Monday, April 20, 2015

Malicious Office Documents

Most state employees work with Office documents every day.  One class of Office capabilities that most state employees rarely use is macros.  What is a macro? A macro is an automated way to perform calculations, tasks, or even something as simple as recording a chain of keystrokes. Macros provide the means for taking long repetitive tasks and automating them with a simple click. Unfortunately there are ways that macros can be used maliciously.

Things to watch out for are:

  • Blank documents;
  • Documents that contain random characters or symbols; and
  • Documents from an untrusted source that prompt you to enable content/macros.

The following is a malicious Excel document with the suspicious objects marked in red (CLICK to enlarge image):


The following is a malicious Word document with the suspicious objects marked in red (CLICK to enlarge image):


Simply running a malicious macro will set off a chain reaction that will have your computer download malicious files behind the scenes, hiding everything as it infects your computer. Once the computer is infected, the sky is the limit for what malicious activities could be performed. Sometimes the infections will perform a variety of malicious tasks that could slow down your machine to a crawl affecting work performance. Other times the infection could be controlled by a human to retrieve sensitive files while watching your every move.

To prevent these activities, do not click on “Enable Content” when Macros are involved in the Security Warning (CLICK to enlarge image):



If you are unsure about the email please forward the message to both: Report Spam email and Nicholas Penning

Summary:
  • Don’t open documents from unknown users.
  • Watch out for suspicious file names.
  • Do not click on “Enable Content” unless you are certain the document is from a trusted sender and are confident of the document’s contents.

*A special thanks goes out to Nic Penning for providing the BIT Blog with this informational article!

Friday, April 17, 2015

BIT Staff Assist at SkillsUSA

SkillsUSA is an industry sponsored organization to promote technical skills for high school and postsecondary/college students that will help them be successful in their chosen careers.  There are a multitude of competitions across diverse disciplines of study.  For a complete list of the competitions please visit: http://skillsusa.org/competitions/skillsusa-championships/contest-descriptions/.  This year’s SkillsUSA state competition was held in Watertown, SD at Lake Area Technical Institute (LATI).  BIT staff assisted as two of three judges for the Internetworking competition.

There were a total of six students competing in the Internetworking competition, two first year students and four second year students, all from LATI.  The competition challenged students in four distinct disciplines necessary for success in an Internetworking career: network cabling, configuring network devices for end-to-end connectivity, taking a call as a remote technical support agent (referred to as the TAC call), and an online multiple choice exam.

Wayne Wayt of the BIT Network Technologies team judged the network cabling portion.  Students were tasked with constructing three common types of network cabling used in industry in 30 minutes, and all cables needed to pass both visual and technical inspections.  Two of the six students managed to complete all three cables, but only one did so successfully.

Andy Ogan, also of Network Technologies, returned to judge his fifth SkillsUSA competition, participating in the TAC call as the frustrated end-user seeking assistance.  In ten minutes, students needed to listen to the user describe the issue within the network, look at the network documentation provided, and guide the user through a series of diagnostic tests and troubleshooting steps to resolve the issue.  Students were judged on not only their ability to solve the technical components of the challenge, but their customer service skills, speaking and listening skills, poise, and handling of the call.  Most students scored well in the customer service portion of the task, but only one student successfully solved the issue in the allotted time.

At the end of the competition, medalists were announced.  The final scores gave the Gold to Dylan Hanten, Silver to Eric Wise, and Bronze to Devin Bagaus.  Dylan will be traveling to Louisville, Kentucky to compete at the national level of SkillsUSA, and we wish him the best of luck.



Thursday, April 16, 2015

Apple Watch

There have been a lot of headlines and discussions centering around Apple’s upcoming watch.  Of course Apple isn’t the first company to enter the emerging smartwatch market.  Samsung, Motorola and Asus have released smartwatches in the past year while Apple’s version, called the Apple Watch, went on sale April 15th.

Besides the standards you would expect from any smartwatch—a choice of watch faces, keeping time within 50 milliseconds—Apple promises other features to make their watch useful.  For example when communicating with friends or family, you’ll be able to send direct messages, send taps which they’ll feel, drawings you make, or even send your heartbeat.  In fact, like other recent smart fitness-tracking devices, Apple tells us that their watch will be able to track your daily routines and suggest life-style changes based on what it learns over time.

Of course beyond fun and fitness, Apple is planning multiple decorative and personalization options to suit each owner’s style.  Business partners will assuredly line up to make custom accessories as well. Other features that are expected include: Bluetooth technology, retina (or high definition) display, wi-fi connectivity, motion detection via a gyroscope, and a microphone to make or receive calls.  Additionally, the display will feature what Apple is calling a ‘Force Touch’ screen which is currently not available elsewhere in the smart device market—something new and interesting the market is eager to test out.  Lastly, the watch will be water resistant, assuring that no one sees their new investment ruined by the next rainstorm.

