Skip to end of metadata
Go to start of metadata

 

 

Blog Posts

 

Just show me.. Featured Posts  -  Latest Features

Update Firefox Now!

Just as your operating systems need to be patched, so do your browsers. Mozilla recently disclosed a critical vulnerability in Firefox, and advises all users to patch it immediately:

If Firefox is configured to update automatically, patching is as simple as restarting your browser. Users should verify they are running at least version 72.0.1. For your reference Mozilla provides instructions for updating and verification here

Thanks to BigFix, IT User Support is able to identify vulnerable software running on LBL systems. If you wish to receive proactive communications regarding the health of your computer, you can Download BigFix and install it. If you have further questions about BigFix, please Request Help.

Lastly, users should follow IT Best Practices to ensure computer health.

IT Workstation Support has catalogued the recent issues users have encountered when upgrading their system to the latest macOS Catalina. They are:

  • 32-bit applications will not run on Catalina, see table below

Top 10 32-bit Applications in-use

Name

Quantity

Cisco VPN

277

Microsoft Word, what version?

163

Microsoft Excel, what version?

116

Microsoft Powerpoint, what version?

93

Identity Finder

79

mdworker32 (Office365 process)

65

Adobe Acrobat XI Pro (This software is out of compliance and must be upgraded to the subscription version, see Adobe Acrobat Pro DC)

64

Carbonite (This software is no longer the Lab’s enterprise backup software, see Druva inSync)

29

Adobe Application Manager

28

TextWrangler

28

  • Applications will request proper permissions to run

Application

Solution

Chrome Attachments

  1. Open System Preferences > Security & Privacy > Full Disk Access 

  2. Add Chrome

Chrome Remote Desktop

https://support.google.com/chrome/thread/16263096?hl=en

DisplayLink

Download and install latest driver (beta release), https://www.displaylink.com/downloads/macos

Druva inSync

  1. Open System Preferences > Security & Privacy > Full Disk Access 

  2. Add Druva inSync

Sophos

https://community.sophos.com/kb/en-us/134552#How%20to%20correct%20issues

Toshiba copiers fail to print with a “filter failed” error message

  1. Remove print object

  2. Download latest Toshiba drivers

  3. Right-click and install new Toshiba drivers, this will install in an elevated privileged mode

Zoom

On Mac OS 10.15 Catalina, you need to allow Zoom access to Screen Recording to share your screen. 

  1. Open System Preferences > Security & Privacy > Privacy > Screen Recording

  2. Check the option for zoom.us


As with any major operating system upgrade, users should always do the following:

  1. Perform a hardware assessment and check for compatibility

    1. Mac compatibility list - see https://support.apple.com/en-us/HT210222

    2. User must check with the hardware vendor for any external equipment

  2. Perform a software assessment and check for compatibility - users can check https://roaringapps.com/ for software compatibility

  3. Ensure you have all software licensing information if you need to reinstall software

  4. Perform a data assessment and backup all data

  5. Perform upgrade in place or from scratch

If you upgrade to macOS Catalina and something stops working, contact IT User Support at x4357 or email to help@@lbl.gov and we will be glad to help.

December 9th, the beginning of MFA enforcement for all staff, affiliates, and contractors is quickly approaching.


All LBL users must activate MFA for their Berkeley Lab enterprise accounts by this date, or risk losing access to email, LETS, and all other services protected by their Berkeley Lab Identity.


Visit go.lbl.gov/mfa to get started today.

As of Oct 17, 2019 Workstation Support is under guidance from LBL cybersecurity to remove CCleaner from all Lab systems.

Computers that have BigFix (Active Mode) installed will have a pop-up appear informing the user of the action and provide a button to click for easy uninstallation.

We are looking at other options to handle the functions that CCleaner provides, but in the short term, we need to remove it from all Lab systems. Workstation Support will be removing CCleaner beginning Friday, Nov 1, 2019.

Additionally, the free version of CCleaner cannot legally be installed on Laboratory computers.

