Security

Tulane Information Security

Passwords

Passwords should be changed every 180 days

Tulane makes every effort to protect your personal information and institutional data. In our efforts to maintain the highest level of security, we expire passwords every 180 days. If you receive an e-mail stating that your existing password is almost at its 180 day limit and will expire in less than 10 days, you need to change your password immediately. If you allow your password to expire, you will not be able to log into Tulane Enterprise systems or the Tulane network. Please create a new password by using the following link: https://password.tulane.edu

If you are concerned as to whether an e-mail is a valid e-mail, call the Technical Support and Network Operations Center at (504) 862-8888. Support analysts are available from 7AM – 7PM, Monday through Friday.

Password policy and guidelines can be found here.

Two Factor Authentication

Technology Services is implementing Duo Technologies Two-Factor Authentication (2FA) for all connections (from certain locations) to servers housed in the Data Center. This will become apparent when users try to make the connection via VPN.

The two-factors are (1) your existing log in credentials, user id and password, and a (2) the cell phone number that is listed in your personnel record. Please verify that your mobile phone number is correct in your employee record.

  • Log into Gibson online
  • Select Employee Self Service
  • Log in to EBS
  • Select Tulane Employee Self Service
  • Select Personal Information
  • Verify Mobile Phone
  • Log out

DUO uses a new URL for VPN access. Beginning October 12, users must connect with a DUO VPN connection: https://vpn.tulane.edu/duo

As a new DUO user, you will receive a text with an activation link. Unfortunately, we do not have every phone type registered in the DUO system. We strongly recommend finding your device from the links below and installing the app on your phone in advance of receiving the text notification. If your phone is not supported, the system will default to text messaging for the second factor instead of pushing the notification through the app. Once you have received your activation notification, simply follow the instructions on your phone.

If you have any problems once the application is installed and your phone is activated within the system please contact security@tulane.edu.

Duo Application (required) and Duo Push (recommended)

Contact security@tulane.edu for options other than those listed above.

 

Encryption

Full Disk Encryption (FDE) Enforcement

  • All workstations that contain or work with TUMG owned data are required to use Full Disk Encryption (FDE). Software used for full disk encryption will meet standards established by FIPS, HIPAA and HITECH and Tulane Information Security and will be available through and supported by Tulane Encryption Services.
  • Tulane owned data is subject to standards of security established by both internal policies and federal regulation. The importance of protecting this data is a liability of both the institution and the individual user of a workstation. Faculty and staff are required to verify they have been provided an encrypted environment and to contact Tulane Encryption Services if encryption software is needed.
  • Full Disk Encryption protects workstations in the event of loss, theft or mismanagement of resources by providing a layer of digital protection for computers at rest. Acts of negligence involving Protected Health Information by faculty and staff is subject to individual fines by the Federal government beyond those levied against TUMG. Full Disk Encryption mitigates or removes this liability for all involved parties.
  • Software used by Tulane must use the Advanced Encryption Standard (AES) as established by the Federal Information Processing Standard (FIPS) and will provide an audit trail established under the guidelines of the Health Information Portability and Accountability Act.

Device Standards

  • Devices that require Full Disk Encryption are required to meet minimum standards as set forth by both the vendor and Tulane Information Security. These standards will be available to Faculty and Staff for review and will include requirements for hardware, operating systems and expectations of a healthy computing environment.
  • The software vendor chosen by Tulane University to provide Full Disk Encryption will set the initial standards for both device hardware and operating systems needed for the application. These will be used as the baseline for the ‘Encryption Requirements Guideline.’
  • Augmentation of the provided baseline will be provided by Information Security to improve standards as needed. Such standards to be considered will include but not limited to minimum requirements of software and hardware, incompatible software and hardware, and unsupported Operating System upgrades or other new technologies.
  • Additionally, the ‘Encryption Requirements Guideline’ will establish the expectation of a ‘healthy computing environment requirement.’ This standard will identify factors considered hazardous for any device. These factors include but are not be limited to malicious software, lack of patching, out of date hardware or software and general disrepair.
  • Some tools and technologies require that legacy hardware or software be maintained beyond it’s End Of Life as established by the manufacturer. As related tools can be prohibitively expensive to replace, Information Security will make exceptions if no alternative can be found.
Encryption FAQ

Frequently Asked Questions

Below are the common questions the Information Security Office receives regarding Full Disk Encryption (FDE). Please contact us if you need additional information or have other concerns.

  • What is SecureDoc?
  • What operating systems are supported?
  • Will FDE slow down my machine?
  • Will FDE protect me from viruses and other malicious software?
  • Will FDE destroy all the data on my workstation?
  • Will FDE work with my self encrypting drive?
  • Will FDE work with bootcamp or dual boot technology?

What is SecureDoc?

  • SecureDoc is a comprehensive full disk encryption product that secures data at rest (DAR). It has two main components: the client software used to encrypt and decrypt data and the server software used to configure, deploy and manage laptop encryption, desktop encryption and server encryption and external devices encryption for an entire organization.
  • The SecureDoc client software uses a FIPS 140-2 level 1 and level 2 certified AES 256-bit cryptographic engine to encrypt data. WinMagic recommends that all drives be protected with full-disk encryption (FDE), container, and volume encryption can be used to supplement FDE on shared laptops, desktops and servers to add another layer of defence for classified data, and to encrypt data on external storage devices such as USB keys, CD/DVDs, and SD cards. The SecureDoc client software provides encryption capabilities on multiple operating systems (Windows, Mac, and Linux via SecureDoc OSA).

What operating systems are supported?

  • Securedoc 7.1 supports Windows: 7, 8, 8.1, 10 and OS X: Mountain Lion, Mavericks, Yosemite, El Capitan, Sierra (10.8, 10.9, 10.10, 10.11, 10.12)
  • While earlier versions of Windows are supported, the Information Security Office highly recommends Windows 7 as a minimum requirement for PC devices.

Will full disk encryption slow down my machine?

  • No. Encryption runs as a background task that uses negligable system resources. While the inital encryption process is taxing on computer resources as it is encrypting all data on your physical drives, subsequent encryption takes place as a normal operation of writing data to the physical drive.

Will full disk encrypiton protect me from viruses and other malicious software?

  • No. Full Disk Encryption’s only function is to protect the data on a computer if it becomes accesible by a third party who does not have the credentials to log on to the machine. The operating system itself acts as normal otherwise and should still run anti-virus software and requires the same concern from the customer when avoiding malicious websites and emails.

Will full disk encryption destroy all the data on my workstation?

  • No. Full Disk Encryption is a safe product meant to protect information at rest on a device if it is lost or stolen.
  • The Information Security Office highly recommends that all staff and faculty consult their department in regards to the required back-up and recovery strategy solution recommended for them.

Will full disk encryption work with my self encrypting drive?

  • Yes. SecureDoc supports SED technology as an escrow service of the drive encryption key. With key escrow we can offer support if your drive needs unlocking.

Will full disk encryption work with bootcamp or dual boot technology?

  • No. Full Disk Encryption requires an enviornment that allows it to manage the boot sequence in order to protect your data at rest.
  • The Information Security Office highly recommends that all customers consider virtual machine software to manage multiple operating systems. VMWare is available for free to staff and faculty through the e-academy website and Technology Services is able to provide valid licensed copies of windows for installation into a VM.

GRIT Contact Info

Phone: 504-988-2685

Email: sphhelp@tulane.edu

Address: Tidewater Building
Suite 1800
1440 Canal Street
New Orleans, LA 70112

Campus Mail Box: 8313