• About
• Accounts
• Cable & Video
• Computing Services
• Computing Sites
• E-Mail
• Enterprise Applications
• Hardware
• Help
• Hosting/File Storage
• ID Cards
• IT Security
• IT Training
• Network Services
• Policies
• Printing
• Research Computing
• Software
• Telecom Services

UM Edition, February 2008

Project to Protect Social Security Numbers Underway

The approach is analogous to a coat check service or safety deposit box in a bank vault. Such services accept delivery of an item or object from a customer and securely hold it. In exchange for the item, the service provides the customer with a token in the form of a claim ticket or key. When the customer seeks to recover the item, they present their claim ticket or key; the service retrieves the item and delivers it to the customer or the customer's designee.

In the case of the SSN vault, the item secured is a social security number. The University's SSN vault is more restrictive than the analogies above, in that mere possession of the ticket or key is not sufficient to retrieve an SSN. The business process or person seeking the SSN must also prove who they are, and they must be pre-authorized to retrieve the number.

To make this work, any University business activity or process that acquires an SSN from an employee, student, customer, patient, vendor, etc., must be altered to place the SSN into the vault. The business process must take the value on the "claim ticket" issued by the vault — an alternate ID number — and save it into the recordkeeping system where the business process had previously recorded the true SSN.

Any business process that requires the true SSN thereafter (e.g., tax reporting or foreign student registration) must be altered to submit the alternate ID number to the SSN vault to re-acquire the SSN. In most cases we'll define the security system to limit use of the true SSNs to the government agency requiring the data.

The SSN vault and altered business processes improve our overall security posture by reducing the number of data systems holding SSNs. Instead of storing them in dozens of places as we do today, we will have only one place where we must maintain high security. Additionally, access to the vault must be pre-approved, and the vault software will log and audit all retrievals. The end results are that fewer people will routinely handle SSNs, and derivative documents (such as spreadsheets, email messages, and other electronic records) containing data from our administrative databases will not reveal SSNs.

The SSN Remediation project began last summer. The first systems to be integrated were the alumni databases for each of the four campuses and the Identity Management system used to manage network logon accounts and electronic mailboxes. The next phase will focus on the Financial, HR, Payroll, and Benefits systems.

It is important to note this effort is not solely a technology initiative; it is a complete rethinking of how we use SSNs in our daily business processes. You'll no doubt hear more about the project in the coming months, including in future editions of TechKnowledge.

TigerNet Wireless Network to be Removed from Service

TigerNet uses the WEP protocol for data privacy. WEP has shortcomings:

• WEP is not very secure. The WEP key is easily cracked, making it relatively easy for someone to eavesdrop on your wireless data communications, including web browsing, e-mail, and file transfers. It's also fairly easy for people with no MU affiliation to obtain the WEP key from someone working at MU, allowing them to access the wireless network and use our resources (such as Internet bandwidth).
• The WEP key must be distributed to all wireless network users and configured on every wireless computer. In addition, the key must be changed occasionally to limit, at least for a while, the number of non MU-affiliated users on the wireless network. This is a support problem and is inconvenient for everyone.

TigerNet1x uses the 802.1x protocol to improve data privacy and network access and has the following benefits:

• 802.1x allows wireless network access via PawPrint (SSO ID) authentication. Your PawPrint and password are strongly encrypted to protect them against theft. Only users with an MU affiliation have a PawPrint, thus preventing nonaffiliated persons access to our network.
• There is no key to be distributed, which is much more convenient for users and support staff.
• 802.1x supports several types of data encryption. When properly configured, it provides very strong encryption, making it all but impossible to eavesdrop on wireless communications.

For information on how to configure your wireless-enabled laptop or other device to use TigerNet1x, please visit the IT KnowledgeBase. For additional information about wireless networking on campus, please refer to the Division of IT's Wireless page.

February 2008 Oracle/PeopleSoft Update

• Completed work for the W-2 and 1099 forms for UM employees.
• Work is underway to load student photos for UMKC and MS&T into the PS Student System to assist Admissions in their work.
• Supporting the rollout of ePro (the eProcurement PeopleSoft-based system) to all UM campuses.
• Finalized plan for upgrade of PS Financial Management to v9.0. This upgrade will start in February with a completion date of November 2008.
• Phase I of Connect EDU is in progress and has been implemented for all UM campuses. Phase II is in its planning stages.

Upcoming projects and goals include:

• Time and Labor implementation (all campuses and UM System)
• Social Security Number theft risk mitigation
• Self-service HR funcitons including eProfile, ePay, and eBenefits
• Student financial aid processing in PeopleSoft for MU
• Pension administration for retirees

Sprint BCEE Service to End

This change will affect only Sprint customers who are BCEE subscribers. Beginning March 31, subscribers' phones will continue to work, but they will no longer get e-mail and calendar updates.

Windows Mobile will replace BCEE as the preferred solution for mobile access to e-mail, calendar, and contacts.

Please see the Division of IT's Sprint cellular page for departmental and individual customer service information.

Cold-Weather Tips for Laptops

Store carefully. Never leave a laptop in the trunk of your car in cold weather, even if it's in an insulated case. If your laptop freezes, you could lose all your data.

Let your laptop warm up. After bringing a laptop in from the cold, let it warm up to room temperature before starting it. The display is especially vulnerable. Don't use a heating pad to "thaw" a frozen laptop display! Allow it to warm up on its own before you start up.

Use a laptop warmer.... These devices, designed specifically to keep a laptop warm, have been tested for safety and effectiveness and are a good investment.

...but avoid excessive heat buildup. Too much heat is as bad for your laptop as too little. Don't use mug warmers or pocket warmers to heat your laptop! These devices can cause problems if they heat the wrong parts of a laptop and can even melt internal components. Also, don't use your laptop while it's in its bag (or anywhere else that doesn't allow adequate air circulation) — inadequate ventilation can cause the processor to overheat.

Change your laptop's power settings. If your laptop uses the "power save" mode, turn it off. A running laptop will stay warmer than one that's asleep, as it generates its own heat.

OneNote Helps You Collect, Organize, Share Notes

Some of the things you can do with OneNote:

• Share notes with other team members or students via email. In addition to your own notes, OneNote enables you to clip an image from your browser and even places the referenced URL in the notes.
• Record a meeting or lecture for later reference. OneNote associates the audio to the notes you take. As you listen to the audio later, OneNote highlights your notes on your computer screen.
• Tag important notes. With just a click, you can apply a star to an note item to help find it later. The star is just one of many tags you can apply.
• Flag notes to show up in your Outlook Task Pad to remind you of an action item recorded during a meeting or lecture.
• Ink notes with a tablet PC. Instead of typing, you can handwrite notes and later convert them into text. Obviously, your handwriting must be legible!

Don't take notes on paper and tediously type them into your laptop any longer. Do it once and save time. To learn how to use OneNote 2007, sign up for a free course with IT Training.