Search

Carrara Education Technology Center (CETC)
College of Education
231 Chambers Building
University Park

Help Desk

Leadership

Technical Support Staff

If you are experiencing a problem with your computer and would like assistance in resolving it, please fill out our Technical Assistance Form, or call 865-0626.

Info

The CETC Team is responsible for managing the College’s IT infrastructure, which includes: network, servers, desktops, laptops, mobile devices, and associated peripherals in Chambers, Keller, Cedar, Rackley, Penn State IT Data Centers.  Information and technical support is provided through walk-in service, our online help desk-ticketing system, through appointments, phone, and email.  The College is a multi-platform, heterogeneous environment, serving both Apple/macOS, Dell/WinOS, and a variety of mobile systems.

The Carrara Education Technology Center (CETC) exists for the purposes of: being a model of learning persons providing outstanding customer services and technical support; ensuring that Information Technology (Penn State IT) goals and strategic plans complement those of the College of Education and the University; fostering collaborations and facilitating the delivery of services that meet the academic and administrative needs of the College, University, and community.

Office of Research, Outreach & Technology: Focus on technology.

Vision

The Carrara Education Technology Center is a leader by demonstrating: (a) outstanding customer support, (b) advancing information technology innovation, and (c) inspiring creative application of information technology resources in the College of Education, at Penn State University, and in the community.

Mission

The mission of the Carrara Education Technology Center is to provide outstanding technical consultation, support, and training for the exceptional educators, scholars, researchers, and students at Penn State College of Education, thereby helping to advance the profession of education through the secure, proficient, successful, and innovative use of technology.

Future State

Our IT group will be an ongoing and supportive community built on trust that fosters collaboration, innovation, and strategic creativity, to provide strong IT leadership for the University.

Policies

Before connecting to the College of Education network, all users must read and understand a number of the key conditions set forth in the following Penn State IT and College of Education Information Technology Policies.

Special Projects

As time and schedules permit, CETC personnel can be included in sponsored projects to facilitate technical assistance, support, design, and project development. Approval must be obtained after full project scope and planning have been discussed and negotiated.

Information Technology Guidelines and Policies

1.  Web Site Development

Guidelines have been drafted and reviewed by the Faculty Council.  The guidelines are currently posted on our Internal Web Site under the College Policies heading.

Web guidelines and policies.

2.  Administrative Rights to Local Machines

Penn State is encouraging all units to operate local computers with the lowest level of administrative privilege consistent with performing necessary functions.  When machines with higher levels of administrative privilege are compromised by hackers, the potential for damage to the network is much greater.  For this reason, the University is encouraging units to operate their machines with the least level of administrative privilege necessary.

Most users have little or no need for higher levels of administrative privilege to do their work, but there may be instances where higher levels of privilege are needed on either a temporary or more permanent basis.  The College’s default practice will be to configure all computers connecting to the Penn State network with one local user account for the use of the individual (i.e., without administrative privilege).  If an individual user wishes to have administrative privilege, a request should be completed and submitted to the Associate Dean for Research, Outreach, and Technology for review. Please note this policy option is for faculty only.

Administrative guidelines and policies

Please submit your request to the CETC help desk ticket system

3.  Establishing Accounts on Computers

Before you were given a Penn State access account you signed an agreement to abide by the university’s  “Acceptable Use Policy” which describes prohibited activities like sending spam, trying to sell things, etc. Upon gaining access to the Penn State network, users will be required to log in, and will be reminded of their commitment to comply with University IT policies.

One aspect of acceptable use is not storing any personally identifiable information (like Social Security numbers, credit card numbers, etc).

Password guidelines and policies

Acceptable use policy

4. College of Educations Information Technology Resources

We hope you will find this reference guide useful for accessing information or resolving technical challenges that you may experience during your stay in the College of Education. This guide covers information for Windows, Mac and Mobile computers and devices. 

Understanding College of Education Resources 

5. Centralized Computer Equipment Purchasing

Why Centralize Computer Equipment Purchases?

A. We see this as a service to faculty and staff to provide them with the best equipment based on the staff or faculty members’ needs.

CETC can help employees choose the best piece of equipment to accomplish IT goals and ensure that the equipment comes with all the necessary software, features and warranties in order to serve the employees’ needs and comply with PSU’s network/IT security policies.

B. PSU has purchasing contracts with Dell and Apple.           

PSU has a business relationship with DELL and Apple that allows us to purchase equipment specifically designed for higher education at a reduced rate.

C.     We can provide a streamlined process.

CETC will streamline the computer purchasing process so that the employee doesn’t need to go to multiple staff to purchase equipment and he/she won’t need to walk it down to the CETC to be programmed when it arrives.  CETC will work with faculty and staff if they have any special software or preferences during the computer quote, purchase, and set up process.  Once the equipment is ordered and arrives, the employee will be contacted to pick up their new equipment, which will be fully programmed and ready for use.  This process will be quicker and more organized than the current process.

D.    Centralized purchasing will allow a systematic approach to keeping an equipment inventory and life-cycle management.

We will be able to systematically inventory all of the College’s computer purchases.  Our Finance Office currently conducts an annual audit of all computer purchases under $5,000.  The life cycle for all systems is 4-years with a 3-year written exemption due to a specified requirement or need.  This will make the audit process much easier and require less of the department staffs’ time during the annual audit.  Also, by keeping a central inventory, we will be able to pull data to show us when faculty and/or staff will be due for equipment renewal and we’ll be able to plan for better uses within the college of old computer equipment that may need to be upgraded, but still works.

 E.     We will be able to provide Department Heads with data that helps with IT budget planning.

This process will help forecast IT budget needs so that these costs can be built into operating budgets during our annual budget planning process.  We will be able to provide reports showing how many pieces of equipment are at the end of their life cycle and give an annual estimate of how many machines may need to be replaced each fiscal year.  Department staff will no longer need to keep logs and/or complete this process for you, freeing up time for them to work on other duties.

How will the process work?

A. The employee who would like to purchase the equipment will go to the CETC website and open a helpdesk ticket with CETC to get a quote, specifying what type of equipment they would like and the budget to be charged.  Faculty and staff should have permission to make this purchase before starting the process.

