Winter 2006

In this issue:

A Simpler Way – Using Outlook from Off-Campus

Emails from IT to Contain Digital Signature

CSI: UW Episode 2
"Lock & Key"

Adobe Acquires Macromedia

TV Over Ethernet Coming to UW

Banner Melds HR and IT Goals: Not the Hiring Paperwork Again

SPAM and Emails with Viruses – Emails with Viruses to Be Quarantined and Deleted

Software Assurance Renewal Approaching – Microsoft Select and Campus Agreements

SIS & WyoWeb Portal Update

eNews Extra:

New Look for Outlook Web Access

Be Careful When Scheduling Meetings with Room Reservations in Outlook

(eNews Extras are late-breaking stories not included in the printed version of this newsletter)

A Simpler Way –
Using Outlook from Off-Campus

For several years, users have been able to access Microsoft Outlook for their email from off-campus, but the process has required a VPN session* (www.uwyo.edu/infotech/vpn/) since the installation of the UW network firewall (www.uwyo.edu/firewall/). There is now a much simpler, easier way to get your email.

A new Outlook feature allows the use of Outlook from off-campus without the need for a VPN connection. The new feature, called Remote Procedure Call over Hyper Text Transport Protocol Secured (or RPC over HTTPS), utilizes an encrypted network tunnel – similar to what is used for secure Web pages – between the Outlook user and the Exchange email servers.

Outlook RPC over HTTPS is recommended for home and remote users who have been establishing VPN connections to the UW network in order to run Microsoft Outlook. (VPN connections will still be required for remote desktop access and for other connections to computing resources behind the UW firewall.) Although not recommended for desktop computers on the UW network, RPC over HTTPS is supported on the UW network. Thus, laptop computers that are used both on and off campus can be configured to always use RPC over HTTPS, eliminating the need for users to reconfigure depending on their location.

Instructions for configuring Outlook to use RPC over HTTPS can be found at www.uwyo.edu/askit/displaydoc.asp?askitdocid=162&parentid=1.

*UW Dial-in and DSL connections are currently configured as being on-campus.

 

Emails from Information Technology to Contain Digital Signature

From time to time, informational and notification emails are sent from Information Technology (itech@uwyo.edu) to students, faculty and staff at the University of Wyoming. With all of the spam, phishing, and other illegitimate emails common in recent months, IT has received questions regarding how recipients can know that email from UW IT is valid.

The most common way to ensure recipients that an email is valid is to digitally sign email with a digital certificate issued by a trusted certificate authority (such as Verisign, Inc.). In the future, email sent by IT will be digitally signed. The email header in Outlook 2003 will contain the information shown at right. By clicking on the digital signature icon, recipients can view the details of the signature and verify its authenticity.

More information on the Banner and WyoWeb implementation projects can be found on the About WyoWeb site (www.uwyo.edu/aboutwyoweb) or by contacting Jim Berrigan, IT Project Manager, at berrigan@uwyo.edu or 766-2636.

CSI: UW Episode 2 "Lock & Key"

What kind of damage could someone do if they had your password? Well, your password is like a key to a lock: With it, others have access to everything you own. They can represent themselves as you and send email under your name. They can purchase items from Web sites where you have enabled one-click shopping, access and use your bank and other sensitive account information without your knowledge, affect your credit rating, or steal your identity. They can also gain access to University systems that contain sensitive employee, student, and financial information.

Security is your responsibility. Help keep your personal information and the University of Wyoming’s data safe by using secure passwords. Below are some tips on keeping password crackers at bay.

Secure Passwords

Pick a strong password. The easiest way for someone to gain access to your accounts is to figure out your password, and it is easier to crack a password than you might think! For example, if you only use six characters in your password, and they are all lowercase (abc), a password cracking program can crack your password in under five seconds!

