Virus/Security - Technology Support Services

Documentation

When you send a message over a wireless connection, someone who has the correct equipment can receive and decode the message. You have no way to know if someone is eavesdropping on messages you send or receive; this kind of eavesdropping is undetectable.

Although the NMU wireless networks require all users to register their wireless network hardware addresses, it is still possible for malicious users to eavesdrop on others.
 

Wireless Security Precautions and Vulnerabilities

Despite its vulnerability to eavesdropping, a wireless connection is reasonably secure for many things. Here are the scenarios you may encounter while using the wireless network, and the risk each potentially poses:

• All wired data connections at NMU are protected from eavesdropping. If you are concerned over the security of your transmission, use a wired connection.
• When you connect to MyUser.nmu.edu to find out your password and account information, connect using the address that begins with https instead of http. When you connect to https://myuser.nmu.edu/user, the connection uses SSL (a 128-bit encrypted secure connection) which is safe to use over a wireless connection.

• If you check your E-mail with Outlook on a wireless connection, someone may be able to get your ID and password, and read your E-mail.

  You can read E-mail on MyNMU without worrying that someone will get your user ID and password, because the login information is transmitted using a secure SSL (128-bit encrypted) connection. However, Your mail message is not encrypted, which means it is still not guaranteed to be private.

• If you connect to an FTP server over a wireless connection, someone may be able to get your ID and password.
• Using wireless connections for general Internet browsing should not pose any security risk, but may not be private.
• If you place a credit card order or submit sensitive form data, make sure the site is using SSL (a 128-bit encrypted secure connection). Connecting to a site using SLL is a minimal security risk. even over a wireless connection. To find out if a connection is using SSL, look for a lock icon in your browser, usually on the left side of the URL bar.
  If you do not see a lock icon in your browser window, do not submit credit card information or any other confidential data even if you are using a wired connection.

Documentation

The Windows screen saver can be changed to fit your personal preferences and make your computer more secure by requiring the Windows password after a set number of minutes of inactivity. The steps below cover the process of changing the screen saver. 

1. Right click on any empty space on the desktop and select "Personalize" from the drop-down menu. 
    
 

2. Click on the "Lock Screen" option on the left and scroll down the right side of the window and select "Screen saver settings".
    

3. In the new window, select the "Screen Saver" option from the pulldown menu. Set the "Wait" time to 5 minutes and check the "On resume, desplay the logon screen" checkbox. Click "Apply" and "OK". This will automatically bring up the screen saver after 5 minutes of inactivity and you will be prompted for the Windows password to use the computer.
    

4. HELPFUL HINT: You don't have to wait for your screen saver to lock your computer. You can lock your Windows computer at any time by using the "Ctrl-L" key combination. The "Ctrl-L" key combination will work any time you want secure your computer. You don't have to set up the screen saver to use the "Ctrl-L" key combination.

Documentation

Unless you retire as an employee at NMU, as a faculty, staff, or student your NMU G Suite account will become disabled 1 year after you leave NMU and 3 years afterward if you were a graduate student. For these reasons, or just for the piece of mind of having a backup of your NMU G Suite content for yourself, you might consider backing up your NMU G Suite content.

Backing up your content to a ZIP file

Google's Takeout application, https://takeout.google.com, can be used to create an archive and/or ZIP file of your NMU G Suite content and download it to your computer. Google Takeout will convert the Google document formats to offline formats (Google Docs -> Word format, etc.). If you have a large amount of content, such as many video files, creating a ZIP file using Google Takeout may not be a good choice. More information is available from Google at "Download your data" and a 1 minutes video at "How to Use Google Takeout - YouTube".

If you later chose to upload the content to a different G Suite account, open the Google Drive settings and choose the option to "convert files on upload" before you upload the files if you want them in the Google Docs and other formats again.

Transferring your content to another G Suite account

The same Google Takeout application offers a way to transfer the NMU G Suite content to another Google G Suite account using https://takeout.google.com/transfer. See "Copy content from your school account to another account" for details.

The Google Takeout Transfer option, https://takeout.google.com/transfer, may be a great choice especially if you have an "Email for Life" account available through the NMU Alumni office. The Alumni "Email for Life" accounts are Google G Suite accounts with an @alumni.nmu.edu email address, have unlimited space available to you, and currently, unlike your NMU G Suite account, do not expire. Visit http://nmu.edu/alumni and the "Email for Life" link to request an @alumni.nmu.edu Alumni G Suite account and see if you qualify.

Documentation

NMU creates its own SSL security certificates used for some network services. These certificates are already installed on NMU issued computers but you may need to install them on your personally owned device in order to access some of the NMU network services. Installing the NMU SSL certificates is the preferred solution. Instructions are available on the "Add the NMU SSL Certificate" page.

Another option is to allow an exception for the NMU network service you are trying to access. Here are instructions for doing so with popular web browsers.

• Firefox
• Chrome
• Safari
• Edge
• Internet Explorer

Firefox

    Click "Advanced" at the bottom of the page, click "Add Exception...", then click an “Confirm Security Exception” button at the bottom of the page and the web page will be added to an exception list. 

Chrome

    Click "Advanced" at the bottom of the page, then click "Proceed to address-of-the-website (unsafe)"

Safari

    Click "Show Certificate", review the certificate content is from NMU, then click "Continue"  to get to the website.

