CIO's Blog

Stephen Frazier, Western Illinois University


Were You a Victim of the Recent “Google Docs” Worm?

logo_docs_128px

Stephen Frazier has shared a document on Google Docs with you! Or has he…?

On May 3, a particularly tricky worm spread like wildfire throughout the Internet by means of phishing emails that claimed to be from Google. These email messages fraudulently claimed that someone, possibly known to the recipients, shared a Google Doc with them.   Classic phishing attacks typically involve sending emails in order to trick people into revealing personal information such as usernames and passwords and/or credit card numbers.

Unbeknownst to users who clicked on the link in the phishing email and granted access to their Gmail data, a malicious virus then had access to all of their email messages and contacts. The phishing message was then automatically forwarded to their contacts!  Several detailed breakdowns are available online regarding how this attack worked, why it was so successful, and what giveaways should have alerted people to the scam.

A Google spokesperson told Business Insider that 0.1% of Gmail users were affected.  That may seem like a small percentage… but Gmail is host to at least 1 billion active users!  Thus, nearly 1 million people may have been affected by the virus within a few hours before it was shut down.  From a criminal perspective, it was a rapid and rousing success!

Western Illinois University uses G Suite (formerly known as Google Apps for Education) for its email/calendaring solution, which made this attack rather successful. University Technology estimates that over 900 WIU users fell for this phishing email. The phishing message was so cleverly disguised that it even gave pause to many of us in University Technology – the email came from a known contact, the message had a convincing appearance, and our institution recently adopted Google Docs.   

Within an hour of first noticing the email, University Technology had notified faculty, staff and students of the issue and provided instructions on protecting affected accounts.  Our Support Center and infrastructure teams started contacting individuals affected and severed the connection between users’ data and the underlying  malware.  

Despite its success, many within the University community recognized this scam and reported it to Google. We congratulate these individuals, as they, along with other people around the globe, brought this phishing scam to a quick halt.  Everyone has a duty to learn to recognize and respond to phishing scams – those that fail to do so risk handing over their personal data or the University’s data to hackers, thieves and other nefarious actors.

Please remember that you can change your WIU ECom password at any time – you do not need to wait until your password expires. If you ever question whether your account may have been compromised or you simply want to change your password to be something more secure, you can do so by logging in to Guava and clicking the “Password” icon.


Enterprise Resource Planning at WIU

WIU may well be the last university in Illinois that still develops and maintains its own business systems running on a mainframe.  For dozens of years, applications tailored and customized specifically to WIU’s business needs have been developed by Administrative Information Management Systems (AIMS), primarily in the COBOL programming language.  These applications and databases are running on our mainframe located in the data center on the Macomb campus.

mainframe1

John Pontifex, Information Technology Manager in University Technology, stands next to WIU’s IBM 2818 Model M05 mainframe in the Morgan Hall datacenter.

While this has provided WIU with certain advantages, such as being able to get award letters out to students sooner than most other schools, it lacks many of the features found in newer systems (including intuitive user interfaces, the ability for end users to get the data they need and are authorized to access without submitting a programming request, dashboards, etc.).  We cannot compete with many of the vendors’ newer applications that are backed by huge programming teams (numbering in the hundreds or even thousands).  Many new staff who join Western from other institutions have come to expect the features found in these newer systems.

In January 2015, WIU contracted with the BerryDunn consulting firm to review our ERP (Enterprise Resource Planning or business systems) to review our electronic business processes, most of which are running on the mainframe (MVS) system. Throughout the Spring 2015 semester, their consultants visited the Macomb campus, surveyed WIU employees and dug into the details of our technological processes.  They were specifically asked to evaluate our mainframe system, applications, and business processes and to provide us options as we move into the future.  They were not, however, to make any specific recommendations regarding a particular system or vendor.  Their final report was delivered to us in July 2015.