B. CETC will get a quote from the appropriate vendor and will email it to the employee to make sure it’s what they want.

C. Once the quote is complete, approved and the budget is provided, the CETC IT staff will forward the quote and budget info. to the Finance Office.   FO will forward the email to the Dept. AA if the budget being charged is a general fund to confirm that it’s been approved at the dept. level.  We realize that we may receive the quote/request to purchase from the Administrative Support Coordinators within the Departments in many cases.  If this is the case, we will not need to request approval from the dept. for purchases under $5,000 and will assume the Administrative Support Coordinator has already worked with the Dept. Head to ensure the purchase approval.  Any items over $5,000 will be entered by the FO in EBUY+ and will follow the normal purchase approval process through EBUY+. (there will be no change in the approval path for any purchases due to this new purchasing process)

D. Once the purchase is approved, FO will place the order and charge the appropriate budget.  FO should be able to place the order the same day that it receives approval from the dept. but we ask that employees expect a two-day order turnaround during high volume times at the beginning of the academic year and end of the fiscal year.  All computer equipment purchases will be shipped to the CETC.

E. When the equipment arrives at CETC, it will be scanned and entered into our electronic inventory system by CETC staff.  (We will be using the same software we already use for our help desk ticketing system, so no new software costs will be incurred)

F. Once the equipment is scanned, the CETC staff will load the appropriate software and will notify the employee upon completion via email that they can pick up their computer.

G. Client pickup requires confirming a secure logon, answering any user questions, and demonstrating the preferred methods deployed by CETC in the care and feeding of their College-owned system and or mobile device.  Generally, this takes less than 30 minutes.

Below is a list of items that must be processed through the Help Desk Ticket system.

It is highly recommended that all requests for equipment come through the College of Education Help Desk staff and Ticket system at http://help.educ.psu.edu

Summary

  • Any hardware, software & Licensing over $100 is required to come through the Ticket system.
  • Consultation is always available and recommended.

 

A. Required - Equipment List (Any and all equipment that can be digitally authorized, registered, and managed)

  1. Computers (All forms)
  2. Laptops (All forms)
  3. Tablets (All forms)
  4. Mobile device (All Forms)
  5. Some digital watches if they can be managed and registered.
  6. Large Hard Drives over 1Terabyte
  7. Large Format LED/LCD Displays
  8. Any kiosk or standalone type system: Horizontal, wall-mounted or vertical in orientation
  9. Any Web-enabled devices: Camera, Video Cameras, Digital Cameras, AMX or Crestron consoles.
  10. Any wireless device: Wireless Access Points (APs).
  11. Printers
  12. Storage systems
  13. Servers – virtual or other
  14. Storage systems for any of the listed items above
  15. Security systems or card access devices


B. Not Required - Equipment List

  1. Keyboards
  2. Mice
  3. Mini flash drives

C. Exemptions 

Certain research projects may not require an accounting or inventory of equipment pre, mid, or post-award. In these cases working with the IT staff may not facilitate the business needs. 

6. Disposing of Computer Equipment

The College has developed guidelines and policies for the disposal, End-of-Life (EoL), disposition of computer systems in the College.

Disposing of Computer Equipment Guidelines

7. Internal Security Documentation

The College has developed guidelines and policies covering disaster tolerance.

Internal Security Policies

8. Mobile Documentation

The College has developed guidelines and policies covering the use of mobile devices.

Education Mobile Policy

9. Firewall Documentation

The College has developed guidelines and policies covering firewall administration and use.

Education Firewall Policy

10. Digital Signage Guidelines

The College has developed guidelines and policies covering digital signage.

Digital Signage Guidelines

Once your email and calendar have been migrated to Office 365, you can configure your mobile devices. Below are step-by-step instructions for adding the new accounts to mobile devices.

Default Mail Android

  • Open Settings.
  • Tap Users & Accounts.
  • Tap Add Account.
  • Tap Exchange.
  • On the "add your email address" screen, enter your full email address ([email protected]).
  • Tap Manual Setup.
  • Enter the following information:
    • Domain – verify "\[email protected]"
    • Password: enter your WebAccess password.
    • Server: outlook.office365.com
  • Tap Next.
    • Your phone will display Verifying for approximately five seconds.
  • Tap OK on the Remote Security Administration verification screen.
  • Tap Activate this device admin app.
    • You will receive an on-screen confirmation: Your account is set up and your emails are on the way.
  • Tap Next.
  • By default, Mail, Contacts, Calendars and Tasks will be enabled.

Default Mail iOS

  • Open Settings.
  • Tap Accounts & Passwords.
  • Tap Add Account.
  • Tap Exchange.
  • Enter your PSU email address "[email protected]"
  • Enter the description for this account (Examples: PSU, Penn State, O365)
  • If you are running iOS 11 or later please do the following
    • Tap "Sign In"
    • Sign into WebAccess as you normally would
    • Select what pieces of your account you would like to sync (Mail, Contacts, Calendar)
    • Tap Save
  • If you are NOT running iOS 11 or later please do the following
    • Tap "Configure Manually
    • Server: outlook.office365.com
    • Domain: [leave blank]
    • Username: [email protected]
    • Password: should already be filled in
    • Tap Next
    • Your phone will display Verifying for approximately five seconds.
    • Select what pieces of your account you would like to sync (Mail, Contacts, Calendar)
    • Tap Save

Outlook Apps for Android/IOS

  • Download Outlook from the Play Store/App Store
  • Press the Outlook App and Click get Started
  • Type in your PSU email and select "Add Account"
  • Log into WebAccess

Faculty, Staff, and students at Penn State have the following storage solutions available to them. Below we will highlight the storage solutions offered and the storage solution that is recommended by the Carrara Education Technology Center

At this time it is CETC's recommendation to store all data from this point forward in OneDrive. OneDrive mounts as a network drive and only downloads files as you use them. OneDrive also integrates as the default destination for Microsoft Office applications on Windows and macOS.

How to protect the information you work with depends on its classification.

University Policy AD95 outlines the different information classification types and the security controls you are required to use for each of them.

There are four different types of information classification: Restricted, High, Moderate, Low.

If your unit processes or stores High or Restricted information, you must have an Authority to Operate (ATO).

