Ways used by Chemistry IT to ensure compliance with IT Security measures
See also:
- Cornell Two-Step Login (Duo two factor authentication)
- Security breaches and related data
- Phishing emails at Cornell
- Passwords
Encryption
To ensure data is not being compromised we strongly recommend, and in some cases require, drives to be encrypted
Management Tools
Tools used by Chemistry IT to help us ensure compliance with security policies at Cornell University.
- Active Directory & related information — Information useful for IT and non-IT staff and others.
- Active Directory look-up tool — You can use Quest ARS to look up Active Directory (AD) group membership. https://manage.ad.cornell.edu/ADAdmin https://manage.ad.cornell.edu/ADAdmin
- Edit Active Directory — IT staff, using their DOC accounts, can edit Cornell's Active Directory.
- Find AD's UniqueID, for Linux use — Via web of Quest, can find Active Directory's UniqueID. Or, use a Mac connected to CU AD.
- Managed Desktop or Certified Desktop — Configuration Manager for Windows, Casper for Macs, Puppet or Casper for Linux, etc.
- MacOS: Jamf Pro (was Casper) as used in Chemistry — Configuration, setup, and usage of Jamf Pro (was Casper) in Chemistry, in coordination with A&S's controls and guidance
- Different pieces of JAMF Casper at Cornell — JAMF Casper at Cornell is composed of multiple pieces that do different things
- Enrolling/adding a machine to Jamf Pro (was Casper) — How to add a machine to Jamf Pro using QuickAdd Package created by Casper (Jamf Pro) Recon tool
- Windows management — Configuration Management (CM) and Ninite are some tools used in Chemistry IT.
- Configuration Manager (CM) as used in Chemistry/Physics — Motivations for, and barriers to, using Cornell's MS Configuration Manager (CM) more powerful tools and capabilities, such as application updating. Especially within Research.
- Ninite (NIN-ite), as used in Chemistry IT — Ninite helps us patch 3rd party applications. Complements CM's Windows and MS Office patching.
- MacOS: Jamf Pro (was Casper) as used in Chemistry — Configuration, setup, and usage of Jamf Pro (was Casper) in Chemistry, in coordination with A&S's controls and guidance
- Printer management — We don't have a good printer management tool, system, or procedure. Might we not benefit from one?
Screen Lock
Screen lock allows a computer when idle for a certain amount of time to lock itself, requiring re-entering the user's credentials. This prevents the situation of a user leaving the computer accessible to all, ensuring data is not compromised. Cornell policy recommends every 15 minutes or less of idle time.
Spirion
(Formerly Identity Finder) Everyone dealing with university data is responsible for its proper handling, especially if it is sensitive data. Spirion is one tool which can assist you in your obligation to safe-guard sensitive data. This page contains information on using Spirion.
Updating
OS and Software engineers will provide security updates along with updates containing new features. To stay on top of threats to security, it is strongly encouraged, and usually required, for systems from our office to be centrally managed. For other machines, it is recommended to regularly check for updates.
- Mac Updates — Common procedures used by ChemIT to update computer running current Mac OSX
- Windows Updates — Remember to check and update ALL APPS/PROGRAMS unless specified for good reason, even if not listed. This page also contains specifics related to updating some of the most common applications.