CIS deploys new copiers

Last week, CIS replaced the Canon copiers located in Platt (in front of the Registrar’s office) and Kingston 138 with two Sharp MX-4101Ns as the replacement copiers.  These copiers are color, full-featured copiers with duplexing, saddle-finishing, stapling, extra large paper trays, and scanning-to-PDF functions. There is no charge for scanning.

You can also print directly to the copiers (department charges for prints are the same as for copies).  If you would would like to use this feature, please feel free to contact the CIS Help Desk so we can set it up for you.

A complete reference guide for the new Sharp copier is available online here:
http://www.hmc.edu/files/CIS/cop_qguide_MX4100N_4101N_5001N.pdf

If you were unable to attend one of the recent training sessions held by SoCal Office Technologies, one important change is that there is a slight difference in how you log in to the new copiers. The Canon copiers asked for a department id and then a passcode.  With the new Sharp copiers, you only need your passcode to log in to the new copiers.  If you don’t know what your passcode is, just add a 3 to your department id and that should work.  If you have any trouble with your code, please feel free to contact the CIS Help Desk.

We are currently investigating adding card swipe to both of these administrative copiers.
There are also many improvements coming in the area of student printing.

Following the guidance of the Print Task Force, we will be installing card swipe printing on all of the student printers.  The first phase will involve installing two new very-high-speed Sharp copiers for students in the Sprague Learning Studio and LAC.  After these copiers are installed, we will implement card swipe access on all the student printers and copiers.

Printing and copying will remain free for all HMC students with card swipe access.  Currently, students print directly to the printers, and the print job starts printing right away.  Students then pick up the print job at a later time.  However, a student study found that at least 40% of print jobs are never picked up from the printers, leading to a significant amount of paper, toner, and energy waste.

With the new card swipe system, students will print to a centralized server that holds their print jobs.  They can then walk up to any student printer on campus, swipe their ID card, and their print job immediately comes out.  The copiers can print 75 pages per minute, so the print job will come out quickly.

Security Breach

There are moments that every CIO and IT administrator dreads.  One of them, possibly highest on the list of dreaded moments, is when a system administrator comes to you and says “one of our servers has been compromised”.    When that happens, you must immediately start thinking about technological, legal and social issues all at once.  If possible, you also have to try to keep track of what you are learning as the situation unfolds. And these situations always unfold — you never have all the information right at the outset.

At CIS, we had one of those dreaded moments on the afternoon of January 5th.  That’s when we discovered that unauthorized attempts to log in to several of our servers had been successful earlier in the day (at 2:15am).  It was the vigilance of an IT administrator at the Claremont Consortium that first drew our attention to a problem: he had noticed a number of unsuccessful login attempts, all coming from one machine on our network.

The Sakai server was one that had been compromised.  You will remember that HMC is the “lead college” for Sakai; we provide the Sakai service to all the other Claremont Colleges.  And people keep a lot of data on Sakai. So this was potentially a very serious security breach.  If data had been accessed then we would have to notify everyone in Claremont and possibly much further afield. Reluctantly, we made the decision to take Sakai off-line for a full investigation.  A team of six people from HMC and CUC spent most of January 6th working on this issue, and on creating a new Sakai server for use in case it was needed.  We determined that the intrusion had been minimal (a six second login, probably automated and designed to establish the fact that the account had been compromised). By the evening of January 6th we were able to bring Sakai back on line.

The machine (a desktop) that was attempting to reach other systems had been compromised, but that the starting point of this attack was a departmental web server, which had been compromised some time in December. The departmental web server had been subject to a “SQL injection attack”,  a way of sending queries to a server that end up allowing a hacker to gain control of the machine. Once the hackers had gained control of the web server, they waited and captured some usernames and passwords that allowed them to move on to another machine.

I am glad to say that we got the attack under control very quickly and that no data was exposed. We learned many lessons in the process.

Changes we’ve since made  include:

  • reviewed all production servers for signs of compromise
  • locked down production servers
  • changed all system administrator passwords
  • introduced better password management policies for our system administrators
  • solicited information from security firms for vulnerability scanning

We will be performing vulnerability scanning on servers managed by CIS and are interested in working with departments to provide the service to them too.

