Our goal is to provide you with the solutions you need—to be your trusted advisor when you have Security-related issues or concerns. One of the ways we try to accomplish this is by offering services to the University community that will help make your department more secure. To read about these services, just click through the links to your left and learn what we can do for you. As always, if you have any questions or concerns or would like to learn more about these services, please send us an email at security@ou.edu.
DNS
Domain Name Service (DNS) is used to convert human readable addresses to the Internet Protocol (IP) addressing scheme. Example: www.ou.edu is converted to 129.15.0.230 or vice versa. The address needs to be converted so that IP layer switching and routing will enable a server or client to reach a destination on Internet. After the DNS query is complete, a client will now know the exact address of the device to connect and be able to retrieve this information. DNS must also communicate with other DNS servers on Internet to exchange zone information.DHCP
Dynamic Host Configuration Protocol (DHCP) is used by many popular operating systems as a way of obtaining IP addresses as well as other information needed to communicate on the network. Other information includes which DNS server to use, netmask, default gateway and a Windows Internet Name Service (WINS) server to use for resolving Microsoft NetBIOS names. Once a computer or device obtains this information from the DHCP server it can then use these settings to begin communicating on the network.Emergency Communications
Implemented in spring 2007 by OU IT, OU's Emergency Communication System empowers the President's Office and OUPD to alert members of the OU community within minutes of an emergency or a weather-related school closing. Those concurrently enrolled or employed will receive notification on any of the three campuses they attend.The system sends emergency notifications to:
• Up to 5 phone numbers per individual (land or cell phones)
• One email account per individual
• One text messaging number per individual
• 140 centrally-scheduled classroom phones
• All campus phone numbers, including non-standard numbers (e.g., Goddard and Physics)
• OUHSC and OU-Tulsa.
To ensure availability during emergency situations, OU IT, OUPD, and the President’s Office conduct bi-annual tests. Also, the system is hosted off-site at multiple, geographically-dispersed datacenters, which means instant access 24/7.
Please update your emergency contact information online at account.ou.edu. Your privacy is important: Your emergency contact information is for emergency purposes ONLY.For assistance, contact OU IT at (405) 325-HELP or http://support.ou.edu.
ESM
Symantec Enterprise Security Manager is a server agent that automates the discovery of security vulnerabilities and enables organizations to define, measure, and report on the compliance of information systems against security policies, standards, and government regulations.Firewall Services
IT can provide network configuration that protects departmental computers by using a private network that restricts inbound network access. Departmental users will still be able to access all campus and internet sites without restriction.Incident Response
IT Security can provide analysis of computers and network traffic after a security incident occurs to determine the cause and the extent of an incident. This involves receiving, triaging, and responding to requests and reports, as well as analyzing incidents and events.There are many levels of incident analysis and services. Incident analysis is essentially the examination of all available information and supporting evidence or artifacts related to an incident or event. The purpose of the analysis is to identify the scope of the incident, the extent of damage caused by the incident, the nature of the incident, and the available response strategies.
Laptop Encryption
You’ve probably seen the stories in the news: laptops stolen around the country containing sensitive or confidential information from major universities. These types of thefts, which have increased significantly in recent years, put students, faculty, and staff at high risk for identity theft and subject the universities affected to national criticism and scrutiny.Symantec Endpoint Encryption is a software solution designed to encrypt and protect sensitive data on your computer in the event of theft or damage. This product provides the campus community with the opportunity to gain peace of mind about data security and to help OU IT design a unique solution for your department’s needs. OU IT will provide personalized training and support throughout the process, as well as:
• Sensitive Data Scan
• Data Backup
• Installation
• Annual Maintenance
To take advantage of this service, simply visit http://itstore.ou.edu and click on the ‘Software’ tab.
Symantec Endpoint Encryption Installation Process
After you purchase Symantec Endpoint Encryption on the IT Store, you can expect to see the following:
Frequently Asked Questions
What if I forget my password?
If you forget your password, there are two different ways you can gain access to your system.
1. Correctly answer all three of your security questions.
After your software is successfully installed, the system will prompt you to answer two security questions. You will then be asked to provide a third question of your choice to answer. If you forget your password, you can answer all three security questions to gain access to your system. It is very important for you to keep both your questions and answers private so that you are the only person who can access your system.
2. Call the IT Help Desk.
If you have forgotten the answers to your three security questions, call 325.HELP (4357) and the IT Help Desk will assist you in gaining access to your system. Be aware that our support technicians will first need to validate your identity since this process will involve granting access to your laptop/workstation and the data stored on your hard drive.
Why can't I open the encrypted files on my removable media (thumb drives, hard drives, etc)?
Before accessing the encrypted files on your removable media, you must first run the executable file on the removable media. It is named EERemovalbeStorageAccessUtility.exe, and it can be identified by the yellow padlock icon. Once you run the .exe file, the system will prompt you for the password you set when you initially stored the files on the removable media.
How long does it take to encrypt or un-encrypt my files?
