Committee meeting - May 3, 2018

Darren Bondy
Secretary to the Committee­­­
May 14, 2018

Present: 

Andrew McAlorum (Acting Chair), Trevor Bain, Colin Bell, Andrea Chappell, Robyn Landers, Jason Testart, Heather Wey (Acting Secretary)

Guests:

Steph Sempson (for Erick Engelke)

Regrets:

Steven Bourque (Chair), Darren Bondy (Secretary), Daryl Dore, Marko Dumancic, Erick Engelke, Dave Kibble, Keith McGowan, Paul Miskovsky, Omar Nafees, Adam Savage, Greg Smith

Agenda

[Will be held Thursday, May 17, 2018, at 1:30 p.m., in EC2 1021.]

Chair’s Remarks (Andrew McAlorum)

Updates from previous meetings:

• Mailman is still the service we are supporting, no project replacement planned for that in the future. There is interest in supporting MailChimp for marketing type communications, but it would not replace Mailman, which is still required for discussion mailing lists.
• Oracle VirtualBox Extension Pack license: We followed up with the vendor informing them that we were not using the extension pack.
• Domain name guidelines: Send feedback within two weeks to Andrew and Joe Kwan.

Approval of the minutes of the previous meeting

The previous meetings minutes were accepted as distributed.

Increasing the security of the campus network (Jason Testart) [20 min.]

Jason Testart discussed initiatives intended to increase the security of the campus network:

1. The requirements for two-factor authentication for all with the new VPN service when deployed in the Summer/Fall.

• Rolling out to students soon, posters are going out.
• Will be available on Office 365 as an opt-in.
• Future, looking at Workday, SailPoint, Finance, other interested departments.
• VPN will have 2FA, token options are an alternative to 2FA for VPN.

Andrew asked what other systems could use 2FA?

• LEARN, Quest (for some things requiring higher security), Unit4, anything using ADFS is a candidate. Confluence is a candidate, as is the WCMS

Trevor would like to change his system monitoring system to uses 2FA.

• It would need to be configured to ADFS

Andrew asked if people are interested should they contact Jason.

• Yes, contact Jason and he will direct to the appropriate person

2. My team to begin the enforcement of poor/weak SSL/TLS configuration of devices exposed to the Internet.

• SSL protocol is insecure, first version of TLS is also considered insecure.
• As part of the vulnerability management program we will be notifying people on campus using SSL or TLS

3. Impose a new campus standard for SSH servers: Any SSH server exposed to the public Internet must be configured to allow only:

• Public-key authentication for clients not on the campus network; and/or
• 2FA for clients not on the campus network.

Around 300 SSH servers on campus, they should be informed to reconfigure for 2FA or use public-key authentication.

Other Business

Trevor Bain asked about the faculty email upon retirement.

• Andrew will follow up

Roundtable Reporting

Math (Robyn Landers)

• Another batch of moves, off of Mailservices
• Difficulties with IAMNG (WatIAM) move, some wrong profile paths & home directories
• Sailpoint (WatIAM) permissions structure has some security concerns, speaking with Jason for 2Fa
  • Andrew mentioned that the IST Service Desk staff have always had admin access but this is new for the faculty helpdesks.
• Math building planned power outage (sometime in August for a few days, total shutdown).
• What is the new Identity Management System called?
  • Jason said it’s just WatIAM

AHS (Trevor Bain)

• Some learning curve issues with WatIAM. Training was helpful and the additional training sessions will be appreciated.
  • He will forward questions to Peggy before the next sessions.

Andrea Chappel

• LEARN, look and feel and is now responsive (Daylight)
• Some small issues for students, some things are in different spots than they are used to.

Next meeting

The next meeting will be held Thursday, May 17, 2018, at 1:30 p.m., in EC2 1021