Security: Protect Your Laptop and Yourself!

sophosbadgeViruses, worms, ad-ware and spyware, and theft, are examples of SEVERE risks to your computer in a public, networked environment. You MUST PERFORM THE STEPS LISTED BELOW if you wish to use your computer at Pepperdine or you could face repercussions including loss of network access, data loss, and system failure.

  1. Maintain up-to-date virus protection software on your computer. The University’s IT department supports Sophos for faculty and staff. For students, University IT recommends Microsoft Defender (no cost) for Windows and Sophos AntiVirus for Macs (home version, no cost).
  2. Regularly install all Critical Updates from http://update.microsoft.com. You should begin checking Microsoft Update constantly, starting now. You can also configure your Windows computer to check automatically for updates every time you connect to the Internet.
  3. Keep your browser up to date! A great browser-based tool for checking how current your web-related tools are is Qualys Browser Check.
  4. Keep your computer’s operating system and office products up-to-date
  5. Do not install peer-to-peer file-sharing software or other high-risk programs. Attempt to eliminate any programs that might already be installed by running a spyware/adware removal product such as Spybot Search & Destroy or Ad-aware.
  6. Buy and use a computer security cable for your computer to lock it down when it is not attended. (Alarm-equipped cables are NOT recommended.) We highly recommend that you NEVER leave your belongings alone, especially in quiet areas like the Law Library, as the School of Law is open to the public. Kensington has a website that will help you find a security cable that was made for your laptop. Note that there are currently at least three different kinds of security cable ports on laptops today so you’ll want to pay attention and select the one that fits your laptop. (Pepperdine Caruso Law does not endorse or recommend Kensington locking cables to the exclusion of other  similar solutions, however we have had very positive experience with Kensington security cables for over two decades and find that their products are reliable).
  7. Do not click on links in unsolicited email messages.
  8. Do not open an email attachment unless you are expecting it or have checked with the sender.

PIN?

Using a PIN to access a University area with card swipe access — Where’s my PIN, What do I do if I forgot it or never knew what it is????

Every student, staff member and faculty member has a university-issued PIN or Personal Identification number for use with your ID card. Residential students use these all the time to enter their apartments or dorm rooms. You may not have needed your PIN until now.

The PIN is used in conjunction with the access control system at Pepperdine and is part of a two factor authentication system that requires a user to “have something” and to “know something” in this case you “have” your ID card which has a proximity chip in it and you “know” your PIN.

Don’t KNOW your PIN? Here are the instructions for retrieving your PIN.

PIN Retrieval App Instructions
1.Login to your personal WaveNet page using your Network ID and Password.
2.Select the Student Services tab and then ID Card PIN Lookup from the drop-down menu.


3.You will be prompted to read a disclaimer and select Agree.


4.You will then be required to login for a secondary security authentication.


5.The PIN information will displayed as follows:


6.If you are not currently setup in the access database you will be directed to the following screen: (You will see this screen for the first 20-30 minutes after your ID card is printed as the computer system updates. Check again soon.)


7.The PIN display screen will reset in 30 seconds and you will be re-directed back to the Disclaimer page. However, another session can be initiated by selecting Agree and following the process again as outlined.

This information is also available HERE with a visual guide: https://drive.google.com/file/d/1-L99QWwGYkjbFri18VXNgcjzXKeYHIf4/view?usp=sharing

Spamfilter at Pepperdine

Spam is every bit the reality in our email inboxes as the junk mail that comes in our postboxes; though often more obnoxious and potentially more dangerous. The University has made great improvements in the last few years to protect users from spam.

If you suspect that you’ve missed a message because it was blocked by the spamfilter, or if you’d like to customize the features of the anti-spam services here at Pepperdine, log in to spamfilter.pepperdine.edu. Provided by a company called Sophos, this system will allow you to retrieve any messages that might have been incorrectly labeled as spam as well as manually add email addresses that you wish to allow to email you, by-passing the filter, or block from sending you email.

Additionally, University Information Technology provides a list of Frequently Asked Questions with answers. However you may wish to review all their help files concerning spam to educate yourself fully.

Safeguard Your Online Meetings and Classes against Zoombombing

If you haven’t already, please read the email on zoombombing sent from Pepperdine’s CIO, Jonathan See.

Also, consider watching this video by Zoom Support on how to secure your meetings:


Since Zoom is a free and public platform, anyone with access to a meeting link can join. Unfortunately, recent incidents have occurred known as known as “Zoombombing” where unwanted participants enter the Zoom meeting room and screen-share and/or proceed to say or write very offensive things. Here are the ways to safeguard your meeting against zoombombing:

Treat the Zoom Session as a Private Event

  1. Share the Zoom meeting link only with intended participants.  Participants should not share the link publicly or with others who do not need to be in the meeting.
  2. Don’t post the meeting link in social public forums.  Faculty are encouraged to post the meeting link in their institutional learning management system for students to access.

Consider these Zoom settings (if appropriate)

  • Assign screen sharing ability only to the host. In Zoom, click the upward arrowhead (^) next to Share | Advanced Sharing Options | Only Host.
  • Mute participants upon entry and disable their ability to unmute themselves.  In Zoom, click Manage Participants | the “More” button and check both “Mute Participants On Entry” and “Allow participants to unmute themselves.”
  • Allow participants to chat with the host only.  In Zoom, click Chat | the “ellipsis” button and check “Host only.”

Zoombombing is both offensive and highly disruptive for you and your participants, and it can happen in Zoom or any other video conferencing solution.  If you experience such activities, please report the incident as soon as possible to an IT member. 