We were fortunate this time.

Please keep in mind that your own security practices contribute to the overall security of the network to which all of our systems are connected.  Make sure your system is kept up to date with security patches, you are running anti-virus software and you are running only the services you need to run (eg. don’t run a web server if you don’t need to).  You’ll find a (flash based) tutorial on digital self-defense from the Rochester Institute of Technology at http://security.rit.edu/contest/dsdsite.html. If you have any questions or concerns, please make sure to contact the CIS Help Desk  at helpdesk@hmc.edu or (909) 607-7777.

January Audiovisual News

Over winter break we renovated several classrooms and meeting rooms with new video projectors. The Green Room and Platt A/B both received new Epson video projectors. While the video projectors that we removed were not particularly old, they did not work well with all laptop models. So we’re excited to be able to replace them with newer, more reliable projectors. We had similar issues in Jacobs B132 and Parsons 2358 and the projectors have been replaced in those rooms as well. A new SP control system was installed in Beckman B134 and the projector cable was moved to a safer spot in the room. Last semester we replaced the projector cable several times after it was damaged by people kicking or tripping over it. The new system should be much more convenient and easy to use.

In addition to projector upgrades we also made several lighting upgrades over winter break. In the Learning Studio classroom it is now possible to turn off all of the overhead lights in the room. There are two zones so that the lights in front of the screen can be turned off while leaving the rest of the lights on, or all of the lights can be turned off. The lights in the sofit do not yet have a control switch, but we’ll be looking at tackling that next. In Galileo Pryne and Galileo Edwards the lighting in front of the blackboards has been improved, similar to what was done in Galileo McAlister last year.

We’ve also purchased four new faculty lecterns with financial assistance from the Dean of Faculty’s Office. Last fall we purchased three different models of faculty lecterns to try out. One model turned out to be quite unstable, but the other two were popular with faculty. We’ve purchased two more of each model. The six new lecterns are located in the Learning Studio Classroom, Galileo McAlister, Galileo Edwards, Galileo Pryne, Beckman B134 and Jacobs B132. So try them out and let us know what you think. Send me an email with your feedback (Elizabeth_Hodas@hmc.edu). The lecterns are labeled “A” and “B” so that you can easily tell us which one you’re commenting on.

LabSTOR update

Harvey Mudd College is a member of a consortium called LabSTOR.  In fact, we helped set it up, along with Allegheny, Middlebury and Occidental.  LabSTOR uses Apache software called VCL (Virtual Computing Lab) that was originally created at North Carolina State University.  It is designed to allow remote access to computing environments that include applications usually found only in campus computing labs, hence the “virtual computing lab” moniker. It also allows for high performance computing (HPC) on the same infrastructure as used for the Virtual Labs.  The advantage of doing this through a consortium include reduced costs and, potentially, more bargaining power when it comes to negotiating license agreements. It also allows one to rethink how physical space is used.

LabSTOR

In early January, Longsight, the company that we have contracted with through NITLE, brought the system up and began arranging training for the people on each campus who will be creating “images” (virtual environments that contain an operating system and applications) that can be run through LabSTOR.  It was very exciting and gratifying to see this happen, since it seems so long ago that I had the first conversations with Rick Holmgren (CIO, Allegheny).  Throughout the Spring Semester LabSTOR will be in pilot mode.  At the end of the semester each institution will be deciding whether to proceed to full production in the Fall.

We plan to test ODE Architect in this environment.  If you have ideas about other applications we might put in LabSTOR (eg. something you have to go to a lab to use, either a lab managed by CIS or one managed by a department), then please let us know.  We will work with the vendor to ensure that we comply with licensing terms and then try the application out in the virtual lab.

For more information see:

LabSTOR blog at http://labstor.blogspot.com

Earlier news item: http://www5.hmc.edu/ITNews/?p=393

NITLE: http://www.nitle.org

Longsight: http://www.longsight.com/

ODE Architect: http://www5.hmc.edu/ITNews/?p=609