March 2008 IT News

It’s Time to Update Your Qwest Dex White Pages Listings!

Please submit your additions, corrections or deletions for the Qwest Dex 2008-2009 Salt Lake City White Pages. The deadline is April 25, 2008. Delivery will be in the fall of 2008. The University of Utah listings begin on page 213 in the business section of the 2007-2008 White Pages.

The listings under the University of Utah heading are paid for by Office of Information Technology (OIT) (listings under the University Health Care heading on page 212 are paid for by Hospital Telecommunications). Other listings your department may have in the White Pages business section (i.e., University Health Care physicians’ listings) will be billed to your department. The charge is $3.00/month per listing line. All changes should be made online at www.it.utah.edu/services/phones/qwestdex.html. If you have no changes, there is no need to submit the form.

Departments with extension offices or locations outside of Salt Lake City may want to take the time to review their White Pages listings in other local directories. If you anticipate changes or additions to these directories, please call Robin or Allyson (phone numbers below) so we can provide Qwest with that information. The online form is not for any directory changes other than the Salt Lake City White Pages.

The Dex Media representative will be contacting departments directly about your Yellow Pages listing(s). If you wish to advertise in the Yellow Pages, contact Beckie Penman at 284-5055 or send an email to beckie.penman@dexmedia.com. Please note, if your department has a listing in the Qwest DEX Yellow Pages, you will be billed directly from Dex Media. Your department will make the payment directly to Dex Media, also.

Please call Robin Horton in OIT at 585-7205 with any questions for listings under the University of Utah heading and related alphabetical White Pages listings. For listings under University Health Care, Moran Eye Center, UNI, University Health Care Community Clinics and physician and clinic alphabetical listings, please call Allyson Tanner in Hospital Telecommunications at 581-3879.

ACS Milestone: 10 Years Supporting ASUU Elections

by Starlee Holman

For the past 10 years, Administrative Computing Services (ACS) has worked to make elections for new ASUU representatives smooth and successful events. By having all voting available online, it allows as many students as possible to get involved.

It makes it “really easy to hurry and vote,” said David Martini, ASUU elections registrar.
Before ACS made voting available online in 1998, all ballots had to be cast in person. Polling stations were placed around campus where students could stop by and fill out a ballot after showing their student ID card. These processes required outside sources coming in and conducting the polls as well as counting ballots and announcing the winners.

After making voting available online, ACS continued to improve the voting system. “What I really like is that ACS does test voting to make sure everything runs smooth,” said Martini.
During orientation, the students running for ASUU office are asked to participate in a test vote. Though ACS runs multiple tests on the program, the team likes to double check that all students will be able to cast their votes without any difficulties.

“The test groups allow us to get a larger pool of different levels and types of students testing the voting system to make sure that it is working as it should each year,” said Jennifer Loudiana, ACS senior web coordinator.

This test then goes on to make sure that all ballots are consistent. “We take the results of the test and then compare them to the statistics that the system keeps to make sure the tallies are correct.” said Loudiana. This test also checks to make sure that students are getting the correct ballots when they log in to vote.

Voting was held March 12th and 13th through a link on CIS. More than 2,900 students participated. A re-vote for the College of Education is taking place March 25th and 26th.

Note: The following is part of a regular series on security from the Information Security Operations office.

To patch or not to patch?

That is the question. The majority of software vendors published a monthly patch schedule where they release updates to their software. These releases are often publicized in advance so that system administrators and users can decide which patches they need to apply and be prepared for them. Once you have the list of patches, how do you decide which ones you need?

Patches fall into 4 categories:

Patch Type	Description	Action
Critical	A Critical patch is a security-oriented patch rated Critical by the vendor of the software (Microsoft, Adobe, Oracle, etc.). The vulnerability the patch addresses can be exploited remotely, meaning over the network or Internet. Exploits for the vulnerability have been actively used, and there is a real danger of compromise. Failure to apply a patch like this can result in a hacked system, and loss of data or personal information is possible.	You should apply the patch immediately.
High	A High patch is also a security-oriented patch. All the conditions that make a patch Critical also make it High, except there is no evidence of an exploit for this particuclar vulnerability. Failure to apply a patch titled High can result in a hacked system and a loss of data or personal information is possible if an exploit is released.	You should apply the patch as soon as possible.
Medium	A Medium patch is also a security-oriented patch, however these types of patches only address vulnerabilities that can be exploited locally, meaning, an attacker needs to have local access to the machine. In other words, they need to be sitting in front of it. While vulnerabilities like this are important in an open environment such as the University, they are not as dangerous as having millions of people on the Internet having access to a flaw in your system. Failure to patch a vulnerability of this type could result in a compromised system and a loss of information, however the chances are much lower than those of a High or Critical vulnerability.	You should apply the patch when convenient.
Low	A Low patch includes all other types of patches. The software vendor has stated that the patch is not a security oriented patch (it might add new functions to a program, for example), it is not addressing any kind of vulnerability, and does not have any severity rating. Failure to apply Low priority patches can result in not being able to use new program features.	You can choose whether or not to apply the patch depending on your need for the new features.

Virus Updates

These, too, are considered a patch, and you should always keep your anti-virus software updated. The Software Licensing office has low-cost or free anti-virus software available to department IT administrators for machines they maintain and individual campus users for their home machines. See www.software.utah.edu.

To patch or not to patch?

Should no longer be a question. It is now the answer.