If you have any questions, please feel free to contact Information Services at [email protected] or (310) 506-7425.

Disabling the Waiting Room feature in Zoom

The Waiting Room feature allows the host to control when a participant joins the meeting. However, if the Waiting Room option is enabled, re-admitting student who lose connection or enter the session late may be a hassle, and join before host will not work for that meeting.

Please follow these instructions to disable the Waiting Room feature for your sessions:

1. Sign in to your account at pepperdine.zoom.us

2. Click Settings on the lefthand side, and then select the Meeting tab.

3. Navigate to the Waiting Room option under the Meetings tab and verify that it is not selected. To deselect, click the blue button until it shifts positions and turns grey to show that you have deselected the setting.

More for Faculty Zoom users

For more information and/or assistance, please contact [email protected] or call Pepperdine University IT support at 310-506-HELP (4357).

Forgot Your Password? MyID Reset

The MyID PIN Reset outlines the process for resetting a forgotten password via MyID:

1. Go to: https://myid.pepperdine.edu

2. Click Option 2: Click “Set/Reset Password”
3. Enter your NetworkID.
4. Type the letters displayed in the picture.
5. Select the check box (to allow PIN text message)

6. Click “Request PIN”

7. You will receive a confirmation message, click “Close”
myid38. Retrieve the PIN from your alternate email or mobile phone. Enter it here and click “Validate”
myid49. Enter your new password twice and click “Reset Password”
*Please Note: If your password does not meet our complexity requirements, you will see a red X next to the issues that need to be fixed.myid5
10. Password reset was successful. Please close your browser.
myid6Password Tip: Don’t Get Locked Out!
Update passwords you stored on your mobile devices, too!

Pepperdine Passwords and Password Managers

True or False: It is against Pepperdine policy to reuse your Pepperdine password for any other web service.

It’s true, it is against Pepperdine policy to reuse your MyID password for other accounts or sites.

When you reuse your Pepperdine MyID password on Internet sites or accounts, you are making yourself vulnerable to attacks on your Pepperdine account, finances, grades, and more. In 2011 alone, millions of passwords were stolen from Internet sites like Sony Entertainment and Gawker. In 2012, more than 6 million LinkedIn passwords were compromised.

If you use the same password over many sites, the security of your password is only as good as the security of each individual website you use that password. And if one site is compromised, your entire web presence is compromised. Your author actually uses a different 20 digit passphrase for every single website he uses and its actually quite easy to manage using a Password Manager.

Password Managers

A password manager is a software program that securely stores many passwords and IDs with the goal of making multiple passwords easier to access and use. A password manager can be very helpful to people who have lots of passwords. Read more about password managers here.

http://community.pepperdine.edu/it/security/password/passmgrs.htm

If that seems like too much work, its probably because it is, but that all depends on how you value your security. Strong passwords take a hacker with lots of computing power a very long time to guess. And if all your passwords are different, having your password compromised on LinkedIn just means that you only have to change that password and not have to worry about your Pepperdine account, Bank account, or whatever password that you may also be using that password on.

If the thieves find a connection to Pepperdine, they will use your account to send spam or attack your identity. This has already happened at Pepperdine!

Change Your Password

Login Form Image

You’ve probably seen or heard of the myriad of recent news headlines where popular organizations like Twitter or Evernote have been hacked. These organizations assure us that our data is not compromised, and advise us to change our passwords or they promptly change our passwords for us to reduce the amount of damage a hacker can do. There is often more to the story, and even passwords we think are quite clever may be cracked with relative ease. The blog Ars Technica featured a couple of stories recently about passwords, which I recommend you read. There are a few examples of presumably safe passwords that were cracked with relative ease. The first article described how a blog editor managed to crack passwords with some basic tools, and can be found here. The second is a follow-up article, where the consulting hackers took a shot at the same list. You can view that one here. They are both fairly detailed but I encourage you to read all the way to the end.

There is a convenient graphic that illustrates the complexity of certain passwords, which I also encourage you to read. It can be found here.

Safe passwords are hard(er) to crack. You cannot rely on a website to properly encrypt your password, as we have seen in the news so often lately. Password managers can be a useful tool to generate random passwords for you, if you are concerned you cannot come up with a good password. The downside is that these passwords will be nearly impossible to remember, which then requires a master password that you can remember. There are a number of password applications out there, KeePass and LastPass among the more popular options. Which one you choose is up to you. Be sure to look for apps for your chosen smartphone as well, so you can be safe from whatever device you are using.

Our own Julie Tausend also recently wrote a post on information security. In it, you’ll find links to university services and policies that can be useful to you in securing your information. You can also go straight to the source for passwords and other types of security at community.pepperdine.edu/it/security.

Be safe out there, and be sure to CHANGE YOUR PASSWORDS!

MyID Password Reset Errors

The Password Reset- Error Messages includes screenshots of various error messages that may be seen in MyID when attempting to reset a password.

Note that the https://myid.pepperdine.edu website provides some additional resources, including a link to verify/update your MyID profile, a link which can be used to change a known password, and a short training video.

1. The user’s profile information is blank.

myid7

2. The user doesn’t recognize the email or phone number that the PIN was sent to.
myid8

3. The system doesn’t recognize the user.
myid9

Note: All of these messages direct you to go to: https://myid.pepperdine.edu/help

This URL will:

  • Link to our new Password Reset Request Form.
  • Generate a help desk ticket for Anytime Support.
  • Anytime Support (the Password Reset Group), will help people update their profiles.