If you have questions on what kind of data you have please visit the Information Classification Tool site or contact CETC

Listed below are the current storage solutions offered at PSU

 

  OneDrive SharePoint Google Drive Kaltura U-Drive
Distinguishing Features Personal Cloud Storage Shared Cloud Storage Easy access to Google Docs, Slides and Sheets files Video capturing tools for podcasts, or classrooms with editing capabilities  
Available To

Faculty
Staff
Students
Emeritus

Faculty
Staff
Students
Emeritus

Faculty
Staff
Students
Faculty
Staff
Students
Faculty
Staff
Students
Access Browser
Desktop
Mobile
Browser
Desktop
Mobile
Browser
Desktop
Mobile
Browser
Desktop
Mobile
Browser
Quota Unlimited
(5 TB to start 25TB increments)
Unlimited Unlimited Unlimited 1 GB
(Can be increased when the limit is reached)
Individual File Size Limit 250 GB 250 GB 5 TB Unlimited Unknown
Cost Free Free Free Free Free
External Collaborators Yes Yes Yes No No
Level 3-4 Data No Yes (Enclave SharePoint) No No No

How to Delay or Schedule Email in Office 365

Outlook on the web

  1.  After composing your message, select the dropdown menu next to the Send button at the bottom of the message (next to Discard).

  2.  Select Send later:

  3.  Select the date and time you'd like the email to be delivered and click Send.

  4.  Video Demonstration – Screen Capture

Outlook for Windows

  1.  After composing your message, click the Options tab.

  2.  In the More Options group, click Delay Delivery.

  3.  Under Delivery options, check the box for Do not deliver before, and select a date and time.

  4.  After you click Send, the message remains in the Outbox folder until the delivery time.

  5.  Video Demonstration – Screen Capture

Outlook for Mac

  1.  After composing your message, select the Down Arrow next to Send.

  2.  Select Send Later.

  3.  Use the Dropdown Menus to select the date and time you wish to have the email delivered.

  4.  Select Send.

  5.  Video Demonstration- Screen Capture

Apple Mail

Apple Mail currently does not have the Send Later function built in. If users want to utilize the Send-Later function, then it is recommended to use Outlook.

Centralized Computer Equipment Purchasing

Why Centralize Computer Equipment Purchases?

A. We see this as a service to faculty and staff to provide them with the best equipment based on the staff or faculty members’ needs.

CETC can help employees choose the best piece of equipment to accomplish IT goals and ensure that the equipment comes with all the necessary software, features and warranties in order to serve the employees’ needs and comply with PSU’s network/IT security policies.

B. PSU has purchasing contracts with Dell and Apple.           

PSU has a business relationship with DELL and Apple that allow us to purchase equipment specifically designed for higher education at a reduced rate.

C.     We can provide a streamlined process.

CETC will streamline the computer purchasing process so that the employee doesn’t need to go to multiple staff to purchase equipment and he/she won’t need to walk it down to the CETC to be programmed when it arrives.  CETC will work with faculty and staff if they have any special software or preferences during the computer quote, purchase and set up process.  Once the equipment is ordered and arrives, the employee will be contacted to pick up their new equipment, which will be fully programmed and ready for use.  This process will be quicker and more organized than the current process.

D.    Centralized purchasing will allow a systematic approach to keeping an equipment inventory and life-cycle management.

We will be able to systematically inventory all of the College’s computer purchases.  Our Finance Office currently conducts an annual audit of all computer purchases under $5,000.  The life cycle for all systems is 4-years with a 3-year written exemption due to a specified requirement or need.  This will make the audit process much easier and require less of the department staffs’ time during the annual audit.  Also, by keeping a central inventory, we will be able to pull data to show us when faculty and/or staff will be due for equipment renewal and we’ll be able to plan for better uses within the college of old computer equipment that may need upgraded, but still works.

 E.     We will be able to provide Department Heads with data that helps with IT budget planning.

This process will help forecast IT budget needs so that these costs can be built into operating budgets during our annual budget planning process.  We will be able to provide reports showing how many pieces of equipment are at the end of their life cycle and give an annual estimate of how many machines may need to be replaced each fiscal year.  Department staff will no longer need to keep logs and/or complete this process for you, freeing up time for them to work on other duties.

How will the process work?

A. The employee who would like to purchase the equipment will go to the CETC website and open a helpdesk ticket with CETC to get a quote, specifying what type of equipment they would like and the budget to be charged.  Faculty and staff should have permission to make this purchase before starting the process.

B. CETC will obtain a quote from the appropriate vendor and will email it to the employee for approval.

C. Once the quote is complete, approved, and the budget is provided, the CETC IT staff will forward the quote and budget information to the Finance Office.   FO will forward the email to the Dept. AA if the budget being charged is a general fund to confirm that it’s been approved at the dept. level.  We realize that we may receive the quote/request to purchase from the Administrative Support Coordinators within the Departments in many cases.  If this is the case, we will not need to request approval from the dept. for purchases under $5,000 and will assume the Administrative Support Coordinator has already worked with the Dept. Head to ensure the purchase approval.  Any items over $5,000 will be entered by the FO in SIMBA and will follow the normal purchase approval process through SIMBA. (there will be no change in the approval path for any purchases due to this new purchasing process)

D. Once the purchase is approved, FO will place the order and charge the appropriate budget.  FO should be able to place the order the same day that it receives approval from the dept. but we ask that employees expect a two-day order turnaround during high volume times at the beginning of the academic year and end of the fiscal year.  All computer equipment purchases will be shipped to the CETC.

E. When the equipment arrives at CETC, it will be scanned and entered into our electronic inventory system by CETC staff.

F. Once the equipment is scanned, the CETC staff will load the appropriate software and will notify the employee upon completion via email that they can pick up their computer.

G. Client pickup requires confirming a secure logon, answering any user questions, and demonstrating the preferred methods deployed by CETC in the care and feeding of their College-owned system and or mobile device.

 

Below is a list of items that must be processed through the Help Desk Ticket system.

It is highly recommended that all request for equipment come through the College of Education Help Desk staff and Ticket system at http://help.educ.psu.edu

Summary

  • Any hardware, software & Licensing over $100 is required to come through the College of Education ticketing system.
  • Consultation is always available and recommended.