The following chart gives the approximate times to crack sample passwords of different lengths and varying characters with a password cracking program running on a 500 MHz Pentium III computer (this illustration is one reason why UW requires locking out accounts after three incorrect attempts):

Password	Time To Crack
Sublimate	2 seconds
Checkmate1	3 seconds
CheCkmate	Less than 1 second
ChEck12	26 seconds
CheCk123	14 minutes 22 seconds
3x0n3rat3	4 hours 16 minutes 45 seconds
5ygn6thb	Could not be cracked using the dictionary hybrid methods; requires brute force

 Some tips for creating a secure password:

DO:

• Make your password easy to remember. You should be able to type it quickly without having to look at the keyboard.
• Use at least 8 characters when creating a password. Make your password a mix of uppercase and lowercase letters, numbers, and special characters (if permitted).
• Change your passwords routinely – at least every 60 days.
• Embed extra characters/misspell. For example, if you wanted to use "SunShIne", try "SunSShIne" or "Sun$$hIn3".
• Use unusual capitalization. For example, instead of "Buckaroo", use "BuckArOo".
• Concatenate two or more words or parts of words when creating your password.

DON’T:

• Use simple keyboard patterns like A1B2C3D4, or p0o9i8u7. These are very easy to crack.
• Use your username, or simple permutations of your username. For example, if your username is Bigfoot, your password should not be Bigfoot, BigFoot, footbig, etc.
• Use any personal data (any data someone might associate with you). This includes names, nicknames, pets, social security numbers, phone numbers, birthdates, or license plate numbers.
• Use words that can be found in the English dictionary. A modified phrase works the best. For example, instead of "Sunshine", use "L3tTh3$$hIne". Instead of "Christmas", use "Xms25thovDec".
• Use words in a foreign language, especially if the language used can be guessed (for example, if it is your native tongue).
• Use university, college, or state team names, like "COWBOYS". These can be very easy to crack.
• Use names of famous people, places, things, TV shows, etc., that can be associated with you. For example, if you like the show Law & Order, you shouldn’t use LawOrder as a password.
• Use "password", "secret", "god" or "root".
• Give your password to anyone else. Ever. Not even to your co-workers or managers.
• Record your passwords anywhere they could be vulnerable. If you must write them down, keep them in a safe place that no one has access to. Never post them on your monitor or under your keyboard.
• Use the same password for all of your accounts. If your password is cracked, the hacker will have access to everything.
• Use the same password, or the same 2 or 3 passwords, over and over when you have to change them.
• Use any of the examples above as your password!

Current updates, free software, and information on UW’s Computer Security Initiative may be found on the CSI: UW computer security pages (www.uwyo.edu/security). You can contact the IT Help Desk at (307) 766-4357, option 1; or send an email to userhelp@uwyo.edu.

Adobe Acquires Macromedia –
Flash, Dreamweaver at Discounted Prices

This past December, Adobe Systems, Inc. announced the completion of its acquisition of Macromedia, Inc. As a result, the University of Wyoming’s Adobe CLP Agreement now includes Macromedia software such as Dreamweaver, ColdFusion, Fireworks, Flash, and more at discounted prices. A complete list of Macromedia and Adobe software titles and prices is included on the Adobe/Macromedia Products and Pricing Web page (www.uwyo.edu/infotech/services/sales/software/adobe/prices.htm).

TV Over Ethernet Coming to UW

The University of Wyoming recently acquired new hardware and software that will allow users to view live television broadcasts on desktop computers connected to the campus data network. In addition to live TV broadcasts, users will be able to view live meetings, events, or other presentations at the University of Wyoming. Videos can also be archived on a Video-on-Demand (VoD) server for later viewing at each viewer’s convenience and streamed to off-campus computers. However video quality is dependent on the user’s network speed.

Future IT newsletters will provide additional information about this service. Departments who are interested in hosting live meetings or events should contact Robert Morrison, Director of Telecommunications and Systems Services for additional information.

