your password, nor do they need it. It is also a bad idea to have your password written on a sticky note and hidden anywhere near your desk. If you must write your password down for remembering when you create it, store it in a secure, lockable location, and then destroy the reminder as soon as you have the password memorized. Oh, did we mention NEVER give out your password? WHEN YOU NEED TO TAKE A WALK, YOU MUST LOCK IT! When you leave your computer, LOCK IT!! You can click the start button, shut down, and then click Lock Computer. A faster way to lock your computer is to press the windows key and the L key at the same time. This will immediately lock the computer. The reason for locking your computer is to prevent its use by unauthorized users or visitors to the HSC. Anything that happens on your computer is your responsibility. Even walking away from your computer for a minute gives unauthorized users the ability to compromise the network. If the network is comprimised with your logon credentials, it is you that will be held responsible. Don’t Trust The Source! Viruses are notorious for spreading through user’s email inboxes, impersonating the computer or user that the virus came from. Always scan all attachments with McAfee. Unless the attachment is an image or document that you are expecting, delete it. If you are at all unsure about the attachment, ask the person who sent it to you first. If you don’t know the sender, call the help desk. Don’t Take the Bait! Phishing scams are getting more and more legitimate looking. In the past, phishing emails were full of misspellings and grammatical errors. Current phishing emails are very convincing and even the most careful customer can be tricked into responding to a phising email. Banks, ISP’s, TTUHSC, and any legitimate organization will not ask for your confidential information by email. Any email you recieve that asks for your information should be considered a phishing attack and deleted. SPAM IS BAD, DON’T OPEN UP FOR IT! Spam is on the rise again. Securing your email from spam is really quite simple. Do not give out your work email address to any web site. If you are required to provide an email address when signing up for membership at a web site, you can create an account at one of the many free email providers available on the Internet. Google, Yahoo, and Microsoft provide free email accounts. These accounts are great for nonbusiness related web site sign ups. This practice will help to limit the amount of spam you receive in your work email inbox. TRUST NO ONE!!! Malicious users are very good actors. They will often use a hacking method called Social Engineering. Social DON’T GET CAUGHT IN A DRIVE-BY! Engineering has nothing to do with being a computer genius Spyware and adware cause major PC problems and reduce and is often the easiest way to gain access to a network. the performance of the computer and the productivity of the Users are very trusting people, and this trust can be user. To protect your computer from these threats do not detrimental to network security. A malicious user could allow web sites to display pop up ads. Internet Explorer income into the building or make a phone call pretending cludes a pop up blocker that will help protect your PC. Some to be with the IT department. They will be very convincing websites will attempt to download and install software on your and will act as if they only want to prevent any further computer, do not let them. If a website tries to install a proproblems. They will ask for your information about your gram on your computer cancel the installation and close the computer, your username and password. The hacker is rely- browser window. There are many reputable sites for software ing on the user’s unfamiliarity with the IT Staff. Once the hack- downloads; however, there are more disreputable sites. The er has your username and password, it is a simple matter to best way to protect your computer is to not download any softcompromise the network. Never give out your password. If a ware. New computers in the institution are setup with all the person that you don’t recognize asks to look at your computer, software necessary. Downloading weather applications, media players, games, and other software is only inviting infection. ask for their HSC ID. These simple measures are all it takes to thwart a malicious user. If you notice any suspicious activity, report it. Be vigilant with protecting your computer and your identity. With properly configured software and equipment, the only difference between a secure and insecure network is the user. TechTalk PAGE 6 TechLink Conversion to the H.323 Internet Protocol (IP) Communication Standard By Warren Dyer, Senior Director, Telecommunication Services The TechLink intercampus videoconferencing network formerly referred to as HealthNet, connects 35 distance learning classrooms and 21 conference rooms throughout the TTUHSC System via the TTUHSC Wide Area Network (WAN). Current TechLink infrastructure is based on an obsolete and end-of-life communication standard known as H.320, which is used to transmit most of the 7,400 videoconferencing events held annually on the network. A major issue with continued use of H.320 is that the existing video infrastructure designed to support this standard has also reached end-of-life. As a result, it is not only less reliable, but more costly and difficult to maintain. Further, this outdated infrastructure is partially responsible for the low visual image quality frequently experienced when using TechLink. Beginning in February 2009 however, the TechLink network will undergo a two-month long conversion to the H.323 (IP) communication standard. This will result in the installation of later model video coder-decoder (codec) equipment, and the removal of legacy H.320 (non-IP) codecs and associated infrastructure; a modular upgrade that will occur without disrupting TechLink services. When complete, the conversion to H.323 is expected to noticeably improve the visual clarity of graphics, text, video, and other forms of imagery used as content for meetings, distance learning classes, and similar videoconferencing events. As an added benefit, videoconferencing with the IP communication standard will require fewer network resources than with the older non-IP format. Depending upon the purpose of a specific conference, the IP standard may require only ¼ to ¾ the bandwidth needed for a comparable non-IP session. This will enable the bandwidth saved through IP videoconferencing to be automatically reallocated in support of other applications on the TTUHSC WAN. For more information regarding this project, please contact Warren Dyer at 3-1500, x-244, e-mail warren.dyer@ttuhsc.edu; or Paul Thomas at 3-1500, x-232, e-mail gpaul.thomas@ttuhsc.edu. Update on Data Center Upgrades by Gordon Essary, Senior Director In my last article, I outlined additional upgrades planned for the Data Center. The status of each planned upgrade is listed below. Physical Security Enhancements All entrances to the data center controlled by a key have been re-keyed to a common master and a very limited number of essential personnel have a copy of the key. Most all data center personnel enter and exit the data center via two doors controlled by a badge reader. The current security cameras will be replaced and additional cameras added. Proposed date for the security camera replacements/additions has been pushed back to the second quarter of 2009. Additional Fire Suppression System The new FM200 fire suppression system is now in place and fully functional. The original Halon system remains in place and is configured as a manual backup system should it become necessary. Additional Cooling System The new CRAC (Computer Room Air Conditioning system) installation is currently in progress. The piping installation for the glycol and chilled water lines is mostly complete, but the installation of the condensing unit pad has not yet begun. Estimated date for completion of installation is early second quarter of 2009. Additional Uninterruptible Power Supply The additional uninterruptible power supply is in house, but installation has not yet begun. Estimated date for completion of installation is early second quarter of 2009. TechTalk PAGE 7