A. Required - Equipment List (Any and all equipment that can be digitally authorized, registered and managed)

  1. Computers (All forms)
  2. Laptops (All forms)
  3. Tablets (All forms)
  4. Mobile device (All Forms)
  5. Some digital watches if they can be managed and registered.
  6. Large Hard Drives over 1Terabyte
  7. Large Format LED/LCD Displays
  8. Any kiosk or standalone type system: Horizontal, wall mounted or vertical in orientation
  9. Any Web-enabled devices: Camera, Video Cameras, Digital Cameras, AMX or Crestron consoles.
  10. Any wireless device: Wireless Access Points (APs).
  11. Printers
  12. Storage systems
  13. Servers – virtual or other
  14. Storage systems for any of the listed items above
  15. Security systems or card access devices


B. Not Required - Equipment List

  1. Keyboards
  2. Mice
  3. Mini flash drives

 

C. Exemptions 

Certain research projects may not require an accounting or inventory of equipment pre, mid, or post-award. In these cases working with the IT staff may not facilitate the business needs. 

College of Education IT Policies

Least User Privilege (ed-lup-01)

What is Least User Privilege?

the principle of least privilege reduces security risk by requiring all users, even those who have been granted administrator privileges, login with access only to the information and resources that are necessary for meeting a legitimate purpose. The principle of least privilege is widely recognized as an important design consideration in enhancing the protection of data and reducing risk across the enterprise.

Rationale:

Computer security is the primary driving force behind this change in user account management procedures. In recent years, malicious behavior (hackers) have significantly increased their ability to compromise systems, making these systems participants in illicit activities, and/or making them vulnerable to harvesting of institutional data or intellectual property. The majority of daily business related computer operations do not require administrator (privileged) account access because few individuals need to install or update applications every day. Furthermore, there are a significant number of administrative computing users that cannot point to any business reason for having administrator control of their computer.

Why the Change in Operating Philosophy?

It is true that most systems within the College were originally configured to allow all users to administer their computer, but this was in a time when computer hacker undertaking malicious behavior were not as sophisticated and able to remotely install detrimental software as easily as they can today. Unfortunately, even relatively benign and official/well-known web sites can unknowingly have been compromised and may contain malicious code that automatically downloads and installs when a user simply visits the site and selects what appears to be a valid web page link. The downloading and installation of malicious code happens in the background; so, unsuspecting users have no idea that their computer has been compromised. A compromise can be anything from installation of software that harvests data from a disk, monitors keystrokes, to enrolling the computer as a "BotNet" relay, and leveraging these captured devices to create a denial of service attack on key internet service providers, businesses and research institutions including Universities.

How does "Least User Privileges" Affect Daily Operations?

The short answer: very little. All users can perform their normal business functions without noticing anything different. However, a user cannot install software on their computer while operating in this mode; the benefit is that both hackers and users are prevented from inadvertently downloading and installing a malicious application from the web, infected USB devices and or Flashdrives, etc.

How may Individuals Install Software if Least User Privileges are enforced?

If an individual has a valid need to install software on their computer, there are generally two ways:

  1. If the user is approved to run a second local account with administrative privileges on College owned WinOS device 
  2. If the user has a valid license and uses a College owned MacOS device they can use the Managed Software Center
  3. Submit a Help Ticket
  4. Request one of the Information Technology Staff to remote in and assist. You must have a valid license.

It should be stressed that the use of Administrator Account privileges should be restricted to those individuals that require this type of access. Operating computers in a least privilege mode is a best practice for everyone; users should never routinely operate their computer in an Administrator Privilege mode. 

Are There any Issues with Migrating to a Least User Privileges Account?

Some applications may encounter problems when a system runs in the least privilege mode. Most of these problems have been successfully addressed by modifying the permissions for the folders used by these programs. For the very few programs that must run with administrative privileges, commercial utilities are available to allow these programs to run with system level privileges while the login account continues to run in Least User Privileges mode. Example: Managed Software Center for MacOS.

Final Observation:

While this change in computer operating procedures protects against many threats, users must still be diligent in how they manage their system because the hacker community continues to invent new and ingenious techniques to compromise existing security measures.

College of Education Policy on Least User Privilege:

It is the policy of the College of Education that all computer users log in for day-to-day access using accounts that do not have administrative privileges. Users who have a frequent need to install software or who daily engage in specialized activities that require administrative access may be assigned a different account with administrative privileges. This person must submit a user exemption form, including significant justification, to the Associate Dean for Research, Outreach, and Technology in the College of Education. The user exemption request can be found as a drop down option when submitting a help ticket under Technical Support - Software - Admin Rights Exemption. The user acknowledges and understands that performing higher level functions correlate with the added responsibility and accountability for related or associated security issues.

1 Source: 1 April 2009, Electronic and Computer Services, cdcadm/computing/090331 Least User Privileges.docx, College of Engineering, Authorized by: wjb, Rev. May 14, 2014, Rev. Nov. 3, 2016

Acceptable Use Policy (ed-au-01)

1.0 Purpose

The purpose of this policy is to outline the acceptable use of computer equipment within the College of Education. It is the responsibility of every computer user to know these guidelines and conduct their activities accordingly.

2.0 Scope

This policy applies to all users and all equipment that is connected to the College of Education network. Users are defined as full-time or part-time permanent staff, temporary staff, student interns, work-study students, graduate students, guests, and alumni.

3.0 Policy

3.1 General Policy

Identifiable, sensitive or vulnerable information must be encrypted. (For details, see the College Confidential Data Policy ed-cd-01.) For security and network maintenance purposes, authorized individuals within the College of Education may monitor equipment, systems and network traffic at any time (See the College Account Audit Policy ed-aa-01).
The College of Education reserves the right to scan and audit networks and systems on a periodic basis to ensure compliance with this policy and University policies.

3.2 Acceptable Use Terms of Agreement

The user must be knowledgeable of and agree to abide by the conditions set forth in the following Penn State policies: AD-11, AD-20, AD-23 and ADG-01.