"Not the Hiring Paper Work Again" –
Melding HR and IT Goals Through Banner

Information Technology and Human Resources are teaming up to inform all departments about the benefits of getting hiring paperwork completed early. There is much more at stake than ensuring a checkmark is placed next to the "I-9"section of the hiring forms.

What’s in it for a department or for the new employee if the paperwork is turned in well before the first day of employment? For one thing, if new employees are expected to use a computer to perform their tasks (aren’t we all?), they’ll need a UW computer account, which gives them access to e-mail, departmental and personal data storage, administrative computing systems (where applicable), and access to software and resources they’ll need to do their job.

Using Peoplesoft and the new Banner system, the University of Wyoming has been automatically creating accounts for all new employees and students since August, 2005. With this change in processing comes a refreshed set of expectations for the hiring departments: When the hiring paperwork is completed and turned into Human Resources, an HR employee inputs the data, as does the Payroll Office. That data input automatically triggers the computer account creation for the new employee. Departments that wait to submit hiring forms run the risk of a new employee not having computer access until all of the data has been input by HR and Payroll.

It’s important to be aware of who needs to sign the hiring forms – the department’s office, the College’s Dean’s office, Academic Affairs – before they ever land in HR’s inbox. Also, with the new felony hiring policy, a copy of the signed application or disclaimer may need to be attached to the hiring form. Be sure to allow enough lead time for all responsible signing authorities to process the forms and submit them to HR well before the employee’s start date. That way, the new employee will have the computing tools, accounts, and resources needed to get started on their first day.

If hiring departments are concerned that they cannot complete the hiring form requirements and checklists because of the remote physical location of an incoming employee, HR will accept notarized copies of personal identification documents – along with the signed I-9 – via fax on or before the employee’s first working day. The original I-9 and notarized documents should be delivered to HR ASAP; the faxed I-9 will be considered pending until the original documents are received.

Top 10 Reasons for Processing Hiring Forms Early

10.	For international employees, allows time to verify all necessary documents are in order and the employee has the right to work in the United States.
9.	Ensures all needed documents have been processed (i.e. I-9, W-4, direct deposits, signed application or felony disclosure, post offer forms, etc.)
8.	Guarantees employee is covered by Workers’ Comp.
7.	Complies with UW’s felony hiring policy.
6.	Gives the paperwork enough time to be processed through the correct appointing authorities.
5.	Provides sufficient time for employee to make an informed decision regarding benefits options.
4.	Makes sure employee gets scheduled for New Employee Orientation
3.	Avoids having to rush, beg, and plead for emergency processing
2.	Obtains UWYO computer and Exchange e-mail accounts
And the #1 reason for processing hiring forms early:
1.	Ensures the employee can get paid on time!

IT and HR want to ensure a positive employment experience with UW. Following this advice will help departments, employees, and administrative offices do the work that needs to be done.

If you have questions or need assistance completing the steps needed to hire a new employee, please call Human Resources at 766-2215 or e-mail jobapps@uwyo.edu.

If you have already submitted the hiring paperwork in a timely manner and have questions about the status of a new account, please contact Information Technology’s Help Desk at 766-HELP (4357), option 1.

SPAM and Emails with Viruses –
Emails with Viruses to Be Quarantined and Deleted

Antivirus and Antispam software running on the UW central email gateway analyzes all incoming email in order to identify virus attachments and email that is likely to be spam. The subject line of email identified with viruses or spam is modified by the system and "tagged" to reflect the likely nature of the email, either [VIRUS REMOVED] or [SPAM-X]. When a virus is found, the virus attachment is removed and a message notifying the recipient that a virus was found is substituted.

IT is frequently asked, "Why don’t you just delete all messages identified with [SPAM]?" While spam identification* has become fairly accurate in recent years, it will never be completely accurate. After all, one person’s spam is another person’s research. This is why IT cannot simply delete messages tagged as [SPAM]. Thus, IT must continue delivering all email identified as spam, but we will continue working to make the processing of such email as easy and efficient as possible.

