I Need More Help!

Request assistance using the IT Help System*.

*Non-ANR personnel should contact their local coordinator or site administrator for assistance.

You've found help

What is Sitebuilder 3.0?

Site Builder 3.0 is a web content management system created for use by anyone in University of California Agriculture and Natural Resources to create and maintain a web site. This Help site is dedicated to helping you find your way through it.

If you are ANR personnel, you can contact us directly at Communication Services and Information Technology for advice on how to use Site Builder 3.0 or to suggest additions or changes to this Help site. Non-ANR personnel should contact their local coordinator or site administrator for assistance.

From Our Blog
  • International travel and cybersecurity

    Aug 12, 2019

    cartography-3244166 1280

    Electronic devices have become integral parts of our daily lives. We depend on them for connectivity, productivity and access to information. While abroad, however, we need to be aware of the increased risks we face in terms of cybersecurity.

    Using our cell phones, tablets and laptops in other countries can increase the risk of privacy breaches, system intrusion and device theft. 

    There are ways to protect your equipment, your information and your communications while traveling. Take the time to familiarize yourself to the following general guidelines and always check for updated resources before any foreign trip:

    1. The less you take the less you can lose. If you are not very sure you will need something, consider leaving it behind. This guideline applies to both devices and data (contacts, passwords, files).
    2. Be aware of basic security precautions. Keep devices with you – not in checked luggage, not in your hotel safe and not with airline or hotel staff. Be wary of public wireless Internet or Wi-Fi hotspots and use a virtual private network (VPN) if available. Never use the computers available in public areas, hotel business centers, or cyber cafés since they may be loaded with keyloggers and malware.  Do not plug in any untrusted attachments, like USB drives or other connectors.
    3. Know before you go. Read up on specialized laws about the country or region you are visiting, including export control laws, possible illegal content, or encryption rules.

     

    Additional tips and recommendations

    • For global travel, consider utilizing temporary gadgets, for example, an inexpensive laptop and a prepaid cell phone bought particularly for travel. Any device you bring to a foreign country may be compromised, even without you knowing.
    • If you do bring non-temporary devices, backup your data before you go. Install and configure encryption software.
    • In many countries, travelers should have no expectation of privacy. While VPNs can bypass some levels of censorship, they should not be relied on to work at all times (for China, see: https://www.travelchinacheaper.com/vpns-still-work-china)
    • Configure device according to minimum security standards.  The following requirements are especially critical for foreign travelers:
      • update your operating system and application software to the latest versions possible
      • install and update anti-malware software
      • choose strong passphrases
      • for laptops, setup and use a personal account that does not have superuser (root, administrator) privileges
    • After returning: change all passwords used abroad, run antivirus scans and delete apps used specifically for travel.
    • Ensure that you have the correct plug adapters and power converters.
    • You should assume no right to privacy at U.S. borders and points of entry. U.S. Customs and Border Protection officers can deny entry to the U.S. to individuals who refuse to unlock or surrender their electronic devices for inspection. (https://security.ucop.edu/resources/traveling-with-electronic-devices/faq.html)

     

    For updated travel security information, please see these resources:

    https://www.ucgo.org/technology-security

    https://globalaffairs.ucdavis.edu/travel/resources/electronics

    https://blink.ucsd.edu/technology/security/user-guides/international-travel.html

    https://www.ucop.edu/ethics-compliance-audit-services/compliance/international-compliance/international-travel.html


    By Bruce Lidl
    Author - IT Communications Specialist
  • Spear Phishing Email Campaigns Target UC ANR Leadership

    Aug 9, 2019

    Fish hook

    Phishing (pronounced 'fishing') is an email scam designed to acquire sensitive information from people. The most successful phishing emails are designed to look like the email comes from a reputable source such as a known person or entity. UC ANR faculty and staff are often the target of attempts to gain login credentials or personal information through phishing scams that may claim to be coming from UC ANR. These are fraudulent attempts and should not be replied to or acted upon.

    In early July, a number of UC campuses and affiliated institutions were targeted by a coordinated, wide-ranging “spear phishing” campaign. The scammers, masquerading as unit leads and executives, tried to get people to reveal sensitive information. We would like to take a moment to describe this attack, and offer tips for spotting similar attacks, and how to report them. If you believe that you have received a phishing or spear phishing email, please forward it to help@ucanr.edu. Messages sent to the UC ANR IT email account will help improve our detection mechanisms for future phishing attempts.

     

    Warning Signs

    One telltale sign of spear phishing is an unusual request. For example, is a colleague asking you to transfer money or other goods seemingly out of the blue? Are they insisting on a specific deadline, or otherwise creating an artificial sense of urgency? If so, you might be a target of spear phishing.