  • AD-11: University Policy on Confidentiality of Student Records
  • AD-20: Computer and Network Security
  • AD-23: Use of Institutional Data
  • ADG-01: Glossary of Computer Data and System Terminology

In addition:

  • The user understands that Penn State computers and network resources are provided to advance the mission of the University and their use for inappropriate, illegal, or profit-making enterprises is not permitted.
  • The user understands that, because computer skills that are valuable in the workplace are often developed after work hours while people work on such things as digital photography, digital movie making, and podcast creation, these activities are encouraged and may be conducted on Penn State computers, but activities of a personal nature must be conducted outside of the normal work day.
  • The user understands that when physically connected to the College network using a Penn State owned computer they will need to accept the following warning to advance to the login screen:
  • "This computer is property of The Pennsylvania State University. Its use is reserved for persons authorized by Penn State University College of Education and is governed by Penn State security and acceptable use policies; including AD-11, AD-20, AD-23 and ADG-01."
  • The user agrees not to share any account passwords, nor allow another user to access a computer under his or her credentials.
  • For each account, the user agrees to adhere to secure password criteria and comply with the requirement for periodic changes.
  • The user agrees not to attempt to obtain or view any electronic institutional data that is not intended for use in her/his job function.
  • The user agrees not to introduce malicious code into departmental computer systems, either as a result of willful intent or as a result of the user's unsafe electronic mail practices.
  • The user understands that use of the College of Education network account constitutes his/her continued agreement with the conditions set forth above. If the user chooses not to comply with this agreement, s/he will cease using the account and immediately notify the College's Education Technology Center office by telephone, electronic mail, or in writing. Upon receipt of the notification, the user's account(s) will be disabled. The account will be terminated in 3 months if no further communication regarding the status of the account is received. Data deleted after 1 year.

3.3 Email and Communications Activities

The user agrees not to engage in the following activities:

  • Sending unsolicited "junk mail" or other advertising material to individuals who did not specifically request such material (email spam).
  • Any form of harassment via email, telephone or paging, whether through content, language, frequency, or size of messages.
  • Unauthorized use, or forging, of email header information.
  • Solicitation of email for other email address, other than that of the poster's account, with the intent to harass or to collect replies.
  • Creating or forwarding "chain letters" or "pyramid" schemes of any type.
  • Posting identical or similar non-business-related messages to large numbers of Usenet newsgroups (newsgroup spam).

4.0 Enforcement

Any user found to have violated this policy may be subject to disciplinary action by their Administrative unit, the College, and/or the University.

5.0 Revision History

 

_________________________________
Please sign and deliver to 201 Chambers

 

______________________

Date

Disaster Tolerance Response (ed-dt/r-01)

1.0 Purpose

The purpose of this policy is to document the processes and responsibilities of the College faculty and staff in responding to security incidents disaster recovery (security compromises, virus infected systems, and events that render one or more network closets inoperable). This policy is intended to provide all users of College-based personal computers, servers, and networking hardware with information pertaining to how the Education Technology Center and the University Security Operation Services are expected to respond in the event of a system compromise or disaster within a College-operated network closet. 

2.0 Background

2.1 Incident Response

Incident response applies to the actions taken at all levels within Penn State University when a user's computer or any server is compromised for one or more of the following reasons:

  • Compromise by brute-force attacks from inside or outside the College.
  • Downloading of any virus that threatens continuous College communications and computing services.
  • Connecting any non-patched or compromised system to the College's hardwired or wireless network.
  • Participating in any computing practices that are unlawful, against College or University computing policies.
  • Participating in any computing activities that prevent or have the potential to prevent others from carrying out the College's academic and administrative missions.

Incident response also applies to any reported or discovered illegal activities on any computer used on University premises, where illegal activities are defined by University policies and laws established by local, state, or federal governments.

2.2 Disaster Tolerance/Recovery

Disaster Tolerance and Recovery are two distinctly different issues. Disaster Tolerance applies to actions taken by the College, a department, and users to insure that computing operations and network services are maintained or at worst case, gracefully degraded and terminated during a disaster. Disaster Recovery are those actions taken by the College, departments, and users to recover from events that render computing operations and network services inoperable. Events that initiate actions to maintain or restore computing operations and network services include but are not limited to momentary/long-term power outages, hardware failures, fire, natural disasters, and malicious attacks that render servers or systems inoperable or degraded.

3.0 Scope

All College departments, centers, and operational units are responsible for developing and implementing Disaster Tolerance/Recovery plans.

4.0 Policy

4.1 Incident Response

Any desktop, laptop, workstation, server or other network capable device found or suspected of violating any College or University policy focusing on ensuring secure and safe communications and computing will summarily and immediately be disconnected from the College of Education's and University's data backbone.

Users will be notified as quickly as possible of such action once the Education Technology Center or University Security personnel are satisfied that a real or potential threat to other users or the Internet in general has been mitigated. Individuals at any level (users, the Education Technology Center, and University Security) have the obligation to report any real or potential computer operational activities that may detract from normal computing activities.

4.2 Disaster Tolerance/Recovery

4.2.1 Disaster Tolerance

Disaster Tolerance is a result of planned actions, policies, hardware deployments, and any other efforts aimed at preventing limited to momentary/long-term power outages, hardware failures, fire or natural disasters from causing long-term disruptions of College academic or administrative activities. The Education Technology Center assumes the responsibility for Disaster Tolerance in networking operations throughout College and Univeristy-maintained Telecommunications Closets. The Education Technology Center is also responsible for these activities as they relate to maintenance and operations of core College servers (e.g., email, web, data, etc.) and departmental servers maintained by the Education Technology Center personnel.

In an effort to achieve Disaster Tolerance within the aforementioned operations and services, the Education Technology Center has implemented the following procedures:

  • Maintains spare components for critical networking hardware operations (as budget permits)
  • Maintains spare components for critical servers (as budget permits)
  • Provides and maintains Uninterruptible Power Supplies (UPS) for network equipment deployed in Telecommunications Closets maintained by the College
  • Provides and maintains UPS for all core College servers and departmental servers maintained by the Education Technology Center
  • Mirrors College email servers and deploys them in a secondary Telecommunications Closet so that they can assume email services in the event of a primary email cluster failure
  • Provides and maintains at least two months of data backup for core TSM backups for all College and departmental servers maintained by the Education Technology Center.


4.2.2 Disaster Recovery

Disaster Recovery encompasses all those activities and steps necessary to restore personnel and system services that have been interrupted by an unforeseen event(s) that may include but are not limited to momentary/long-term power outages, hardware failures, fire, natural disasters, and malicious attacks that render servers or systems inoperable/degraded. It necessarily includes making plans to relocate personnel in order to effectively reconstitute personnel and system services along with academic and administrative services.

It is neither economical nor practical to maintain 100% redundant hardware in preparation for any and all potential disasters. Therefore, as soon as conceivably possible and approved by appropriate University or other authority, the Education Technology Center personnel will enter building Telecommunications Closets for the purpose of assessing damage and serviceability of network hardware and core/departmental server effected by a disaster. All equipment will be inventoried and categorized according to its serviceability. Steps will immediately be taken to procure and receive replacements for unserviceable equipment.