On the other hand, identification of email with virus attachments is highly reliable. Few, if any, emails with suspected virus attachments have been improperly categorized. Messages with virus attachments are seldom legitimate emails, and as such, IT plans to quarantine and then delete emails with virus attachments rather than deliver them to user mailboxes. Users will no longer receive emails with virus attachments. They will be quarantined for a short period of time and then deleted.

* Tagging the subject line of spam emails with information about the likeliness of spam has allowed email users to create custom Outlook rules and filters to move the messages to Junk Email folders. See "How to Create Folders and Rules for Moving Messages in Microsoft Outlook" (www.uwyo.edu/askit/displaydoc.asp?askitdocid=227&parentid=1) for options that allow for the automatic deletion, filing, or other processing of spam email.

Software Assurance Renewal Approaching –
Microsoft Select and Campus Agreements

Software Assurance for Microsoft Select 6.0 products will expire July 31, 2006.

Customers who have Software Assurance for any licensed Microsoft Select product – including FrontPage, Project, Publisher, Visio, VStudio.NET, and server software – should consider taking an inventory of their software in the coming months, as Software Assurance will expire July 31, 2006.

Software Assurance (SA) allows customers to upgrade their software at no additional cost during the term of the Microsoft Select License agreement, which is usually three years (anticipated to be in effect from August 2006 to August 2009). If you choose not to renew, you may continue to use the version of the software you paid for. However, users who allow their SA coverage to lapse must acquire a new license to upgrade in the future. Also, users may not acquire SA for products that were previously paid for but not enrolled in SA at the time of purchase.

Microsoft Office and Windows operating systems are provided at no charge to UW departments through the Microsoft Campus Agreement. Software Assurance and renewal is not needed for the Microsoft Office and Windows operating system products on University owned computers.*

To assist our customers in their Microsoft software inventory assessment, IT can provide a list of renewal eligible software licenses that departments have purchased with SA. Please contact Sara Davis (sarad@uwyo.edu or 307-766-3686) to request a list for your department or your individual username. It is recommended that you start your inventory early to allow enough time for all requests to be met.

To facilitate the process of SA renewal, departments may wish to appoint a single person to review the SA list provided by IT, determine what should be renewed, and submit a single IDR for the department after the prices have been posted to the Web.

In May of 2006, Information Technology will post a renewal price and product list for SA titles. The list will be available from the UW Microsoft Select Web site (www.uwyo.edu/infotech/services/sales/software/select.htm). IDRs for payment will be accepted at that time. IT customers will be notified through email after the site is updated.

What Is Microsoft Select License 6.0?

Information Technology manages and administers two Microsoft licensing agreements – Campus Agreement 3.0 and Academic Select License 6.0.

Campus Agreement allows UW faculty and staff to install or upgrade to the latest versions of Office Professional® for Windows and Mac over the term of the agreement. At no additional cost, departments may upgrade the Windows operating system.

Academic Select License 6.0 enables faculty and staff to purchase product licenses to run software not covered by Campus Agreement. (Popular products include FrontPage, Project, Publisher, Visio, VStudio.NET, and various server software.) Through this program, UW is able to secure volume pricing on various Microsoft products, which significantly reduces costs to UW departments and colleges.

Microsoft Select License 6.0 is effective August 1, 2003, through July 31, 2006 and will be renewed in the summer of 2006 for another three year term.

For a complete listing of all Microsoft Select License 6.0 products and pricing, see the UW Microsoft Select Web site (www.uwyo.edu/infotech/services/sales/software/select.htm). Prices and availability are subject to change without notice. To purchase Microsoft Select products, please address IDRs to Information Technology and include the user’s full name, username, and product name, and the part number of the software license. Please send the IDR to Sara Davis, Information Technology, Client Support Services, Ivinson Building, Room 140.

