Computer Encryption - 6/24/2008

You are all aware of the directive from the Provost through the College regarding required encryption of laptop computers containing Critical Data as defined by the Institutional Data Policy. This memo is to explain the process as it will occur on the Wooster campus. Please Note: Encryption is also required for desktop computers that contain critical data. The staff of Computing and Statistical Services will be conducting a physical inventory of computers on campus to determine which machines meet the minimum requirements of the MCSS and which ones contain or might at times contain critical data. Since it is impossible to prove that a stolen or lost computer did not have critical data, we will be taking the approach that any computer that might potentially contain such data will be encrypted using Safeboot so as to negate any questions should a loss or theft occur. These laptops would be those of department administrators, department office associates, faculty and some supervisors and others whose duties may involve handling of critical data from time to time. In the course of business, it is possible that these computers could contain personnel information, accounting information, travel information, grant proposals, resume or class enrollment/grades. Laptops used strictly for research purposes by laboratory personnel will be scanned, but if no critical data is found, need not be encrypted at this time. Since the Wooster campus has a large number of machines and the deadline for compliance is near, we must perform the process as quickly as possible. We are asking that all identified individuals call CSS (3772) and schedule an appointment date to have your computer encrypted as described in the memo from the CIO. This process will take one to two days per computer depending on the size of the hard drive and speed of the computer, so please plan on a time when you can be without your laptop for at least a day, possibly more. Since time is short, we would like to have all encryptions scheduled by July 1 with expected completion of encryptions by July 31. We realize this is a busy travel and work time and will try to make the process as easy and non-intrusive as possible. Please understand that this is not an optional exercise and applies to all University owned equipment. Please check your schedule and arrange for encryption as soon as possible. Thanks very much for your understanding and cooperation. David A. Benfield Associate Director, OARDC

Attn: Faculty and Staff; MCSS Compliance Information - 6/23/2008

You have seen information in memos from the Provost and CIO regarding compliance with the Minimum Computer Security Standards (MCSS) and should be aware of the mandate that we comply with those standards. You have seen some information from our office regarding this also. This memo is to outline the procedures we will be going through this summer to achieve compliance and the effect this will have on computer use and operations on campus. These rules apply to all devices which obtain an IP address on OSUnet, the Ohio State University network. I. All computers must have an active firewall, a current operating system, current required security patches and updates installed, and have current anti-virus/anti-malware software. We must be able to certify this and confirm it by audit. In order to accomplish this, all computers must be members of our OARDCWIN domain (90% are already on the domain). II. All computers must be protected by a robust login password which will be enforced by login standards. These passwords must be changed periodically. In conformity to University standards, we will be requiring passwords of at least 8 characters with at least one number or non-alphabetic calendar and not based on a dictionary word or combination of words. III. Computers potentially containing critical data must be encrypted, but this is a separate process already underway. Impacts: I. OSU-owned computers not currently on the OARDCWIN domain must be joined to the domain. This takes a matter of minutes and except for a change in login procedure, does not affect the operation of the computer. In fact, there are numerous benefits to the domain including network resources not available otherwise. II. Personally-owned computers will no longer be allowed on the wired network, but must use OSUwireless or OSUGuest access to the internet. Personally-owned computers, nearly all laptops, which are current using a wired connection will be removed from the wired network and redirected to OSUWireless. III. Computers which cannot be brought under compliance must be granted a “Compensating Control� which guarantees network access without compliance. This would likely be older computers which are used with instrumentation which cannot be brought into currency because of specific software restrictions or network devices which do not support all the required components such as network printers, IP Video units, etc. We have a large network with a large number of computers and it will take us some time to complete this mandate. Your cooperation and assistance is appreciated. Jim Holman Head, Computing and Statistical Services

OIT Planned Maintenance Notification - 6/10/2008

This is a planned maintenance notice from OIT. Official statement: On Sunday, June 15, 2008, between 12:01 AM and 3:00 AM, OIT Networking staff will be relocating one of the core routers that supports network access and connectivity to and from the following OSU areas: - Lima Campus - Mansfield Campus - Marion Campus - Newark Campus - Wooster Campus - South Campus Gateway Network access to and from these locations will not be available during the planned maintenance, but will be restored upon completion of the maintenance. Questions regarding this notice should be directed to OIT at 688-HELP or by e-mailing 8help@osu.edu.

CSS Services - 4/16/2008

View a pdf of the services that CSS offers.

Network Login Anomalies 3/31-4/1 - 4/1/2008

During periods of 3/31 and 4/1/2008 some users experienced problems logging in to authenticated websites via Shibboleth. The problem was determined to be an incorrect time setting on one of the network servers. The problem has been resolved. We regret the inconvenience.

Power Outage In Columbus Affected Multiple Services - 10/19/2007

The Columbus campus had a power outage today. This notice was taken from: http://8help.osu.edu/status.html Most OSU central IT systems were affected by a power outage beginning at 10:15 this morning. As of now, most services have been restored. Services which were down but have been restored include central email, Carmen, account self-help, and the OSU Web server. Services not yet restored include but are not limited to: * The ability to search from the OSU home page * OIT's Calendar service * The student information system/Mainframe * Software Downloads * the Peoplesoft system is up, but logins have been temporarily suspended to ascertain the integrity of the data.) Please note that as a side effect of the mainframe being unavailable,many services on Buckeyelink will not be available. System administrators are working diligently to restore the remaining OIT services. We apologize for the delay.

Minitab 15 for portable devices - 9/21/2007

We announced a short time ago about Minitab 14 being replaced by Minitab 15, but the Minitab 15 licensed by the University requires an Internet connection to function. This is a problem with laptops which are used to travel. For these devices, you may purchase a perpetual license of Minitab 15 from Minitab (for $99) and after on-line activation, you can use it anywhere without the Internet connection requirement. If you are interested in this, contact us for more information. Thanks to Lee Wilson for researching this.

Minitab users -- info on Minitab 15 - 9/13/2007

This is an important notice for users of Minitab. Version 14 is expiring and there is no renewal license code for this product, so you must upgrade to version 15. Good news and bad news – it is still ‘free’, BUT in order to install and use Minitab 15, you must be using a computer connected to the OSU network. This is not only for the installation, but also for each use. So, an installation on a laptop computer, for example, cannot be used unless the laptop is connected to the network at the time the ‘run’ command is issued. The software automatically connects to a license server and if the server cannot be found, the software will not run. This means it cannot be used when traveling or at home or anyplace other than on an OSU campus. We are investigating alternatives to the ‘site license’ and will provide further information as we obtain it.