  • In the event that offices and equipment used daily by the College's networking, computing and training personnel are rendered uninhabitable, personnel will work from their homes or other locations where connectivity is available.
  • Office or laboratory lab space will be made available to displaced personnel based on a separate agreement made by the Facility Manager, the College's Associate Dean for Technology (IT Director)
  • Replacement computing assets will be made available through emergency local purchases.
  • The IT Director will work with the College's Financial Officer to establish emergency procurement procedures.

In the event of a minor disaster such as a long-term electrical power outage, the Education Technology Center will work with the College's Facilities Coordinator and the Office of Physical Plant (OPP) to have power generation equipment installed to restore critical networking services. Naturally, this process assumes that a building remains serviceable and is approved for use by OPP or the appropriate authorities.

Reconstitution of networking operations and computing services will receive the highest priority. Initially, only that equipment and tools that are absolutely required to support reestablishment of reliable/sustainable services will be procured under the aforementioned emergency procurement process.

Departments are responsible for establishing and implementing Disaster Recovery policies and procedures that will enable them to reconstitute operations and continue their academic and administrative missions.

5.0 Incident Response Enforcement

University Security Operations (SOS) personnel have the right and responsibility to identify and take immediate action to curtail any computing operation that violates University Policies. They have the right and responsibility to intentionally or randomly scan any systems on the University's backbone. Furthermore, they have the right and obligation to summarily curtail a system's computing activities that disrupt or are suspected of negatively impacting secure computing activities on University property or beyond.

Education Technology Center personnel have the right and responsibility to identify and take immediate action to curtail any computing operation that violates College or University Policies. They have the right and responsibility to intentionally or systematically scan any systems on the College's network. Furthermore, they have the right and obligation to summarily curtail a system's computing activities that disrupt or are suspected of negatively impacting secure computing activities on College, University or beyond.

Illicit and illegal activities are forbidden on the College and University networks. Illicit activities are those which are expressly prohibited by Department, University and/or College policies and are not illegal as defined by local, state, or federal laws; they include but are not limited to operating business for personal gains. It is the responsibility of a department head to ensure that individuals within their departments abstain from such practices. Should someone outside or within the department report such activities to a department head or the Education Technology Center, it is the Education Technology Center's responsibility to advise the offending party of the offence and to ensure that all remnants of such activities are removed immediately from the College's network and the computer or server on which it resides. Questions concerning illicit activities may be directed to the Information Technology Manager, at 865-0474 and the University's Security Officers at [email protected].

Illegal activities are those that are contrary to local, state, or federal laws. Anyone becoming aware of such activities must immediately contact the College's Information Technology Manager, at 865-0474 and University's Security Officers at [email protected]. No further actions are to be taken at the department level until and when either the Information Technology Manager or the University Security Officer notifies the department head. No one in a department is to discuss their knowledge or suspicion of illegal activities with individuals suspected of participating in such activities; this is ultimately the responsibility of the University's Security Officer (SOS).

Any faculty or staff member has responsibility to identify and take immediate action to curtail any computing operation that violates departmental, College or University Policies. At the department level and other than prescribed above, faculty, staff and students are explicitly prohibited from scanning systems on the College's network or University's data backbone.

Faculty, staff or students that have a compromised or suspected compromised system identified, which is owned by Penn State, are obligated to repair the system or refer the system to the Education Technology Center for repair.

Faculty, staff or students that have a personally owned system identified which is compromised or suspected of being compromised, are obligated to repair the system immediately.

In either case, systems must be validated as having been patched with the latest operating system (OS) updated and cleansed of any virus-laden or disruptive software before being reinstated on any Penn State network.

6.0 Revision History

Rev. 5-3-2016, David Cochrane

Addendum to be added under 4.0 Policy, 4.1 Incident Response

4.1a The following procedure outlines the College’s initial response to a local security incidence and reporting out from the College Carrara Education Technology Center (CETC) to the Office of Information Security (OIS) is as follows.  

CETC’s internal procedure requires communicating locally discovered incidents and reporting them via email to the following email locations in the Office of Information Security (OIS).

This procedure allows CETC and the OIS to react quicker when communicating discovered incidents. This provides a communication feedback loop on all incidents generated from the College or to the College by OIS to the College IT persons through current systems. In addition it provides a means of reporting out on local incidences.  Once reported OIS will create a ticket in their ticketing system (SNOW) to address the nature and outcome of the challenge.

College of Education IT Guidelines

Firewall Guidelines

1.0 Documentation

The purpose of this Penn State University, College of Education (CoE), and Firewall guideline is to establish best practices in the use of port-level security on all networked devices (networks, Switches, servers, laptops, wireless configurations, mobile systems, and services) within our College LAN. These guidelines are necessary to preserve the integrity, availability and confidentiality of Penn State University College of Education devices and data. Any questions or comments about this document should be directed to the Office of Associate Dean for Research, Outreach, and Technology.

2.0 Change Management

There is one managed checkpoint firewall appliance for the College.  The firewall rules are required by Penn State and The College of Education to provide appropriate safeguards and access to College systems and data. Restricting certain specific ports allow us to comply to governmental, state, and local IT policies while effectively directing traffic, used for business purposes, to the appropriate devices and data on our LAN.

2.1 Organizational Structure

Penn State Telecommunications and Networking Services (TNS) provide the College’s Checkpoint Appliance and related Services.

College maintains the rules sets in collaboration with the TNS Firewall Manager. This collaboration includes the request for new rules, additions, change. At regular intervals review and refresh of the College’s rule set will be scheduled.

2.2 Responsibilities and Accountability

This policy applies to operators of college owned servers or networked devices that communicate with Penn State University Enterprise networks.