In staying with their historical use of third party vendors to develop custom applications to take their devices beyond their base functions and options, no doubt the new Apple Watch will see its most impactful and exciting uses emerge as the development community figures out what its mix of sensors and functions can do to make our lives easier and more fun.  It’s likely that only after these third-party applications are created, purchased, and fully vetted by an intrigued public will we truly know if the iWatch is something which will live past its initial release.

According to some, wearable technology is just a passing fad; they point to how “Google Glass—computerized eye wear” came and went as proof that wearable tech’s time has not yet come.  However, in the near term it appears there’s more than enough interest in the Apple Watch’s features for a lot of people to make the initial investment.  We are watching to see if, as the iPod broke the mold for music players and captured the hearts—and ears—of millions, and the iPad broke open the tablet market to usher in a new era in portability and functionality, whether Apple’s new gem will prove that the smartwatch’s time has finally come.  If so, perhaps another Apple product will be the one to set the bar for an industry—Apple has done it before and millions are watching to see if they can do it again.  So, here’s to you, Dick Tracey, consumer reality may be finally catching up to the amazing abilities of your comic book wrist watch.

*A special thanks goes out to Tony Rae for providing the BIT blog with this article!*

Employees of the Quarter Announced at BIT

In honor of these individuals’ outstanding performance and dedication to the Bureau of Information and Telecommunications, state government and the citizens of South Dakota, we gladly recognize them for their high standards of excellence in their duties.

Kristina, Ki, Carrie and Nic, we thank you for all you do to improve state technology services - you all make a difference!

Ki Weingart, Data Center (top left); Nick Penning, Telecommunications (top right);
Carrie Tschetter, Administration (bottom left); Kristina Cottingham, Development (bottom right)

Kristina Cottingham - Development 

Kristina is a Software Engineer II for the Bureau of Information and Telecommunications Development Team 2.  She has 16 months of service with the State of South Dakota in this field.  Kristina graduated from Dakota State University with a Bachelor of Science in Computer Science.

She has been completing her Master’s Degree online and will be graduating with it this May.  Kristina has been assigned the project lead on several technology upgrade projects.  She successfully completed the AG40 Campfire Database system for the Department of Agriculture WildLand Fire Division and received praise from the clients on her work.  Kristina has also been working on the PS16 Video Request system for the Department of Public Safety that will streamline the processing of Highway Patrol videos.

In addition, Kristina is working on multiple systems within the Department of Environment and Natural Resources FoxPro conversion project.  She has excellent organizational skills and always likes to have a full plate of tasks to stay busy.  Kristina possesses excellent communication and people skills to go along with her outstanding technical skills.  She collaborates and interacts well with co-workers in team environments to insure the success of projects. She also has the unique ability of understanding and meeting client needs when interacting with them while efficiently meeting the objectives and goals of BIT.

Ki Weingart - Data Center

Ki is a technology engineer for BIT and has worked for the State of South Dakota helping to satisfy our clients’ needs for 36 years!  He came to Pierre in 1978 to work for a private firm. Eventually Ki started working with Alan Peterson and Jim Dickson as the first DBA’s for BIT back when it was called: Central Data Processing.

Ki has worked on a lot of projects during his career. He’s supported every mainframe disaster recovery drill, countless client application walkthroughs and implementations, trouble-shooting events, and countless late night calls from Operators calling him to fix Abends after hours. His current duties include ADABAS, Natural, Trim, Auditre, and backup support for WebMethods, EntireX and Natural Engineer.

Over his years with the state Ki has been a positive, helpful team player always willing to assist anyone with a need he can support.

Carrie Tschetter – Administration 

Carrie has been recognized for her high standards of excellence in project management and customer advocacy.

Carrie is a member of the Project Management Office.  She is the Point of Contact for four state government agencies:  Department of Revenue, Department of Military, Department of Veterans Affairs, and Public Utilities Commission.  Carrie is able to provide her top notch customer service to state agencies due to her previous experience as a client of BIT.  She came to BIT about a year ago from the Department of Revenue (DOR) bringing with her twenty years of service to the State of South Dakota.

Since joining BIT, Carrie has actively participated in several activities to learn about the services BIT provides our client agencies.  As a Point of Contact, Carrie has taken an active role in project meetings for her assigned state agencies.  The DVA is in the process of building a new VA home in Hot Springs.  To address DVA I/T concerns, Carrie participated in two trips to visit the new VA Home with BIT LAN Services and Network Technology staff.  Through working on the VA home project, she found that the State Engineers’ Office was not including the recommended I/T clauses in their contracts. She has also assumed a more active project leader role for several DOR projects.  During a recent cyber security tabletop exercise with DOR, Carrie was instrumental with assisting in the planning and successful execution of the joint project.