*Cooperating local, state, and federal agencies do not qualify to receive software under Campus Agreement. See the Software Licensing page (www.uwyo.edu/infotech/services/sales/software/) for more information or contact Sara Davis for assistance in determining eligibility for Microsoft Campus and Select License agreements.

Student Information System and WyoWeb Portal Update

The projects to implement the new Banner student information system and the WyoWeb portal are in full swing. With the successful deployments of the Banner Admissions and Banner General Person modules in August, 2005, the project successfully met key milestones and set the stage for the implementation of the rest of the software.

Even with the many changes coming in the realm of financial aid, including the proposed implementation of the Hathaway Scholarship program for Fall, 2006, January 2006 saw the successful deployment of Banner Financial Aid. Banner Financial Aid will assist the Student Financial Aid Office in accessing, packaging, awarding and tracking student financial aid for future semesters, beginning in Fall, 2006. When combined with WyoWeb, Banner Financial Aid will allow students more visibility to the financial aid process, including the ability to accept awards online, reducing paperwork and speeding processing.

In March, 2006, Banner Registration and Students Records components will be deployed, taking over the activities of Hole-in-the-Wall and much more. Hole-in-the-Wall will be used for Summer, 2006 registration, but in Fall, 2006, Banner and WyoWeb will take over. Future semesters will then be done exclusively through Banner and WyoWeb; Hole-in-the-Wall will be retired.

On March 6th, 2006, the WyoWeb portal will be made available to all current students, faculty and staff. While this project has experienced some delays due to the need to ensure appropriate levels of security and stability, the portal has been well-received in demonstrations and in student, faculty and staff focus groups. The project team has completed its development and testing of WyoWeb and is proceeding with the final steps required to make WyoWeb available to the UW community.

Completing the implementation project, late summer, 2006 will see the implementation of the accounts receivable and student billing components of Banner - WyoWeb will contain portal channels that will assist students in viewing and paying their bills. These components will be deployed immediately before the Fall, 2006 semester, and will be used from that point on.

Beginning in February, general training in Banner will be offered to faculty and staff. This training will assist those who require the use of Banner in the execution of instructing, class scheduling and interacting with students in an administrative capacity. Demonstrations and one-on-one assistance will also be available for WyoWeb. Please see the About WyoWeb site (www.uwyo.edu/aboutwyoweb) for the most current information on training sessions for Banner and WyoWeb.

For more information on these projects and upcoming changes, continue to watch for new articles on the About WyoWeb site (www.uwyo.edu/aboutwyoweb) or contact Jim Berrigan, IT Project Manager, at berrigan@uwyo.edu or 307 766-2636.

eNews Extra:
New Look for Outlook Web Access

The appearance of Outlook Web Access (OWA) will change Feb. 25th. Internet Explorer users will be presented with some additional options on the login screen. Other browsers may behave differently and may not display all options.

Once the new login page is active, click on the “what’s this?” link for details on the new login options that are presented with each choice.

eNews Extra:
Be Careful When Scheduling Meetings with Room Reservations in Outlook

The meeting scheduling capability in the Outlook/Exchange calendar system is a very powerful tool. In addition to inviting people to a meeting, it is also possible to reserve rooms and other resources.

A room can be scheduled if it is assigned as a resource in the Exchange system. (An Exchange Resource is a special Exchange account that represents a place or object instead of a person.) The most frequent use is for conference rooms, but can also include vehicles, AV equipment, and more.

Exchange permits shared scheduling of these resources. As such, users need to be aware of what the scheduling system allows to be seen. When scheduling a room along with a meeting be careful not to post confidential information, text or attachments to the appointment. Anyone with the ability to reserve the room has access to the details of the meeting. As an example, if everyone in a department can reserve a particular meeting room then they can see the details of any of the meetings scheduled for that room.

This is not a security risk as long as users do not attach sensitive information to meeting requests. For more information on using Exchange resources and room reservations see the Exchange Resources FAQ (www.uwyo.edu/askit/displaydoc.asp?askitdocid=449&parentid=1).