Listed below are the minimum guidelines in managing our firewall service

  1. All requests for a rule must be requested through the CETC Ticket system. After review by the Systems Administrators a Firewall Request Form is submitted to TNS.
  2. TNS: Authorization and verification are provided via email to: [email protected]
  3. Revised of changes Firewall rule set is provided after each change to the College Firewall Service.
  4. Only College (CETC) Systems Administrators may request Firewall changes as needed. (See  #1)
  5. Request for Firewall Rules Form requires this format:
    • Request:
    • Priority: 
    • Reason for Change: 
    • Firewall Name: Chambers-FWO1
    • Create New Rule: 
    • Source: 
    • Destination:
    • Ports:
    • Action:
    • Track:
    • Log:
    • Comments:
  6. Only authorized IT staff are permitted access to specialized core services, for example the Hyper-V server environment.
  7. IT will assure physical and logical topology is used (e.g. VLANs) to create network segregation, such as security zones, that prevent traffic from different asset types with different criticality form reaching each other. 
  8. IT will assure that all devices are locked down to specific IPs or a range of IP addresses and limited to only ports that are required. 
  9. IT will annually review all firewall rules to assure they are still needed and appear appropriate.  Additionally, IT will assure there is documentation as to whether the rule is permanent or temporary, and if temporary, set an automatic expiration or require the rules to be reviewed more frequently. 
  10. IT will log files. Files will be maintained for at least one-month online and one-year offline as required by the General Retention Schedule.

2.3 Monitoring

Procedures used on the firewall to detect security breaches and attacks

  1. IT will monitor procedures used on the firewall to detect security breaches and attacks.
    • Automated procedures: In conjunction with TNS, IT authorizes quick response to fixes, patches, updates, alerts, required to maintain the integrity of the College LAN and data.
    • Manual procedures: During manual auditing and review of the firewall rules IT will request necessary changes via the TNS Firewall Rules Form as needed.
  2. Monitoring will be performed on an annual basis.
  3. Logs will be proactively reviewed and for specific incident responses. (See 2)

3.0 References

Penn State Service Management Office: http://smo.psu.edu/documents.  College IT Guidelines and Policies, Information Technology Guidelines and Policies .

Disposing of Computer Equipment Guidelines

There are a few ways to dispose of your computer equipment depending on whether the old equipment will be recycled and used again within your department, sold to an employee who is leaving the University, or sent to Lion Surplus.  As you know, CETC and the Finance Office are working to centralize the processes related to purchasing and disposing of computer equipment.  By following the procedures provided below under the example, when disposing of any computer equipment, you will enable us to log all computer dispositions and/or recycle requests so that we can capture the complete life cycle of our computer equipment.  This will also help as we plan our annual equipment budgets.  

1. EXAMPLE:   You’ve purchased a new computer for Professor X and you want his/her old computer to go to a Graduate Assistant in your department.

  • You created a help desk ticket to purchase a new computer.  In the notes, you should let CETC know that the old computer will be recycled and used by a GA. 
  • When Professor X picks up his/her computer (laptop) at CETC, he/she should bring their old computer (laptop) so that CETC can prepare it for a new GA.  CETC will log the equipment as RECYCLED TO A GA and let the Admin. Support Coordinator (or the person who opened the original ticket) know the work is complete and it’s ready to be picked up.

2. EXAMPLE:  You’ve decided to get rid of some old computers that belonged to GA’s or that you feel can’t be recycled within the dept.  You want to send the computer to salvage but you are not purchasing a new computer to replace it. 

  • You create a DISP in SIMBA.  Check *Lion Surplus on the first page of the DISP form.  Complete all the other required information on the DISP and submit ti for approval.  After the Budget Administrator approves the document it will flow to the Finance Office, for approval.  They will decide if they would like to keep the equipment or any of its parts before sending it onto Lion Surplus.  If they decide to keep the equipment, they will instruct Facilities Coordinator to change the DISP to Loaned/Relocated and Facilities Coordinator will note the reason in the notepad. This may cause the form to resubmit to the Budget Administrator.  CETC will log the equipment as recycled within CETC for our records.  If CETC does not feel that the equipment can be re-used, they will let Facilities Coordinator know and this person will approve the DISP onto Lion Surplus.  

3. EXAMPLE:  Professor X is leaving the University and he/she wants to purchase his/her computer for personal use. 

  • Complete a DISP and check *Lion Surplus.  In the notepad, please note that the item is being purchased by the employee who is leaving.  You will need to work with Lion Surplus to calculate the value of the equipment and the employee will need to purchase the item from Lion Surplus.
  • When the DISP reaches Facilities Coordinator, this person will let CETC know that the computer equipment is being purchased by the employee.  CETC will log the disposition appropriately in their life cycle database and will remotely wipe the computer clean before it can be purchased.  (Lion Surplus can also do this.)  Please make sure you let the employee purchasing the equipment know that they will not have the current operating system or University provided software on the computer when they purchase it.  They will need to purchase an operating system license and any other software on their own. 

Mobile Device Guidelines

1.0 Overview

Mobile devices, including but not limited to, phones, tablets, and laptop computers, are becoming increasingly powerful and affordable. Their small size and functionality are making these devices ever more desirable to replace or supplement traditional desktop devices in a wide number of applications. However, the portability offered by these devices increases the risk that information stored or transmitted on them will be exposed. Penn State University and the College of Education allow personal mobile computing devices to be used for business purposes as long as those devices adhere to the guidelines as stated below.

2.0 Purpose

The purpose of this Penn State University, College of Education (CoE), and Mobile Device Policy is to establish best practices in the use of mobile computing devices. This process is necessary to preserve the integrity, availability and confidentiality of Penn State University College of Education data. Any questions or comments about this document should be directed to the Office of Associate Dean for Research, Outreach, and Technology

3.0 Scope

This policy applies to all mobile devices used to host any Academic and institutional data for the purpose and conduct of meeting some business obligation or need associated with Penn State.

3.0a Scope: College Owned

This policy applies to all CoE faculty, staff, and students and staff and individuals external to CoE who own or operate a college owned mobile device that communicate with Penn State University equipment and networks or stores data in any way.

3.0b Scope: Personally Owned

This policy applies to all CoE faculty, staff, and students and staff and individuals external to CoE who own or operate a personal device that holds Penn State data (such as email, files in Box) and is used to communicate with Penn State University equipment and networks or stores data in any way.

4.0 Policy

Listed below are the minimum guidelines when using a mobile device.

4.0a Policy: College Owned

Restricted data. Penn State University and CoE restricted data should NOT be stored on portable computing devices if it can be avoided. However, in the event that data can only be stored on a mobile device, the Penn State University Data Categorization requires that all "restricted" data must be encrypted using approved encryption techniques and password protected. All Penn State owned mobile devices will be registered so the device can be locked or wiped if lost or stolen. This is based on the best practice and resources currently provided by Penn State. In regard to sensitive data users are required to submit an Authority to Operate (ATO) for L3/L4 data. 

