Centre Network and Security News

Choosing good passwords!

Long passwords are strong passwords!  

Your password can be:

  • passphrase(password phrase or sentence), or
  • A complex combination of characters.

Passphrase:   The easiest way to create a secure password is to use a passphrase, a password consisting of a sentence or phrase.   Passphrases may be easier to remember and more secure than a shorter, more complex password.   A passphrase must:

  • Be between 15 and 127 characters in length, consisting of letters and spaces, AND
  • Contain at least 1 number OR 1 symbol, such as   ( !”# $%&'()*+,-./:;<=>?@[]^_`{|}~).
  • Passphrase tips:
    • Consider a passphrase of several (5 or more) random words strung together, e.g. strainer walking trusty comic giraffe.
    • Make up a sentence that is relevant to you but is stated in such a way that it is not easily guessable, e.g., jazz is a passion, pizza too.
    • Remember that incorrect grammar and misspellings are passphrase strengtheners.
    • DON’T use quotations, popular song lyrics or well-known lines from books, movies, plays, TV shows, etc. exactly as published.   Individuals attempting to crack your password will try them.   You can base your passphrase on one of these, but vary the text in a unique way, e.g.,   “ not all those who wander are lost” (J.R.R Tolkein) could be modernized to “not all those who wander lost their GPS” (we’re sure you can do better).
    • DON’T use something that is public knowledge or has been shared on social media, such as Facebook or Twitter.
    • DON’T use any sample passphrases or passwords shared as tips.

Complex Password:   If you choose to set a shorter but complex password (less than 15 characters in length), your password must contain ALL of the following:

  • A minimum of 10 characters,
  • 1 uppercase letter,
  • 1 lowercase letter,
  • 1 number, AND
  • 1 symbol, such as    ( !”# $%&'()*+,-./:;<=>?@[]^_`{|}~)
  • Complex password tips:
    • Base your password on things relevant to you, but not easily discoverable.
    • Consider using incomplete words, uncommonly misspelled words or number or letter substitutions.
    • Create a unique password for your university account.
    • DON’T use the kinds of passwords that are easy hacking targets, such as:
      • Common dictionary words.
      • Sequential letters or numbers (e.g.   1234567890, abcdefghij, qwertyuiop).
      • Trivial passwords (e.g. password, passwd,mypassword,p@ssw0rd).
      • Easily discoverable personal data (e.g., Account name, Centre ID, names, birthday, address, pets).
      • Things that you’ve posted on social media sites (e.g. Facebook, Twitter).
    • DON’T ever leave a password blank or keep its default value intact.
    • DON’T use the same password to secure your university account as you use (or have used) for other sites, e.g., online shopping, Facebook.
    • DON’T reuse passwords.

Be creative!   The best passphrases and passwords are ones that have never been used before. 

Finally, remember: ITS will never ask you to disclose your password!

Tags: ,

Protecting Yourself from “Phishing Scams”

What is Phishing?

For those that are unfamiliar with this term, Phishing describes an attempt by a disreputable entity to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. While the most common platforms for Phishing are in e-mail or instant messaging, it is becoming more common on social networking sites as well that include chat rooms or other environments where web links can be shared and where attackers can disguise their identity.

How does this happen at Centre College?

One of the most common forms of phishing attack in higher education environments is still the official looking emails claiming be from the institution’s technical support team and usually take the form of an message asking for their user ID and password, with a threat of account deactivation if they fail to reply.  These specifically crafted phishing attempts are primarily focused on gaining access to email accounts to enable them to send malicious email to other systems with the appearance of coming from our legitimate mail system.

How do I spot a Phishing message?

  1. Asks for sensitive information such as usernames, passwords, account number, SSN, credit card numbers, etc.
  2. You did not initiate the communication (it is unsolicited).
  3. Includes a link that you are somehow encouraged to “click on.”
  4. Obvious typographical and grammatical errors that the sender they are masquerading as would not make.
  5. Legitimate emails from ITS will contain one of the following in the subject line: [CentreITS:CIO] [CentreITS:SYSADMIN] [CentreITS:ADMINCOMP] [CentreITS:HELPDESK]


So, why are these qualities a strong indication of a Phishing message?