In December 2015, we again engaged them to help us evaluate the different models available for ERP systems (Software as a Service, Commercial Off the Shelf, and Community Source).  They contacted and facilitated dialogues with other institutions who have converted their ERP systems and identified WIU’s next steps in selecting a different ERP or to enhance our current one.  Subsequently, EAB (formerly known as the Educational Advisory Board) conducted research and produced reports for us on cloud-based ERP selection and implementation.

Since then, the steering committee of WIU’s Enterprise Task Force (ETF), which includes two of our vice presidents, made the decision to pursue cloud-based Software as a Service (often referred to as SaaS) models.  An ERP cloud-based solution, subscription-based, is a suite of applications running on a vendor’s servers that we would access through the Internet instead of servers in our data center.  One of the advantages of this solution is that the vendor is responsible for developing and maintaining all applications… and updating them to meet new state and federal requirements, which is becoming more difficult for WIU given that the pool of available programmers who are proficient in COBOL is shrinking, reductions in WIU staff, and retirements.  

A cloud-based solution will require us to embrace a different mindset.  Departments will no longer be able to request new custom applications that AIMS would then prioritize and develop.  While WIU could request the vendor to develop new applications, those would only be available if the vendor develops and releases them–which would be based on the needs and priorities of their entire user base.  

The ETF is now in the process of reviewing some cloud-based products by means of on-site, high-level demonstrations of their Human Capital Management/Human Resources, Financial & Student Information modules.  To that end, we have invited some vendors to campus solely for the purpose of learning more about cloud-based systems.  It is important to note that WIU has not issued a RFP and it is likely that we are three to five years away from actually making a switch to a new system.  During that future implementation phase, we will need to maintain our current ERP while focusing on getting the greatest use of the functionality available in the new system.  The conversion will take considerable effort on everyone’s part (both AIMS and end-users).  From what we’ve seen thus far, however, the work will be well worth it!


Changes Coming to WIU’s Wi-Fi on May 26

On the evening of May 26, 2017, University Technology (uTech) will be making changes to the University’s wireless networks. After May 26, all users of WIU’s wireless networks must configure their wireless devices to properly reconnect to Wi-Fi on the Macomb and Quad Cities campuses.

How Will I Connect My Laptop, Tablet, or Smartphone?

After May 26, you must connect to the WIU-SETUP network, open a browser, and follow the on-screen instructions to properly register your device(s). After the registration process is complete, your device will automatically connect to the new WIU-SECURE wireless network.

How Will I Connect Multimedia, Gaming, and Specialty Devices?

  • In residential areas of campus (residence halls and graduate/family housing), you can connect your smart TV, Xbox & Playstation consoles, Roku players and other devices that don’t support the WPA2-Enterprise protocol by logging in to https://security-es.wiu.edu from another computer and selecting the option to register a device using a pre-shared key. You will need your device’s MAC address, often times found within the settings or on the back/bottom of the device. After registering, you will be provided login details on how to connect to the WIU-DEVICE wireless network.
  • In nonresidential areas of campus, employees who have multimedia or specialty wireless devices that don’t support the WPA2-Enterprise protocol will need to contact their department/college technical representative or the uTech Support Center for authorization to connect these devices to wireless.

Why Is the Wireless Network Being Changed?

Currently, there are six wireless networks available on campus. uTech is reducing this number by half in order to help eliminate confusion, improve connectivity & security, and simplify the process for connecting.

  • Now through May 26: The available wireless networks will remain WIU-SECURE, WIU-GUEST, WIU-PUBLIC, WIU-SETUP, WIU-DEVICE, and WIU.
  • After May 26: The only available wireless networks will be WIU-SETUP, WIU-SECURE, and WIU-DEVICE. All users of WIU’s wireless networks will need to follow the appropriate directions above to configure their device for wireless access.

Who Do I Contact for Assistance?

