Windows 8 is not recommended for campus use at this time. However, if you have to support a Windows 8 portable device, it must be encrypted. At this time, BitLocker is available to accomplish this task on all Windows 8 portable devices that have a TPM chip and do not run on an ARM platform (such as a Windows 8 RT tablet). Windows 8 devices that run on an ARM platform or those that do not have TPM chips should not be used.
UAB Policy requires all laptop/portable devices owned by UAB or UAB businesses and all personal laptop/portable devices used for UAB business be encrypted. PGP, UAB’s current encryption tool, does not work on Windows 8 and Symantec has not yet set a support date for Windows 8.
BitLocker is an acceptable alternative to encrypt Windows 8 system drives in some circumstances. In the past, BitLocker has been recommended when PGP was incompatible with Windows 7 or specific BIOS versions. Systems that are currently encrypted with PGP should remain encrypted via PGP. UAB IT is currently researching BitLocker key management solutions and will issue further guidance as available, but in the mean time, BitLocker should be installed using the non-enterprise setup method below.
Non-Enterprise BitLocker Setup
Recommendations for using BitLocker
- Password set system BIOS
- TPM chip in the device
- You must take ownership of the TPM chip
- Before updating the BIOS, BitLocker must be suspended
- Escrow the key in some manner
- Professional/enterprise version of Windows
- Use a TPM + PIN authentication method
- System must be formatted NTFS with two volumes
Escrowing the key
With Windows 8, you may escrow the key in one of the following ways:
- Save the recovery key to a USB flash drive This method saves the recovery key to a USB flash drive. This option cannot be used with removable drives.
- Save the recovery key to a file This method saves the recovery key to a network drive or other location.
- Print the recovery key This method prints the recovery key, but it is not recommended.
It will be up to the department to maintain the escrow recovery keys.
• OSX 10.8 and Java 1.7.0_13
UAB IT’s minimum recommendations for versions of Mac browsers and Java have changed as UAB systems have improved functionality that are compatible with the current version of Java. UAB IT recommends installation of Mac OSX 10.8 and Java 1.7.0_13. Apple operating systems will not run any version lower than Java 1.7.0_13.
UAB IT is also recommending using two different browsers — one for surfing the Web and one just for accessing UAB systems. For Internet Web browsing, use one of the following: Firefox with Java disabled, Safari, or Chrome. For working with just UAB systems, choose a different browser and enable Java to work in it. If you run into compatibility issues with the local browser and UAB IT systems, use the IT terminal servers to access UAB resources via RDP client. For more information, contact AskIT.
•Upgrade to Windows 7
A large-scale project is underway to upgrade all university-owned computers on the UAB campus to Windows 7 by April 8, 2014. At that time, Microsoft will cease its support for Windows XP, which has been the operating system primarily used by UAB computers in recent years. As a result of Microsoft no longer supporting this operating system, XP computers will no longer receive security updates. This creates a greater chance of XP computers being infected by viruses or compromised by malware.
This leaves one budget cycle to accomplish funding of this project. Upgrading to Windows 7 for any system needing network connectivity should be completed by April 2014.
• Install IE 9 and the most recently released version of JAVA
We are updating our minimum recommendations for versions of Internet Explorer and Java as UAB systems have improved functionality to support newer browsers and the currently secure version of Java. Internet Explorer 9 and Java (latest release) are recommended for installation on Windows 7 systems.
• Windows 8 not currently recommended for use
As XP fades away, Microsoft has rolled out its newest operating system, Windows 8. The transition from XP has prompted some users to ask why IT doesn’t upgrade to Windows 8 instead of Windows 7. The answer is that Windows 8 is currently not recommended for widespread use in the UAB environment due to the following reasons:
- Currently, not all of UAB’s business systems support Internet Explorer 10, the minimum version of IE used by Windows 8.
- Windows 8 introduces management changes that IT is not yet ready to address.
- Windows 8 is best used on hardware that is specifically made for Windows 8, such as touchscreen displays or touchpads. Other than the touchscreen/touchpad functionality, Windows 8 possesses similar functionality to Windows 7 from an end user’s point of view.
- PGP (UAB’s approved laptop encryption tool) is not supported on Windows 8 laptops. A recommended alternative is Microsoft’s Bitlocker product. (See Bitlocker with windows 8 for more information)
The new voice mail platform was successfully implemented on November 15th, 2012. Archived messages were only available until December 15th, 2012.
Each ethernet device is assigned a unique hardware address by the manufacturer. Manufacturers are each assigned a range of addresses that they may use in their manufacturing, so that it is not possible for two vendors to assign the same address. These hardware addresses are called MAC Addresses.
You can search by MAC number to find out what vendor's hardware you are looking for. An interactive database is available from the IEEE for this purpose. You can also check Cavebear's list of Vendor Codes
Industry standard 802.11 a/b/g wireless data network providing access to the campus network and Internet. Access to the network requires authentications and authorization through the UAB enterprise directory.
Terms of service
All persons (including guests) utilizing the UABVisitor network are required to abide by relevant UAB policies, including the Policy for Acceptable Use of Computer and Network Resources (AUP). Guests must agree to the AUP when authenticating to the network. Any abuse of the service or UAB resources by a guest will result in termination of their access and potential suspension of the associated Allocation account where applicable. Additional setup or programming fees may be required for reactivation.
Unencrypted sensitive data should not be transmitted through the UABVisitor network. SSL and/or VPN is strongly recommended for most uses. Guests should expect that their contact information and any records of network usage activity will be made available to legal authorities if requested through appropriate channels.
Devices connected to the UABVisitor network should have all current OS security patches applied, and the use of personal firewall software is strongly recommended.
Each individual connecting to the UABVisitor network must be authenticated on a daily basis at minimum, with their own valid ID and password from the UAB enterprise directory. There is no option for shared, anonymous, or casual access.
In order to connect a device to the UABVisitor network, it is necessary to configure an SSID into its wireless adapter. The UABVisitor network is unencrypted and does not require an encryption key. Users are strongly encouraged to use SSL or VPN for sensitive data.
- Plan A: "Managed Allocation": Departments that routinely host short-term events such as continuing education classes, conferences, or sports camps. These events typically draw numbers of visitors to campus who request or require Internet access and can make use of Wifi capability.
- Plan B: "Ad-hoc Service": Departments that only occasionally host a visiting faculty, or vendor. These guests need Internet access temporarily and can utilize Wifi with their laptop in order make a presentation, contact company resources, or check their email.
Request Access and Provisioning
- Plan A: Guest Wifi Allocation account will be established which allows designated departmental staff to assign Wifi access for their visitors, through the use of an authenticated Web site at https://commservices.comm.uab.edu/guestwifi/login.aspx without ongoing requests to UABIT. The Allocation account will be provisioned with a maximum number of slots which can be in use at any given time.
- Plan B: Departmental finance officers and/or their designees can request Wifi access for a visitor on an as-needed basis, by submitting a service order to UABIT via an authenticated Web site at https://commservices.comm.uab.edu/guestwifi/login.aspx
- Plan A: Five business days to establish a new Allocation account, immediate guest access activation.
- Plan B: Immediate guest access activation
- Plan A: Setup fee of $20 per allocation account, and then $8.50 per month per available access slot
- Plan B: $1.50 per day per guest