CCleaner can be removed either via BigFix or via the Windows standard "Add and Remove" programs menu.

If you don't have BigFix installed on your system please see our IT Software Download Page at https://software.lbl.gov/.

If you need help removing CCleaner please contact the Help Desk at xHELP (x4357).

image.png


The LBL Indico instance (https://conferences.lbl.gov) was upgraded from v1.2 to v2.22 which provides a new interface and features in addition to bug fixes after being inaccessible from 10AM-2PM on Friday, September 27, 2019.

You can now log into Indico with your Berkeley Lab Identity credentials using single sign-on (SSO). The first time you login, you may notice a message letting you know it is the first time you have used this form of authentication to login.

This and other changes are highlighted in the Commons page here: https://commons.lbl.gov/x/FgGoCg

Just a reminder that on June 1, 2019, Malwarebytes was no longer being offered by Berkeley Lab IT.  Existing clients will continue to function, but will not receive updates. IT recommends that users uninstall Malwarebytes. This can be done manually, or users can wait until they see a BigFix Offer from IT, which will remove the application automatically. For further information, refer to our Malwarebytes FAQ site.

Berkeley Lab computers are constantly under attack, but what should we, as users, do to protect ourselves and our systems? According to research conducted by Google, users and security experts often have different ideas as to what the best steps are to be taken.

To make it easier, Berkeley Lab IT has developed a series of IT Best Practices that all staff should follow when using Lab computers. These best practices address the most important security recommendations, data protection, and performance optimization.

IT Best Practices include:

  1. Install BigFix on ALL computers. BigFix is used to help keep your operating system and common applications up to date. There is even a Passive mode that you can use if don’t want any updates done automatically. 

  2. To make sure that updates are installed, it is also essential that you REBOOT your computer regularly! BigFix will also tell you when your system needs a reboot.

  3. Use LastPass, a password manager which IT provides for free. LastPass makes it easy to make sure you always use strong, unique passwords.

  4. Enroll in the Lab’s Multi Factor Authentication (MFA) system. With MFA enabled, an attacker who knows your Lab password still won’t be able to log in.

  5. Familiarize yourself with the IT FAQ and Cyber Security websites. These sites are updated regularly with important information for users.

  6. Install Sophos on all workstations. Sophos is provided for free by Berkeley Lab IT.

  7. Use Druva inSync to backup your workstation data, $51/yr for up to 10 computers

  8. Use VPN when on public networks (including LBL’s Visitor Wireless) or on travel. It is a good idea to use VPN whenever possible while offsite.

  9. Clean up your computer

  10. Use Google Drive / Google Shared Drive / Google File Stream to store important or shared files.

As most people know, keeping your software updated is the number one thing you can do for cyber security.  What is less well known is how important this is on mobile devices, such as iPhones and Android devices. A recent set of vulnerabilities announced in iPhone devices both makes it a priority to update now and serves as a reminder of the importance of updating regularly. 

You can read more about newly accounced vulnerablities at https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html

There is good news, update and reboot your iOS devices now to ensure they are secure.

REFERENCE ARTICLE

This outage was resolved at ~2pm Aug 30. 

Prior Information Follows:

Outage: Intermittent DNS failures are causing slow network response times and intermittent application outages

General Impact: Our DNS servers are having trouble responding to queries.  The servers are having longer than normal response times for those queries to increase and some queries are failing.  These failures may manifest themselves as slow web pages, login failures, and slow server response times.
we are investigating the cause of the issue and will update you as we have more information


Status: Unscheduled

Resolved at approx 2:10PM Monday Aug 19

Prior Information:

A networking switch failure is impacting the following services:

Internal Telephone Calls to/from some buildings.

Inbound Telephone Calls to some buildings.

Verizon Coverage in Building 59

There is not an ETA for resolution at this time.


