Committee meeting - September 17, 2020

Carol Lu  
Secretary to the Committee  
September 17, 2020  
  
Present: Steven Bourque, Erick Engelke, Jason Testart, Paul Miskovsky, Bill Baer, Don Duff-McCracken, Greg Parks, Andrew McAlorum, Lori Paniak, Pratik Patel, Andrea Chappell, Adam Savage

Regrets: Trevor Bain, Greg Smith, Robyn Landers, Daryl Dore
  
Agenda 

1. Chair’s remarks (Steven Bourque) [5 min.]
2. Approval of the minutes of the meetings of Thursday August 20, 2020 [5 min.]
3. ONA update (Steven Bourque) [10 min.]
4. Wireless network update (Steven Bourque) [10 min.]
5. Email threat protection update (Steven Bourque) [10 min.]
6. Other Business [10 min.]
7. Roundtable discussion – all [20 min.]
8. Next CTSC Meeting [Will be held Thursday October 1 at 1:30 p.m.]

Chair's remarks (Steve Bourque)

• Welcome Greg Parks, our new CTSC member representing Affiliated and Federated Institutions of Waterloo (AFIW)
• Campus Check-In tool is now available 
  • People on campus can self-register for contract tracing by connecting to eduroam

Approval of the minutes of the previous meeting

• The previous meeting’s minutes were accepted as distributed.  

ONA update (Steve Bourque)

• New ONA is being developed; this is on schedule to be done by the end of the year
  • Will be brought to CTSC for a demo first before launching
• Existing ONA has been ported to a newer ADFS server; this is currently in testing
  • Only monitors HP devices
  • Will still be around after new ONA is up and running; new ONA will be for Cisco devices
• The existing/old ONA has a lot of user IDs; TIS will reach out to departments to review access and clean up of this information

Wireless network update (Steve Bourque)

• Currently setting up back end infrastructure for authentication 
• Cisco access points are being installed; project is moving along quickly

Email threat protection (Steve Bourque)

• Cisco will be replacing Proofpoint for email threat protection 
  • Will be available starting October
  • IST currently has demo access 
• CTSC will be consulted for feedback on some Cisco configuration 
• Plan is to roll out by end of January for staff, students, faculty, and alumni
• Will also be looking at email routing clean up in the near future
  • Replacement of mailservices will take place some time after Cisco email threat protection is set up 

Other Business

No other business. 
 

Roundtable

Information Security Services, IST (Jason)

• Thank you to everyone who acted quickly to patch the Active Directory domain controller, this was resolved with 1-2 days
• There has been a large increase in phishing attacks
  • Around 200 accounts compromised this month
  • Malicious third-parties are compromising accounts and setting email forwards to delete all incoming messages, then forwarding the emails to a random Gmail account
  • Once emails are sent to the Gmail account, a malicious lookalike domain is set up to send emails impersonating UW employees
  • Having 2FA prevents attacks; if you receive a Duo 2FA mobile push from an unrecognized location, you can deny the request for account access
• There are currently ~3000 generic accounts on Connect; looking to activate 2FA for these accounts
  • Only 1600 accounts have been logged into in 2020
  • Considering three approaches to active 2FA 
    1. Convert accounts to shared mailboxes; this would require users to log in with their own UW credentials (shared mailbox conversion would also be necessary in order to migrate to Office 365 email 
    2. Assign multiple accounts to a single Yubikey/token
    3. Set up Duo bypass codes as a temporary measure 
  • A Qualtrics survey will be sent to generic account email addresses for account holders to submit a list of users that need access to the shared mailbox
  • For Connect, 2FA will only be available for Outlook Web App

Engineering (Erick)

• A lot of people are still using older versions of Office
  • Information is available on the Duo site about 2FA for Outlook 2013 and 2016
  • Recommending users to upgrade to the latest version of Office
    • The O365 license allows for download on up to five devices

Arts (Bill)

• There has been a good number of sales for Adobe Creative Cloud
  • This is an enterprise license that comes with Adobe support
  • Cost is less than OnTheHub
  • License is available for part-time and full-time staff and faculty, and students
    • Students can choose between a termly license or yearly license
    • Termly license is only available for students (available to all students, not just Arts)

Instructional Technologies and Media Services, IST (Andrea)

• LinkedIn Learning site license from eCampusOntario ends on September 21
  • An extension has been given until September 25
• IST has approved a purchase for a LinkedIn Learning license (3 year agreement)
  • Working on getting approval from Procurement and Privacy Office
  • IST's Information Security Services has conducted a security check
  • Announcement will be going out tomorrow
• 21 classrooms are in use this term
  • Keyboards and mice have been removed from Registrar-owned rooms since they cannot be cleaned in between uses
  • Starting to plan and prepare for Winter 2021 term now 
• Some issues with getting class rosters added to auto synchronized Teams; this has now been resolved
• If you experience WebEx issues on Mac, contact Andrea or Koorus Bookan
• Updating the Keep Learning website on a constant basis as per instructor feedback to make content more user friendly 

Comments and discussion

• Some users in Computer Science and reporting hundreds of Teams channels being created automatically in an auto synchronized Team
• Would it be possible to populate the Teams earlier than the first day of classes? 
  • LEARN courses can currently be opened early if requested (on a case-by-case basis)
  • LEARN and Teams populate the same information from different sources; LEARN updates five times a day (Quest), Teams updates once a day (Grouper)
    • Students may wonder why they are able to access LEARN but not Teams if given early access