  1. 1.     No reputable institution that you have dealings with would ever ask for or attempt to obtain sensitive information via unsolicited electronic communication.
  2. 2.     On the rare occasions where password resets and similar communication are conducted via electronic message, it should only be as a result of an action that you initiated. (NOTE: If you receive such a message from an institution you are affiliated with, you should be sure to contact them using your normal methods of communication,do not use those prescribed in the message.)
  3. 3.     Web links force a user to enter an electronic environment controlled by an attacker. Not only can they solicit your sensitive information but they can perform further automated attacks on your computer. This greatly increases the value of the attacker’s interaction with you.
  4. 4.     Phishing attempts are by definition a malicious act and as such are more frequently perpetrated by attackers for whom attention to detail is not as common a trait. The Phishing “industry” is one that prizes quantity over quality. 


What do I do if I accidently respond to one?

  1. 1.     If possible,change the password or access credentials immediately. (NOTE: make sure to record this new information securely until you are able to commit it to memory)
  2. Contact the ITS Helpdesk for the resource that you may have compromised.  Speed is critical, attackers can begin exploiting your information in minutes!  At Centre College, you should contact the ITS helpdesk at 859-238-5575 or e-mail helpdesk@centre.edu.
  3. Keep the original message until the Helpdesk support team tells you that it is okay to delete it.


Additional Resources:

If you would like to read more about Phishing, and look at some examples, any of the links below provide great information from authorities in higher education and beyond:

Think you have it down when it comes to spotting Phishing? Test yourself online at: http://www.sonicwall.com/furl/phishing/. How did you do?

Please feel free to contact the Centre College ITS helpdesk at 859-238-5575 or e-mail helpdesk@centre.edu if you have any questions or concerns.

System Maintenance Over Break!

During the break between Centre and Spring terms ITS will be performing maintenance on our servers and systems. The maintenance is mainly confined to standard OS and security related patches. The update process will cause outages, but they should be brief for each system or service. The maintenance will be Wednesday, Thursday and Friday evenings from 7PM to 10PM each evening. Below I have provided a list of services, what day the maintenance will be conducted and an estimate of the expected outage.


Wednesday 1/28/2015  (Completed!)

Email (Estimated Outage 15-25 minutes)

  • Exchange-cas (webmail)
  • Exchange-mb1 (Faculty email store)
  • Exchange-mb2 (Staff email store)
  • Barracuda (SPAM firewall)
  • ADFS (4 servers, providing Office 365 authentication)

File Servers (Estimated outage 10 to 15 minutes)

  • Staff (Server space for staff)
  • Faculty (Server space for faculty)
  • Students (Server space for Students)
  • NortonCenter (Server space for Norton Center)
  • Athletics (Server space for Athletics)
  • CentrePhoto (Communications photo server)
  • Digital Archives (Library file server)
  • Files (Web/SFTP access to file servers)
  • Cana (Religion research server)

Web servers (Estimated outage 5 to 10 minutes)

  • Main Website (2 servers)
  • Norton Center Website (1 server)
  • Web (general purpose web site for faculty/staff and organizations/departments)
  • Callisto (WordPress and Wiki sites)

Database/Web services (Estimated outage 5 to 10 minutes)

  • Development (Development management system)
  • Norton-Ticket (Norton Center ticketing server)
  • Alfresco (Document management server)
  • EventCentre (Campus calendar server)
  • R (Math application server)
  • Webforms (Form server)

Virtual Infrastructure

  • vCentre (VMware management server)
  • View (VDI management server)


Thursday 1/29/2015

Voice Service (Outages will be spread from 6PM to 8PM)

  • AT&T will be doing a test on our new SIP trunks that carry calls in and out of campus.

Food/Vending/Door Security (5 to 10 minutes

  • Odyssey-PCS (One card system)
  • Micros (Point of Sale system for Sodexo)
  • OnGuard (Door security server)
  • HVAC (HVAC control server)

Video on Demand (5 to 10 minutes)

  • Encore (2 servers, providing video on demand services)

General System (5 to 10 minutes)

  • Domain Controllers (3 servers providing authentications services)
  • Dirsync (Office 365)
  • CAS (Single Sign On server)
  • DNS servers (2 servers providing external DNS services)
  • Turing (CS program server)
  • Avogadro (Chemistry program server)
  • Passwordreset
  • COIL (Slide Library)
  • Lists (Sympa list server)
  • Nagio (Network management)
  • Cacti (Network management)
  • Neptune (Network management)
  • Backup system (3 servers)
  • Cherenkov (Physics research server)

Learning Management Systems (5 to 10 minutes)

  • Courses (Moodle)
  • VPjail (CS Moodle add in)
  • MoodleVid


Friday 1/30/2015

  • JICS (2 servers, providing CentreNet)
  • Cognos (2 servers, providing data analysis)