On August 13, 2019 Microsoft released a warning to update and reboot your system due to new Microsoft Remote Desktop Services vulnerabilities:

This affects the following operating systems:

  • Microsoft Windows Server 2019

  • Microsoft Windows Server 2016

  • Microsoft Windows Server 2012

  • Microsoft Windows Server 2008

  • Microsoft Windows 10

  • Microsoft Windows 8

  • Microsoft Windows 7

Berkeley Lab IT suggests all Windows users patch and reboot all systems immediately. Updates will also be released using BigFix for systems that were not patched through normal operations.  

Advice: Always keep your system and all software up to date and REBOOT at least once a month.

RELATED ARTICLES

Smartsheet is reporting that Smartsheet application, mobile app, and API are offline.  For more information please see: https://status.smartsheet.com/.


During the renewal process, Adobe made a provisioning error, which impacted the Lab’s Adobe DC Pro licenses. Adobe has acknowledged that this was their mistake and apologizes for the inconvenience.

To correct this error, and reactivate your Acrobat Pro DC license, follow the instructions below:

 Did you receive a message similar to those below?:

1)  Launch Acrobat Pro DC by clicking the Acrobat icon or selecting it from your product list.

2)  If Acrobat access is successful, Sign Out of Acrobat by clicking the (1) Help menu and (2) “Sign Out” (see image below):

3)   Otherwise, you should see the “Sign In Required” dialog box like the one below.  Click the blue “Sign In Now” button in the lower-right (see image below):


4)    You should see the login dialog box below.  If you know the Adobe ID that is associated with your Acrobat Pro DC license, enter the email address (typically your LBL email address) and your password.  If you don’t know your password, click on the “Forgot password?” link in the lower-right of the dialog box (see image below):

5)    If you clicked on “Forgot password?” you will see the forgot password box below.  Just enter the Adobe ID email address associated with your Acrobat Pro DC license (your LBL email address) and click the blue “Next” button and follow the instructions.

IF FOR SOME REASON THE STEPS ABOVE DON’T WORK OR DO NOT COVER WHAT YOU ARE SEEING, TRY THE WORKAROUND BELOW:

1)    Click on https://www.adobe.com/ or type it into your browser.

2)    Click the (1) Icon in the upper-right corner and then (2) click “Sign Out” (see image below):

3)    Then click “Sign In” and enter the Adobe ID that is associated with your Acrobat Pro DC license (typically your LBL email address) and your password.  If you don’t know your password, click on the “Forgot password?” link (see images below):

If you are still experiencing difficulties after completing these steps, please Request Help.   

Berkeley Lab Cyber Security has discovered bad guys exploiting Apple’s Remote Management service to conduct reflected denial-of-service (DoS) attacks. In response, they have temporarily blocked port 3283 UDP at the network border to prevent further abuse.  This should have no noticeable impact to anyone.  

What to do?

In order to protect Berkeley Lab computers from participating in this hostile activity, we require all users to disable Apple Remote Management Service.  To disable this service:

  1. In Apple Menu, select System Preferences
     
  2. Select Sharing
     
  3. Uncheck Remote Management
     

This change will not have any adverse effects for most users and in fact is the Apple default.  You can still use Apple Remote desktop and VNC to connect if you enable "Screen Sharing". If you believe disabling Remote Management will create an adverse situation for you, please contact security@lbl.gov

IT will use BigFix to prompt users to automatically disable the Apple Remote Management Service on all systems running in Active Management Mode. For systems in Passive Management Mode, a BigFix Offer will be provided for users to disable it manually.

              

BigFix can be downloaded from https://go.lbl.gov/DownloadBigFix. For any further inquiries Request Help.

Technical Details



LabTech Everyday Event Coming To You

You asked, we listened! We’re bringing LabTech to you!


Monday, July 22, 2019 @ 10AM
Outside patio between Bldg. 62 and Bldg. 66


Come see us to learn how IT can help you with all your computing needs. We will be offering no-cost consulting on:

  • Scaleable, cost efficient centralized IT services

  • High Performance Computing

  • Virtualization

  • Storage Solutions

  • Software Training

  • Desktop/Laptop/Mobile support

  • Backup and Multi Factor Authentication guidance

For more information, see scienceit.lbl.gov.


  • No labels