    If the message or request does seem suspicious, do a little digging to ensure it is actually coming from your colleague. For example, in the recent attack, the fraudulent messages came from Gmail accounts designed to look like @ucsd.edu accounts:

    From: Bob Smith

    (bob.smith.ucsd.edu@gmail.com)

    To: a colleague of the real Bob Smith

    In a few cases, the spammers changed the “from” address to other variations of a bogus email address, such as:

    From: Bob Smith

    (bob.smith.ucsd.edu07@gmail.com)

    To: a colleague of the real Bob Smith

    In this case, the recipients were all professional colleagues of the individuals whose names were used as the bogus sender of the messages. This suggests the individuals or organization sending the notes had researched their targets and crafted the messages specifically for them. This is the essence of spear phishing. The tactic is often a tool of state-sponsored hackers who are trying to garner a toe-hold into organizations with proprietary assets, including the world-class research and health care assets at University of California.

    How to notify

    Phishing attacks – and spear phishing attacks like the one that occurred earlier this month – are likely to become more and more sophisticated as time goes by. CSIT has tools to identify and remove fake emails that get delivered to @ucanr.edu accounts. But you can help too:

    The UCOP maintains extensive information on phishing on their website: https://security.ucop.edu/resources/security-awareness/phishing-2019-campaign.html

    Specific questions about our handling of spam and phishing that are not addressed above can be sent to the UC ANR Help at help@ucanr.edu.


    By Bruce Lidl
    Author - IT Communications Specialist
  • Sharing files with Box instead of the ANR File Vault - More customizations

    Jul 22, 2019

    This is the third post in our series on moving away from the soon-to-be-retired ANR FileVault to the Box.com service. The earlier posts were:

    1. Sharing files with Box instead of the ANR File Vault (May 28, 2019)
    2. Sharing files with Box instead of the ANR File Vault - How to do things in Box (June 4, 2019)

     

    We heard a number of questions and concerns in our first Webinar, and we're providing answers and clarifications here.

     

    Desktop clients

    Box Drive is available for OSX and Windows from this link. With this tool, not only can you easily browse files in Box, you can mark folders to be available offline. These folders will be copied to your computer, and sychronized when you or other users updated them. Even without marking folders to be available offline, Box Drive caches the most recent documents you have accessed locally.

    There is an older client called Box Sync as well. However, that has much more limited functionality and Box recommends users migrate to Box Drive. More information is available here.

     

    Collaborator email lists

    You cannot upload and save 'mailing lists' of users per se. However, there are alternatives:

    1. You could maintain a list of users as a Box Note, and copy/paste that list into the 'Share With' box when needed. An advantaqe of this is you can have multiple editors of that list if you desire, and recent versions of the file will be maintained.
    2. Groups that are defined in the campus 'Active Directory' can be imported into Box, and you can enter group names into the 'Share With' box as well as individual names and email addresses. There are over 200 ANR-related groups available, eg: ANR All, ANR BOC-K Staff, ANRCS Managers. Many of the groups are set up for internal technical/security reasons, but there are also many that organize end users such as those in the example. If you would like to use one of these groups, contact IT Help and we will try to identify or create a suitable group and make it available in Box. Be aware, however, that these group names are visible to all UCDavis Box users.

    Box recommends that the number of collaborators on a file or folder be limited to 1000, although that is not a hard limit. Groups, however, count as one collaborator.

     

    ucanr.edu versus ucdavis.edu email addresses

    For those people with both (ie, most ANR staff), you can use either.

     

    More tips

    • When adding an optional message to a collaborator invite, Box.com can be persnickety about the formatting. While it allows you to do some limited formatting using HTML tags (if HTML mail is supported by the recipient), it will not allow you to include anything that looks like a URL. Even a messages including the text 'ucanr.edu' will be rejected 'because URLs are not supported in the invite message.'
    • The Box Note feature provides a way to create very simple documents with limited formatting. Like other documents in Box, Box Notes maintain a version history. However, the version history is accessed differently than other files' histories:

     

    BoxNoteOptions

     

     

     


    By Stephen Edberg
    Author - Programmer
  • Zoom for Mac critical update

    Jul 10, 2019

    We are big fans of Zoom at UC ANR for our voice and video communication needs. However, a recently discovered vulnerability in the application means anyone using Zoom on a Mac must update their software immediately.

    You can download and install the updated version.

    Further information on the issue can be found on the Zoom site.

    Finally, please contact UC ANR IT Help with any questions or concerns.


    By Bruce Lidl
    Author - IT Communications Specialist