Edge

    Click "Details" and then "Go on to webpage"

Internet Explorer

    Click "More Information” the click "Go on to webpage (not recommended)"
   

Documentation

NMU creates its own SSL security certificates used for some network services. These certificates are already installed on NMU issued computers but you may need to install them on your personally owned device in order to access some of the NMU network services. Installing the NMU SSL certificates is the preferred solution. Another option is Adding a Security Exception to Your Browser.

Documentation

To access EduCat classes or content you will need:

• The latest or one version earlier of Firefox, Chrome, Safari, Microsoft Edge, Microsoft Internet Explorer, or Opera browsers
• Respondus lockdown browser from http://it.nmu.edu/downloads may be needed for taking quizzes and exams that require using the Respondus lockdown browser. As of Feb, 2019 the Respondus lockdown browser is only available for Microsoft Windows, Mac OSX (and iOS on an Apple iPad if the instructor changed a setting to allow it). For more up to date and detailed system requirements see Repsondus' Lockdown browser system requirements page. 
• Software or a way to view Microsoft Powerpoint PPT, PPS, PPTX and PPSX files. You could use your NMU G Suite account and view them after they were saved to your Google Drive.

Depending on your instructor's course video content, this software may or may not be needed for playing videos.

• Adobe Flash from https://get.adobe.com/flashplayer/
• Microsoft Silverlight from https://www.microsoft.com/silverlight/
• VLC Player from https://www.videolan.org/vlc/index.html

You might also need: 

• Cisco AnyConnect from  http://it.nmu.edu/downloads

Documentation

• Where can I get a mobile authenticator app?
• Where can I get a FIDO U2F Security Key?
• Can I turn off 2 Factor Authentication once I have turned it on?
• How do I recover from losing my mobile authenticator app, backup codes, or security key?
• What 2 factor authentication method do you recommend?
• Can I use myuser.nmu.edu/recover with 2 Factor Authentication on and I don't have a way to verify the second factor?
• How can I tell which type of code is required for the 2 Factor Authentication if I have enabled the authenticator app and backup codes?
• What happens once I run out of backup codes if that is the only 2 Factor option I am using?
• What happens if my Google Authenticator stops working?

Where can I get a mobile authenticator app?

• Google Authenticator from https://support.google.com/accounts/answer/1066447?visit_id=1-636474765789074938-3272926476&hl=en&rd=1
• Microsoft Authenticator from https://support.microsoft.com/en-us/account-billing/download-microsoft-authenticator-351498fc-850a-45da-b7b6-27e523b8702a

Where can I get a FIDO U2F Security Key?

• https://www.yubico.com
• https://www.amazon.com

Can I turn off 2 Factor Authentication once I have turned it on?

All of the methods have options to remove them.

How do I recover from losing my mobile authenticator app (new phone), backup codes, or security key?

If you need to change the settings and the normal 2 factor authentication login process is no longer available to you, the recovery process at myuser.nmu.edu/recover can be used to change your password and update your 2 factor authentication settings. It does not “use” 2 factor verification and you will not be prompted for 2 factor authentication when you go to myuser.nmu.edu/user to complete the recovery process.

Once you have changed your password, stay logged into myuser.nmu.edu and click on the Security tab. There you can update or modify your 2fa options.

What 2 factor authentication method do you recommend?

We recommend you enable at least 2 of the 2 factor authentication methods, generally the smart phone app is most convenient, and generate a new set of backup codes once you have used the 9th one in your current list. This way you always have more than one backup code available to you.

With any of the 2 factor authentication (sometimes referred to as 2FA or TFA) options, you should then use it to “trust” a number of computer browsers. You “trust” a device by selecting “Remember this computer for 30 days” option when you use the authenticator app. You should never select the Remember/trust option on someone else's device that you are only using for a one-time login. If you own or have “secure” access to multiple computer devices then you should trust more than one device. If you trust more than one device trust them on different days so if you can't login into one device the other device will still work for you. If you have trusted a device/browser then you have the remainder of the 30 day period to login and alter your 2 step verification.

Can I use myuser.nmu.edu/recover with 2 Factor Authentication on and I don't have a way to verify the second factor?

The recovery process started at myuser.nmu.edu/recover does not “use” 2 step verification, you will not be prompted for 2 factor authentication when you go to myuser.nmu.edu/user to complete the recovery process. The myuser.nmu.edu/recover process does allow you to select Mobile Authentication app as a method of proving your identity, but it then supplies you with a temporary password recovery code which you use at myuser.nmu.edu/user. Temporary password recovery codes which can also be supplied by the helpdesk staff will never invoke 2 factor authentication.

How can I tell which type of code is required for the 2 Factor Authentication if I have enabled the authenticator app and backup codes?

You can use either one. The “Use a different method” option may lists the options separately if you have enabled both, but you can actually use either source in the Enter Code field.

What happens once I run out of backup codes if that is the only 2 Factor option I am using?

Again if you have trusted a device, (and you should) you have 30 days (or less) to login from that browser/device and generate a new list of backup codes. We recommend after using up 9 codes that your next action should be to generate a new list at https://myuser.nmu.edu/user.

Otherwise you will need to use the recover option to change your password as described above.

What happens if Google Authenticator stops working?

It quite possibly is out of sync with the correct time. The following website has instructions for Android and iPhone: my two factor codes aren't working

See also: Setting Up 2 Factor Authentication