Faculty and staff in academic units are encouraged to contact their local college tech reps for questions and assistance. All others can contact the uTech Support Center at (309) 298-TECH, visit us in Stipes 126, or chat with us online at wiu.edu/supportcenter. You can also find instructions and documentation for connecting to wireless networks in the uTech Support Portal knowledgebase at wiu.edu/kb.


Update on University Anti-Piracy Efforts

It is natural for young people to want to download music and video content.  However, doing this on campus using peer-to-peer file sharing often violates copyright law and puts both themselves and the University at risk. Because there are legitimate users of peer-to-peer (P2P) file sharing, however, University Technology did not want to block P2P traffic on WIU’s networks.  As a result, WIU received a large number of “DMCA takedown notices” for many years from the entertainment industry.

In order to comply with the Digital Millennium Copyright Act (DMCA) and Higher Education Opportunity Act (HEOA), Western Illinois University (like all public universities in the United States) was required to implement a process to deter and sanction unauthorized distribution of copyrighted materials on our networks. In March 2015, a WIU policy (the aptly-named DMCA and HEOA Response Policy) was approved and technology-based deterrents were subsequently deployed in April that year to help enforce it.

This coming April will mark the two year anniversary since its implementation. Although the illegal downloading and sharing of copyrighted materials continues to be an issue both on campus and around the globe, we wanted to share some data on how this technology has impacted illegal downloading of copyright materials at Western.

In December 2014, an appliance was activated on Western’s computer network that began monitoring illegal file sharing. This device issued warnings to users when such activity was detected but it took no other action. The warnings, however, served to educate users about copyright infringement, options to legally download material, and they also helped to get the word out that the new policy would soon be enforced.

After WIU’s DMCA and HEOA Response Policy was approved a few months later (April 2015),  University Technology used the appliance to implement a four-step graduated response system.  In general:

  • Level 1 Sanction: Upon a first offense, the user’s browser is redirected to a warning page indicating that illegal activity has been detected. The user’s Internet access is then disabled for two hours.
  • Level 2 Sanction: If a second offense occurs, the user’s web browser is again redirected to the warning page, and his/her Internet access is disabled for 48 hours.
  • Level 3 Sanction: If a third offense occurs, the user’s web browser is redirected to a warning page, and the user’s Internet access is disabled until the user personally meets with a designated University Technology staff member to discuss the ongoing copyright violations.
  • Level 4 Sanction: If a fourth offense occurs, the user’s web browser is redirected to a warning page, which states that Internet access has been blocked. Penalties for violation of academic policy may apply and, depending on his/her role at the University, the user is required to appear before Student Judicial Programs or the Office of the Provost.

It is important to note that a sanctioned user still has access to computers in the labs to complete homework assignments and to do research.  Of course, these computers are also being monitored.

Prior to implementing this network device, the University received individual copyright infringement notifications via email (i.e., DMCA takedown notices) from major record labels, movie studios and other copyright holders. These were entered as tickets in University Technology’s tracking system and assigned to a Support Center or Network Team staff member to investigate and handle.  This was a time-intensive process that did little to deter or educate repeat offenders. In the Fall 2014 semester alone, we received 924 of these copyright infringement notifications.

image.png

As evidenced in the chart above, when the technology-based deterrent was implemented towards the end of the Spring 2015 semester, infringement notifications received by our Support Center plummeted to 336 that semester (a 64% decrease from the previous Fall), and then down to 90 in Fall 2016 (another 73% decrease from the previous Fall).  In Fall 2016, there were only four devices connected to Western’s network that made it to the Level 3 sanctions that required each user to meet with University Technology staff before their Internet access would be reinstated.  There have not been any Level 4 sanctions to date.

Although our technology-based copyright infringement deterrent has only been in place for a short time, the data indicates that it is working.  There are now far fewer copyright holders notifying the University about infringement.  The fact that there have been very few Level 3 sanctions indicate that otherwise-would-be repeat offenders are paying attention to the warnings and choosing not continue to participate in infringement on Western’s network.


