QuickLauncher – New Feature for ReadyTalk

ReadyTalk

ReadyTalk, one of UCI’s conference calling solutions, has a new feature.  QuickLauncher is ReadyTalk software you can install on your Windows or Macintosh computer to facilitate the creation and management of  telephone and/or web-based conference calls.

The QuickLauncher resides in your taskbar and allows you to:

  •    Start and Join ReadyTalk Web Meetings with a single click.
  •    Start an Audio Meeting by having the audio bridge dial you into your meeting.
  •    Launch ReadyTalk’s full service Conference Center to manage your scheduled meetings.
  •    Invite others to your Web and Audio Meetings

As a reminder, UCI’s phone system has a built-in conference calling feature which can be used at no cost if all participants are using the UCI phone system.  (Toll charges may apply for calls to off-campus participants.)

OIT has published general information on ReadyTalk conferencing online.  ReadyTalk’s Getting Started page includes reference cards, training videos, and links for downloading QuickLauncher.

Visitor Access to UCInet

UCInet Mobile Access

1-Day Access

Visitors to the campus who need temporary access to the internet with a laptop or mobile device may make use of Express Registration for the UCInet Mobile Access network.  In order to do this, the visitor should go to a wireless access location, open a web browser, and connect to any web page.  (See list of wireless locations). This will direct the visitor to our registration process.  Access is granted for 24 hours, and this access will only be granted seven times in a 30-day period. Visitor access is restricted to Web, email, and secure shell (SSH).

4-Week Access

There is a second option for visitors who need access to UCInet beyond the restrictions of Express Registration.  Manual Registration is a process by which UCI faculty, staff, or graduate students can authorize access for a visitor.  The authorizer will need to use his or her own UCINetID and password, and will need the MAC address (the unique address of the network card) of the visitor’s laptop or other mobile device.  More information on these two options can be found at the UCInet Mobile Access Registration page.

Longer-Term Access

Another option is available for guests whose visit to UCI will be longer than a month.  (Examples include visiting scholars, volunteer faculty/staff, or those who may be employees of a different UC campus but are teaching here.)  In these cases a faculty or management-level staff member may request a Sponsored UCInetID for the visitor.  This is essentially a normal UCInetID, but it is only valid for as long as the sponsor authorizes it — typically one to four quarters.  Note that the Sponsored UCInetID request form is now online and requires the sponsor to log in with his or her own UCInetID and password.

Eduroam

Visitors from participating educational institutions may choose to gain access to UCInet using their home-campus network identities via the Eduroam secure federated network access service.  For eligible visitors, this option may be a better choice given the requirements and restrictions of the alternatives listed above.

Autorun is a Security Risk

autorun

There is a feature in the Windows operating system, autorun, which on the face of it seems sensible and useful.  When you attach removable media (CD, DVD, USB key, etc.), Windows will look for a file with instructions on what to do with it, such as which program on the device to run.  This makes installation of software simple (insert the DVD, a screen comes up giving you a variety of options including “install”) and autorun can be used for other handy actions.

However, today autorun is being exploited by the makers of malware to put harmful software on your computer.  It is now considered prudent to disable this feature of Windows.  Microsoft has released security updates to all recent versions of Windows to enable end-users to turn it off, and has published a knowledgebase article with instructions how to install the security update and then disable autorun.  If the technical details get in the way, there is a one-button “Fixit” in the knowledgebase article which will download and run a wizard to turn autorun on or off for you.

 

Computer and Network Security Testing

Digital sign

Vulnerability Assessment is a valuable portion of an overall process to ensure the security of hosts on a network.   OIT provides software and services to the campus to assist with the vulnerability assessment process.

Usually done hand-in-hand with risk assessment (i.e., the potential loss to the University in the event of unauthorized access), vulnerability assessment at UCI can be applied to a single system or a group of related computers.  Items to check in such a vulnerability assessment include directory and file permissions, user account and password policies, and current operating system patches.

Some tools are available at no cost to interested individuals to download and employ such as Microsoft’s Baseline Security Analyzer.  Other tools require specialized expertise, such as McAfee Foundstone which OIT licenses.

In addition to scanning a computer internally for vulnerability, OIT can assess the security of a computer’s configuration from the point of view of the network and remote users. Items to check in a network based vulnerability assessment include installed and running services, and local firewall settings.

More information is available at the OIT Security Team’s Vulnerability Assessment page.

OIT Responds to Security Incident

Windows security

Between Saturday, February 26th and Sunday, February 27th an unauthorized user was able to gain access to a Microsoft Windows server operated by the Office of Information Technology. The user was able to access files which may have allowed her/him to compromise a large number of passwords.

The OIT Security team identified the abnormal network behavior on Sunday, February 27th and was able to stop the attackers from gaining additional access. The quick response was instrumental in preventing a more serious incident.

At this time, OIT does not believe the user accessed any other data. OIT has engaged an outside forensics company to validate the incident investigation and to add additional expertise to the response team.

In response to the unauthorized access, OIT undertook the complex process of having users change passwords which may have been affected.  In addition, significant time was dedicated to a detailed review of systems and access logs for evidence of inappropriate access and use of stolen user ids and passwords.

OIT is reviewing its processes and procedures to ensure security remains a high focus and priority.

If you notice any unusual activity related to your computer account, such as your account logged in by someone other than you or problems logging in, please notify the OIT Security team, or call the OIT help desk.