Committee meeting - April 7, 2022

Sarah McKone

Secretary to the Committee    
April 7, 2022
   
Present: Andrew McAlorum, Bill Baer, Erick Engelke, Greg Parks, Jason Testart, Lawrence Folland, Lori Paniak, Nick Springate, Pam Fluttert, Paul Miskovsky, Pratik Patel, Robyn Landers, Trevor Bain

Guest: Andrew Ward
Regrets: Adam Savage, Daryl Dore, Don Duff-McCracken, Greg Smith, Steven Bourque

Agenda 

  1. Presentation: Changes to Duo 2FA S’22 (Jason Testart, Andrew Ward) [15 min.] 
  2. Chair’s remarks (Steven Bourque) [5 min.]
  3. Approval of the minutes from Thursday, March 24, 2022 [5 min.]

  4. Other business and roundtable discussion – all [20 min.]

  5. Next CTSC Meeting [Will be held Thursday, April 21, at 1:30 p.m.] 

Presentation: Changes to Duo 2FA S’22 (Jason Testart, Andrew Ward) [15 min.] 

  • PowerPoint can be reviewed on the CTSC MS Teams site as provided by Jason.

  • Information about updating the device enrollment appropriately will be sent through email communications. 

    • There are concerns regarding the open rate of emails for students.2FA change champions could be utilized to help communicate these changes. 

    • Mindful that employees are more likely to notice these changes.

    • Concerns regarding the feedback we may receive related to these changes, particularly at the Service Desk

    • How do we address questions about using the Google Authenticator app? Currently, Duo does not support this self-service. 

Chair's remarks

  • None.

Approval of the minutes of the previous meeting 

  • The previous meeting’s minutes were accepted as distributed. 

Other Business/Roundtable

ITMS, Pam Fluttert 

  • Work on the digital audio storage solution is proceeding. Koorus has reached out to folks based on a historical list. If you are interested in being involved or learning more, please contact Pam. 

Information Security Services, Jason Testart 

  • Update on the DOS attack on WCMS. This may have been a password spray and play attempt and not a DOS. The attack started at 5:30 am and it was not until 4:00 pm that the service went down. WCMS is in the process of migrating from 2 to 3. The attack was hitting version 3 and getting redirected to the legacy back end which was getting overwhelmed. WCMS team put in HTTP posts as mitigations and kept the service going.  Looking at traffic patterns from the graph, it looked like the peak of the attack was at 10:00 pm. WCMS engaged Pantheon who put in mitigation at 1:00 am and the graph went down to zero. The logs from Patheon indicate it was a botnet composed of about 3200 machines. The top 3 countries were China, the US, and India. The security team could have been engaged earlier which would have resulted in slightly less downtime. Since we know we will be living in a hybrid mode there may be value in reinforcing this before fully migrating.  

    • Detected a scan of Campus Check-in which ended up being unrelated. They started looking at logs and found a log4j attack or something to hack a php server. Not overly concerned regarding this.

    • Communication was intentionally vague because you do not know the severity right away.