Predicting and Planning for Future Technology

From an evolutionary standpoint, we are on the brink of profound and intriguing technological advances… some that will occur sooner than most might think. While preparing to update Western Illinois University’s IT Strategic Plan, I researched predictions for the future of technology and higher education for the years 2017 through 2050. Although this article is long (particularly for a blog post), I wanted to share where we are at and some exciting future prospects that may be in store for us.

Today, it shouldn’t surprise anyone that significant business change is nearly impossible without the use of information technology. It touches nearly every aspect of higher education. For students, it begins the moment they (and their parents) visit a university’s website and it continues well after they graduate. Higher education, therefore, grapples with a host of technology-related issues, including security, privacy, and compliance. Technologies and trends higher education embraces include data mining, predictive analytics, the Internet of Things (IoT), cloud computing, consumerization, mobile devices in the classroom… only to name a few. Also, there is an insatiable demand for more bandwidth on campuses and students expect their colleges and universities will have equal or better technology than they enjoyed at home.

Keeping up with these challenges is… well, challenging, especially in light of the great upheaval that is taking place in higher education. Across our nation, most state appropriations for public educational institutions are continuing a downward spiral, forcing admissions to be increasingly competitive and universities to look for new funding models. While colleges and universities use technology to help differentiate themselves, “there will be very little difference between public institutions and private institutions in terms of their funding, or their cost structures, or their tuition (fees),” if this funding trend continues, according to Robert Reich, who was secretary of labor under the Clinton administration and now a professor of public policy at UC Berkeley (Havergal, Times Higher Education, 27 September 2016). Many employers today consider higher education to be a checkmark rather than a differentiator when hiring. Some have concluded that higher education needs to be free in the future (just as high school education is today). Also, education is becoming less confined to a specific location and less proprietary. Thus, it seems that the only constant is change itself.

Compounding this situation is the phenomenal pace at which technology is changing. Technologies that were merely science fiction yesterday are now being patented, tested in labs, and even successfully demonstrated in the real world. For example, Quantum Teleportation, which involves separating intertwined particles that react identically when one of them is acted upon (yes, even when separated), has now been successfully tested over four miles of city fiber. This may eventually enable secure transmission of data through the Internet. Brain-to-brain communication through the Internet (one person thinks of a word and someone in another country perceives it) has been demonstrated with up to a 60% accuracy. And someday, when computer chip manufacturers switch from making silicon-based chips to ones using new materials (nanomaterials, grapheme, neuromorphic, memistrors, etc.), today’s computation speed barrier will give way to speed of light computing (perhaps a quintillion calculations per second). That will pave the way for mind-boggling virtual personal assistants that understand the context your questions and every nuance of your speech… and will instantly answer extremely complex questions in an ongoing conversational mode (without the need for you to repeat what had been said before when you change some of the parameters of you questions). Virtual and augmented reality, as well as tactile holograms that can be touched and felt, will be making their way into our everyday life in the years ahead. With these technologies, children born between the years 2025 and 2045 may be able to control web-connected objects with their minds and communicate “telepathically” with their peers. These “young wizards,” who will adopt new technologies that earlier generations resist, will be “so far beyond [our] experience that [we’ll] be to them what [our] great grandparents are to [us]: cavemen” (Tal, QuantumRun, 29 July 2015).

While the advancement of technology hurtles forward at a dizzying speed, so does the relentless barrage of attacks by threat actors, some which are funded by foreign governments. In light of one major and costly breach after another, the public understandably is questioning detection and remediation practices. Adam Levin, chairman and founder of IDT911 LLC said, “…we live in an environment where breaches have become the third certainty in life (Heller, TechTarget SearchSecurity, 23 Sep 2016).” A few years ago, nearly two-thirds of the traffic on the Internet was generated by non-humans, so it is not surprising that attacks are now branching out into new areas. For example, the IoT, which is a relatively new concept to many, recently came under a denial of service attack.