It will take several hours to encrypt or un-encrypt your files, depending on the size of your hard drive; however, this process should not interfere with your ability to use programs on your laptop or workstation.
Can I still work while my hard drive is being encrypted?
Yes you can.
If the encryption process is not complete, can I turn off or shutdown my laptop/workstation?
Yes you can. The encryption process will restart when you restart your system.
U.S. Export Controls
Certain Symantec products, including Endpoint Encryption, are subject to U.S. export control regulations. Exportation and re-exportation of Symantec Products may be prohibited to certain countries, including but not limited to Cuba, Iran, North Korea, Sudan, and Syria. Additionally, exportation and re-exportation to other countries may require an export license. It is your responsibility to obtain the information necessary to comply with any applicable U.S. export control laws.
Additionally, traveling to other countries with encryption products and software may subject you to customs, importation and other laws in those countries. In some countries, encryption technologies are subject to confiscation.
By purchasing and/or using Endpoint Encryption, you acknowledge the information above and agree to use these products in compliance with all applicable U.S. laws and regulations. For questions or additional information, please contact the University's Office of Export Controls at 405.325.5052 or 405.325.5726.
Log Analysis
Departments that are using Firewall Services can request that their log data be monitored for malicious traffic. This will be negotiated at the time Firewall Services are put in place and involves review and analysis of network and host based security logs and initiating a response for any events that exceed a defined threshold.Media Sanitization
Protecting the confidentiality of information should be a concern for everyone, from federal agencies and businesses to home users. Recognizing that interconnections and information exchange are critical in the delivery of university services, OU Information Technology is offering a new technology hardware disposal service. This service will help protect the sensitive information of our students, faculty and staff and to enable proper disposal of old hardware at an affordable cost.Norman campus departments can contact the OU IT Store at 325-1925 to schedule a pick-up of workstations and servers. During pick-up, OU IT will provide documentation for the change of property responsibility. Our hardware specialists scrub data in accordance with DoD, HIPAA and FERPA requirements and dispose of the equipment in accordance with EPA guidelines. The department will receive a record of equipment disposal and certification of data integrity once the data wipe is complete.
We encourage all departments to utilize this new service and help us safeguard the University community.
Media Sanitization Costs:
• Purchased machines < 6 years from manufacture date: FREE
• Purchased machines > 6 years from manufacture date: $65/machine
• Leased machines (included in the leasing program): FREE
• Special pricing and pick-up accommodations are available for disposing large quantities of machines.
Before any media are sanitized, system owners are strongly advised to consult with designated officials with privacy responsibilities (e.g., Privacy Officers), Freedom of Information Act (FOIA) officers, and the local records retention office. This consultation is to ensure compliance with record retention regulations and requirements in the Federal Records Act. Departmental management should also be consulted to ensure that historical information is captured and maintained where required by business needs. This should be ongoing, as controls may have to be adjusted as the system and its environment changes.
Network Profiling and Monitoring
Usually coupled with Firewall Services, a network Intrusion Detection Sensor can be requested to monitor departmental network traffic for malicious activity. This involves placing a sensor on the network that examines network traffic to look for patterns that match a defined rule set of known malicious traffic. General network usage can also be profiled to baseline normal network traffic and then alert on traffic that deviates from the baseline.NetReg
Network Registration (NetReg) is the process by which desktop computers, laptop computers, or other devices requiring network connectivity are registered on the OU network. This process allows for easy detection in the event a computer is hacked, infected with a virus, or otherwise compromised. It also enables IT to better communicate with our users to quickly resolve any potential issues and help them get back on the network as soon as possible.Starting in October 2009, as part of our campus-wide copyright compliance initiative, all users on our housing and OUWiFi networks will complete a short copyright tutorial and quiz at the beginning of the NetReg process. Similarly, if any users in these areas receive a copyright violation, they will be temporarily blocked from the network and must complete the copyright tutorial and quiz before their access is restored.
In order to complete the self-registration process, you must have a valid OUNet ID (4+4) and password. If the device you want to register does not have a browser, please call the IT Help Desk at 325-HELP (4357) to complete manual registration.
VPN
VPN stands for Virtual Private Network and is an option which provides a secure connection between a user's home computer and the OU network. As technology advances, users are traveling more but still need access to the services available on campus. VPN provides a means for private communication between geographically distributed locations yet also offers access to the resources on the OU Networks. Users attempting to access OU services such as file servers, Virtual Lab and email will be required to enter the University network through the VPN client.Vulnerability Assessment and Review
OU IT Security offers a vulnerability assessment service free of charge to university departments and business units. We can assess network, system, and application security as well as perform code reviews and web application assessments. At any stage of a project lifecycle our vulnerability assessment team can be brought in for a security consultation so that security risks can be proactively mitigated.
Web Sense
Web Sense is a web filtering solution that enables departments to deploy flexible, comprehensive Internet-use policies for web traffic to provide complete visibility into your Web usage. Web Sense can help improve productivity and guard against inappropriate content from entering the network by controlling access to non work-related web sites and applications during work hours.
