Microsoft System Center Configuration Manager (SCCM) is a complete configuration management platform for University-owned Windows and Mac OS clients and Unix/Linux servers. The Configuration Manager project was launched in October 2012 in partnership with a number of campus departments. As of June 2014, there are approximately 19,000 computers under management. The campus is completely licensed for desktop operating systems and this is our major focus – Desktop Management. Continue reading
Ensure your confidential work-related documents and information are secure
Secure Network Attached Storage, also known as Secure NAS or SecNAS, is a file storage solution for sensitive information. Sensitive information, as defined on businessdictionary.com, is “Privileged or proprietary information which, if compromised through alteration, corruption, loss, misuse, or unauthorized disclosure, could cause serious harm to the organization owning it.”
Sensitive, University-related information includes all information, in its original and duplicate form, which contains: Continue reading
UNC-CH is in the initial stages for deploying the wireless service known as “Eduroam”. Eduroam provides universal network access across educational institutions that subscribe to the service. When an institution subscribes to the service, they agree to broadcast the eduroam wireless SSID to allow for visitor access, and as a result, its own traveling members also gain reciprocal rights to other eduroam enabled campuses across the world. Those wishing to use the eduroam SSID should be configured for access prior to travel. Continue reading
Why are we doing the Sensitive Information Remediation (SIR) Project?
In a 2011 University-wide assessment of risk, sensitive University-owned information was found to be “nearly ubiquitous”
- Sensitive information (SI) is sometimes stored on end user computers that are not encrypted and secured and central shared storage not registered in SAI.
- Copies of the same sensitive file are often found on multiple systems
- Sensitive information tends to migrate with users when they are assigned a new computer or their roles change within the organization
- Older, sensitive information is seldom securely deleted
What are the project's goals?
- Seek and identify sensitive, University-owned information using Identity Finder
- ITS has licensed a file scanning application, Identity Finder, for all faculty, staff and any students who may have SI
- Scan for: Social Security numbers, passport numbers and credit card numbers
- Upon departmental leader request, the ITS technical team will help a department organize a scan for additional identifiers
- Remediate sensitive information
- Delete the document containing sensitive information if it is not needed (using Identity Finder)
- If the document is needed, remove only sensitive fields (e.g., replace 123-45-6789 with xxx-xx-xxxx) (using Identity Finder)
- If retention of the sensitive information is required, store the SI safely on professionally managed, central file storage that meets the requirements of the System Administration Initiative (SAI). When essential for intensive local use, the SI may be stored on workstations or laptops that meet the required, enhanced security standards (please see page 18 of the Information Security Policy) and the Sensitive Workstation Controls standards.
- Manage sensitive information into the future
- Appropriately classify information regarding whether it is sensitive
- Store safely on SAI-approved file server, or on a laptop or desktop secured as described above
- Review regularly according to retention schedule approved by appropriate data steward
What is the scope of the project?
- Remediate sensitive information on all faculty and staff computers, even those that are encrypted, prioritizing those that are not encrypted for the first phase of the project
- Remediate sensitive information on select student computers (i.e. students who likely have sensitive, University-owned information on their computers due to the nature of their studies or employment)
- University-owned shared and individual storage running MS Windows or Mac OS X, or searchable from an Identity Finder client installed on those operation systems
- University-owned servers running Microsoft Windows prioritizing non-SAI servers for the first phase of the project
- For computers, servers or storage space within the scope of this project, there are two primary tasks:
- Perform the scan
- Review the resulting match list and resolve flagged entries
- Dismiss false positives
- Remediate true positives through file deletion, removing only the sensitive information from the file, or storing the file with SI on a SAI- approved file server
- Time spent scanning and remediating the information will vary based on the amount of data and the amount of sensitive information identified during the scan. For example, a scan can take from 1 hour to more than 8 hours. Remediation of the match list may take a few minutes or a few hours.
What is the proposed timeline for the activity?
- The ITS Information Security Office began working with Project SIR early adopter participants in March 2014.
- ITS completed initial scans and remediation of ITS’s own desktops, laptops, storage.unc.edu space and AFS space as of June 30, 2014.
- Other campus units may begin scanning in July 28, 2014. Units are encouraged to scan high-risk areas first. The ITS Information Security Office can assist in identifying potential high-risk areas.
- ITS will provide the following support:
- Tools to scan and identify sensitive data
- Documentation and Frequently Asked Questions (FAQs)
- Lessons learned from ITS’s experience
- Additional consultation and guidance as requested
- Units will manage their own scanning timeline and schedule
- End user laptops and desktops that are not encrypted, should be scanned and remediated by July 15, 2015
- Windows servers, that are not in SAI, should be scanned and remediated by December 31, 2015
- Shared storage slices should be scanned and remediated by December 31, 2015
- The exact definition of attestation will be determined by each organization but it is expected that there will be an organizational level of attestation of completion. Each quarter, we recommend that departments provide the SIR team with a summary report to facilitate roll up reporting to University leadership.
- ITS is currently conducting a scan of the UNC-CH web space (www.unc.edu) and will finish that task by July 2015
- Encrypted end user computers and servers that are in SAI will be addressed in a later phase of the project
End User Help Documents and Resources
With the implementation of the new ITS Communication Technology Funding Model for network core services in July 2012, it is now possible for the first time in over a decade to plan for life cycle refresh of the campus network hardware. Continue reading
ITS and UNC Housing and Residential Education are joining forces and resources, with the assistance of one-time funding support from within the University, and engagement of the Residence Hall Association, for the purpose of providing pervasive wi-fi/wireless coverage within all on-campus University residence halls. Continue reading
The Neutral Hosting/DAS initiative is a multi-year project, funded by the DAS licensees (“consortium”), to provide reliable outdoor and indoor cellular coverage and capacity across the UNC campus. This unique approach provides a common (shared) transport infrastructure for all cellular carriers in addition to providing enhanced in-building coverage for UNC Public Safety’s two-way radio system. Due to the complexity of system design, construction coordination and approval requirements, the DAS is being deployed in three phases over the next few years. Continue reading
Over the course of the next two years, Information Technology Services Communication Technologies is replacing the legacy AT&T Centrex phone service with a new, hosted, Voice over Internet Protocol (VoIP) system from Verizon Business – Verizon Business Hosted IP Centrex (HIPC). In addition to realizing cost savings for the University, this new technology brings new phones and the capability to move phones without direct coordination with an outside vendor. Continue reading
Two initiatives are conducted across campus to improve the security for campus wi-fi/wireless connections – one dealing with encryption, the other with authentication.
During this past spring and summer, ITS Comm Tech and Teaching and Learning undertook an initiative to install pervasive wi-fi coverage in all General Purpose Classrooms on campus. The IT representatives of the professional schools were also asked for their top priorities for classroom wireless and coverage was added in many of those areas as well. Over 230 new wireless access points were installed to make this happen. Continue reading