Amidst this turbulent whirlwind of change and challenges, individuals and institutions can no longer afford to just simply maintain their status quo. As Howard Tullman said, “If you’re trying to just hold steady, you are slipping backward. (Morris, Engineering News, Northwestern McCormick School of Engineering, 28 Jan 2016).” Colleges and universities must continue to invest in technologies and they must keep pace with the evolving technology to succeed in the future.

Unquestionably, WIU must plan for technological change. To build tomorrow’s computing environment on our campuses, we can’t wait for tomorrow… we need to start planning today. That’s why our 2013-2018 IT Strategic Plan is being revised. In the near future, students, faculty and staff will be invited to review the new 2017-2023 plan and to provide their input. I invite you to watch for this in the coming days and to add your suggestions and comments… so that we may think big and implement technology responsibly in the years to come!


WIU Now Using Zoom For Video-Conferencing

ZoomLogoVideo-conferencing just became easier for WIU students, faculty, and staff. Until the summer of 2016, the University’s preferred video conference software was Adobe Connect. However, when Adobe announced that its annual subscription was going to increase more than 300%, University Technology (uTech) began to explore alternatives.  Zoom was identified as a cost effective, scalable, and flexible alternative.  We also think you will find that it is much easier to use than Adobe Connect.

WIU students, faculty, and staff can go to WIU.zoom.us to sign up for a free “Basic” account using their WIU email addresses. These free basic accounts are limited to 40-minute sessions and traditional video conference rooms (such as a Polycom room) cannot be invited to a Zoom meeting.  However, Pro accounts do not have the 40-minute limit and, with an additional license, can connect to Polycoms.  Pro accounts are available for purchase.  To find out more about Zoom, we encourage you to visit http://WIU.zoom.us.  

uTech coordinated a group purchase of Zoom licensing with the College of Education and Human Services, University Libraries, the Center for Innovation in Teaching and Research, and the office of the Vice President for Quad Cities and Planning to take advantage of volume pricing options. If you are interested in obtaining a Pro account or a Room Connector license, please contact the uTech Support Center at (309) 298-TECH or support@wiu.edu.

How Zoom Works

Zoom meetings can be created very simply:

  1. One person starts or “hosts” a meeting and may invite up to 50 participants to join. The host is the only party required to have a Zoom account and he or she can choose to host the meeting from a desktop computer (Windows, Mac OS, or Linux) or mobile/tablet device (iOS, Android, or Blackberry) just by installing the free downloadable mobile app or logging into the zoom.us website.
  2. Participants may choose which method they are the most comfortable with when connecting to the meeting. They can also connect with audio-only by calling a phone number included in the meeting invite.

For a typical Zoom meeting, each host and participant needs speakers, a microphone and a webcam. These devices don’t have to be expensive to provide a great experience. Basic speakers and a webcam such as the Logitech HD Pro C920 ($80) wzoom_laptopith its built in microphone will give you a great picture and audio.

Zoom is a cloud-based system so the desktop applications, mobile apps, and all the backend technology to make the system work is provided by the company. Unlike traditional video conference room systems (such as Polycom, Lifesize, or Cisco), neither hosts nor participants are tied to a specific location. Hosting or joining a meeting can happen from anywhere there is a reliable internet connection and little background noise.

With the purchase of a “Room Connector” license, Zoom hosts can invite a traditional video conference room system to a Zoom meeting as well. That capability is useful if several people want to participate in the meeting from the same location.

Zoom also boasts several other advanced features that are flexible and easy to use:

  • Hosts or participants can share whiteboards or other content and allow other attendees to annotate as the originator sees fit.
  • Entire meetings or portions of meetings can be recorded by the host and hosts can individually allow participants to record as well.
  • Public and private meeting chats facilitates communication between those who need to be involved without overwhelming those who do not.

Zoom combines its simple and well-designed interface with the ability to participate from various geographic locations and freedom to allow participants to choose the technology each are comfortable with for a great win. The quality and price of Zoom will be very difficult to match.