Configure mobile devices securely. Users will be required to register your mobile device with our Penn State Mobile Device Management (MDM) and Enrollment Service. All CoE new purchased mobile devices will automatically be enrolled. The enrollment service provides the following benefits:

  • It enables auto-lock with pin or passcode
  • It enables the use of a complex password (Recommended)
  • It avoids using auto-complete features that remember user names or passwords
  • It ensures that browser security settings are configured appropriately.
  • It enables remote wipe and lock in the event of loss or theft
  • It ensures that *SSL protection is enabled, if available.
  • It will provide VPP services. The Volume Purchase Program (VPP) provides application request and management on mobile apple devices purchased and owned by Penn State University. (See definitions)

4.0b Policy: Personally Owned

Mobile systems NOT owned by Penn State and CoE that require network connectivity must conform to Penn State and CoEs’ information security policies and procedures. See policy at: http://www.ed.psu.edu/for-current-faculty-and-staff/outreach-office/outreach-office-page

Restricted data:

The Penn State University and Data Categorization requires that all "restricted" data must be encrypted if on a mobile device. Once encrypted, a best practice in these cases is to use box.psu.edu as your secure data storage service. 

Configure mobile devices securely. Owners of mobile devices must passcode protect all devices that hold Penn State data (such as email, files in Box). Those who would like their personal mobile systems secured in the same manner as CoE owned devices can submit a request for this service at help.educ.psu.edu. 

The recommended enrollment service provides the following benefits:

  • It enables auto-lock with pin or passcode
  • It enables the use of a complex password (Recommended)
  • It avoids using auto-complete features that remember user names or passwords
  • It ensures that browser security settings are configured appropriately.
  • It enables remote wipe and lock in the event of loss or theft
  • It ensures that *SSL protection is enabled, if available.

Take appropriate physical security measures to prevent theft or enable recovery of mobile devices.

Purchase and enable tracing and tracking software (MobileMe, Computrace, FindMyMac, etc.).

Report lost or stolen devices immediately to the CoE Information Technology Help Desk. Remember to back up data on your mobile device on a regular basis.

5.0 Definitions 

VPN – Virtual Private Network is a way to securely transmit private data over a public network (wired or wireless Internet) using an encryption solution. Connecting to Penn State University, CoE network includes the following:

    • If you have a network capable device (ex. laptop) plugged into a Penn State University CoE wired network, and you are a “registered user” then you can connect to the “EDUC” LAN (local area network) and use our services.
    • If you connect from a remote location using a different SSID, with a network capable device, through the Penn State University VPN (virtual private network), using the option “ISPtoPSU” you can connect to the CoE “EDUC” LAN (local area network) services.
    • If you have a network capable device and connect using Penn State wireless SSID “psu” you can connect to PSU network services.

VPP - The Apple Deployment Programs consist of three programs.  The Volume Purchase Program (VPP) lets you purchase Apps store apps and books in volume.  The Device Enrollment Program (DEP) gets your institutionally-owned devices automatically enrolled in mobile device management (MDM) during activation without touching the device.  Finally, the Apple ID for Students creates Apple ID accounts for students under 13.

MDM – Mobile Device Management (mdm.psu.edu) There are many different aspects to mobile device management. The features of MDM vary based on the operating system of the mobile device. MDM primarily focuses on two components:

The automation of linking a mobile device with an MDM server

The management of installed applications and other settings via an MDM Server

SSID - An SSID is the name of a wireless local area network (WLAN). Wireless devices on a WLAN must employ the same SSID in order to communicate with each other.

SSL - (Secure Socket Layer) when enabled it allows for encrypted connections to be used.

BYOD - Bring Your Own Device (Normally called a “personal system” not owned or purchased by the organization for which you work.)

WLAN - A WLAN typically extends an existing wired LAN (local area network). WLANs are built by attaching a device called the access point (AP) to the edge of the wired network.

Data Categorization and Related Policies – AD71 Data Categorization; ADG07 Data Categorization Examples; ADG02 Computer Security and others. (See Guru.psu.edu)

References: http://smo.psu.edu/documents. Additional and supplemental policies are provided online at: IT Guidelines and Policies, Information Technology Guidelines and Policies. OIS - Office of Information Security (security.psu.edu) Travel Policy (http://guru.psu.edu/policies/TravelPolicySINGLEDOC.html) Please note sections regarding Export Controls and Compliance.

Moving Computer-based devices. Rev.0.0.3

 

This document is required for all who submit a “move” request in the College.  A ticket is required for “all” computer moves in the College.  (IT Equipment)

 

In most cases the user can move their own systems to the new location and place a marker or note on the system. The submitted ticket must indicate when, where and what is needed for the IT staff to setup, connect or reconfigure the moved system.

 

IT Technical Support request ticket system (Use College issued UserID and PW)

http://help.educ.psu.edu

 

Within a room in the College

  1. Move and plug in your equipment including the cable into the available data jack. 
  2. Enter an IT Technical Support request to activation of the data jack.

 

Within an office or department in the College

  1. Move and plug in your equipment including the cable into the available data jack. 
  2. Enter an IT Technical Support request to activation of the data jack.

 

From one department or unit to another in the same building

  1. Move and plug in your equipment
  2. Enter an IT Technical Support request ticket. The ticket should indicate what, where, when associated with the move. IP and subnet addresses will need to be changed to reflect your new location in the College. An IP address change may not be needed if the departments are in the same building.

 

From one building to another building within the College

  1. Schedule, if necessary, an OPP request to move equipment if it’s more than two or more devices or objects.
  2. Enter an IT Technical Support request ticket. The ticket should indicate what, where, when associated with move. IP and subnet addresses will need to be changed to reflect your new location in the College.

 

From the College of Education to a building or office in another academic unit

  1. Schedule, if necessary, an OPP request to move equipment if it’s more than two or more devices or objects.
  2. Enter a CETC Technical Support Ticket to request system backup or data swipe, before leaving the College.
    1. Notifications of this kind originate from the HR Office and follow the guidelines outlined in HR 102 (https://guru.psu.edu/policies/OHR/hr102.html)
    2. Contact your new IT staff in your new location for setup and connections within their domain. (Different College, Department or unit.)

 

Equipment related to research, testing or iRB, or related

  1. Unit must discuss move with IT prior to changes being made.
  2. Ensure any related information or forms are updated and re-signed as needed to reflect research or testing requirements for location of such equipment.