Carrie can translate the technology jargon for agency clients.  She also has become an asset to the PMO team by contributing her past experience and her current research on specific topics.  She has added a dimension to BIT workgroup discussions by providing her input based upon an agency client’s viewpoint.  When the PMO team needed assistance to manage a few projects, Carrie volunteered to manage the BIT SDPB Audio Webcasting project, serve as the PMO representative on the Classic .asp rewrite work group, and participate in an incident notification review.

Nic Penning - Telecommunications

Nic is a Technology Engineer and a valued member of BIT’s security team. He spends a majority of his time analyzing information security threats which aids in hardening the defense of the State of South Dakota’s network infrastructure.

“What I find most interesting about information security is malware and everything in its related nature. I find it fun reversing binaries and trying to figure what the malicious applications do.”

Nic is originally from Hulett, Wyoming just 10 miles from the Devils Tower National monument. He grew up building and fixing computers starting at the age of 10 for his father’s company, Double Star Computing. After high school he attended Gillette College in Wyoming and received his associates in Computer Information Systems, while competing on the collegiate cross country and track team. Nic continued his education at Dakota State University with the opportunity to not only obtain a fun Computer and Network Security Degree, but also competed in the full marathon at the national collegiate level. His second year at Dakota State yielded many accomplishments such as the Cyber Corp Scholarship for Service opportunity and a summer internship working for BIT.

“After my first ever day in Pierre, I knew right away that this was a great place to live. The first thing I did once I arrived was went for a 10 mile run by the river, and I knew that if the people here were as nice as the run I had, then this was going to be a great summer, in which it ultimately was.”

Nic completed his education at Dakota State University graduating with a Master’s Degree in Information Assurance with a Specialization in Cyber Security.

Some of Nic’s recent accomplishments include statewide Nessus vulnerability scanning; this is part of a larger project to map out the security vulnerabilities statewide and put together a more comprehensive plan to reduce the attack surface. He also worked on the IDS upgrade, including hardware and system software upgrade. This allows the state to support 10Gbps throughput at the IDS level. It brings additional capabilities like the ability to check files for malware on the wire. Finally, Nic has had a part in the installation of a security sandbox to reverse malicious code, engineering a solution to shut down automatically executing office files, and volunteering to present to the point of contacts regarding security.

Again, congratulations and thank you all for your efforts and for all the years of dedication of service to the State—BIT looks forward to many more!

Wednesday, April 15, 2015

Purple Up! For Military Youth


BIT appreciates the efforts of the service members in our organization, community and the State of South Dakota as a whole. We are aware of the challenges faced by service men and women and their families. The month of April has been designated as the Month of the Military Child, a time to recognize and honor military children for their many sacrifices and struggles, as well as their countless contributions to our nation. On April 15th, BIT employees publically demonstrated their appreciation for the sacrifices and successes made by our service members - past and present. By wearing purple, employees of BIT displayed their support for the children in military families who often endure challenges before, during and after deployment of their loved ones.

BIT’s Strategic Plan Overview

The Bureau of Information and Telecommunications (BIT) strives to partner and collaborate with clients in support of their missions through innovative information technology consulting, systems and solutions.  BIT is made up of the following divisions: Administration, Data Center, Development, Telecommunications and South Dakota Public Broadcasting (SDPB). Each division is committed to providing quality customer services to ensure the state’s I/T organization is responsive, reliable and well-aligned to support the business needs of the State of South Dakota.



BIT is working toward three common goals focused on intended outcomes/results. BIT’s Strategic Plan shapes and guides what BIT is, who we serve, what we do and why we do it, with a focus on the future.  Visit http://bit.sd.gov/about/BIT-Strategic-Plan for a complete look at BIT’s strategic plan including the goals, strategies, tactics and projects that make it up.

The following are BIT’s Strategic Plan goals:


  1. Provide a Reliable, Secure and Modern Infrastructure.Provide a well-designed and architected, secure computing and communications environment to ensure optimal service delivery to our business partners. Architecture and process will be optimized to support agile and reliable computing and communication services.

    Technology assets must be high-performing and dependable to ensure services are available whenever needed. Centralization, standardization, and collaboration are vital to efficiently leverage investments. To maintain public trust, we must secure data and technology assets through leading security tools, policies, and practices.
  2. Deliver Valuable Services at Economical Costs.Develop innovative and cost-effective solutions through collaboration, cooperation, and in partnership with our clients. The solution sets include developing customized business solutions, efficient project management services and productive relationships with clients.

    “People should be online, not waiting in line.”
  3. Build and Retain a Highly Skilled Workforce. Improve the effectiveness, productivity and satisfaction of employees in order to attract (and retain) a highly qualified workforce to foster individual innovation and professional growth. Appropriate training and tools will be provided to enhance and improve career skills in the workforce.


Tuesday, April 14, 2015

I/T Definition: Geo-Blocking

I/T language can be confusing. BIT can help!

Geo-Blocking – Using software to prevent access to content from specific countries/regions based on IP addressing. Agencies determine the geographical scope of their web site accessibility.