Archives

Weblogin

"" Overview and Key Features:

Weblogin is the web single sign-on service, which is used by hundreds of University service providers to provide authentication via UTORid/password. It also provides ‘coarse-grained’ authorization attributes such as affiliation and email address, which can be used by services to create and maintain local accounts and restrict access. Weblogin uses Shibboleth as the underlying technology.

  • Federated access

The University’s Weblogin service is integrated with the Canadian Access Federation, a Canada-wide service that provides access to Canadian and worldwide services, including:

  • Weblogin access integration with other Canadian higher-ed services.
  • University of Toronto services access via other Canadian institution access systems.
  • Integration with eduGAIN, a service that extends the Canadian higher-ed federated capability to educational institutions in the United States and across the world.

""  Getting Started:

Access the Weblogin service

  • Users:

For information on using federated login services, visit the CANARIE website or contact Information Security.

  • Technical staff:

To implement Weblogin, refer to “Installing and configuring Shibboleth”, and “SAML attributes available from Weblogin”.

""   Get Help:

For Weblogin issues, contact your local help desk.

Vulnerability Management Service (VMS)

"" Overview and Key Features:

Vulnerability management is the process of identifying, evaluating, treating and reporting on security vulnerabilities in systems and the software that runs on them. This, implemented alongside other security tactics, is vital for organizations to prioritize potential risks and minimize their attack surface.

Security vulnerabilities refer to technological weaknesses that allow malicious actors to compromise a product and the information it holds. This process needs to be performed continuously to keep up with new systems being added to networks, changes that are made to systems and the discovery of new vulnerabilities over time.

""  Getting Started:

The cost for the VMS is being incurred by Information Security and will be provided as a complimentary service to all tri-campus units. The vulnerability scan results are restricted to a need-to-know basis.

If you are authorized, the vulnerability scan results associated with your unit can be accessed through the Vulnerability Reporting Portal by logging in with your UTORid.

If you are a network or server administrator and do not have access to the vulnerability scan results for systems you manage, contact us at security.admin@utoronto.ca.

""   Get Help:

For information about use of Tenable at the University of Toronto, refer to the Tenable.IO University Training Guide. Additionally, you can find free Tenable tutorials on the Tenable website.

TLS Certificates

"" Overview and Key Features:

Transport Layer Security (TLS) certificates, formerly known as Secure Sockets Layer (SSL) certificates, are digital certificates that keep your internet connection safe by encrypting the data between your web browser, the website and its server.

The TLS service provides a cost advantage over purchasing it direct from a commercial certificate authority. Other benefits include:

  • The site validation process for the utoronto.ca or toronto.edu domains is completed.
  • There is no cost charged back to the individual department or division for most certificate products.
  • Notification of imminent certificate expiry is provided at least two weeks before the expiry date.
  • Information Security adds a departmental contact vetting process to ensure authorization to use server certificates.
  • Automatic certificate renewal (ACME) is available for this service.

""  Getting Started:

Information Security, part of ITS, facilitates the purchase of Sectigo TLS certificate products for University server administrators. To order certificates, you use the Sectigo Certificate Manager.

To order a new TLS certificate, refer to the ordering a TLS certificate article in ESC.

To set up automatic renewal for an existing TLS certificate, refer to the using ACME automatic renewal article in ESC.

""   Get Help:

For support, submit a request via the Enterprise Service Centre (ESC).

Tabletops as a Service (ImmersiveLabs)

"" Overview and Key Features:

We provide a tool for incident response training to help you prepare your staff for various information-security incidents. The Immersive Labs Crisis Sim platform is designed to enhance your team’s strategic decision-making skills in different types of security incidents.

""  Getting Started:

Facilitators should request access in ESC.

Participants don’t need to register. You’ll receive a link when you’re invited to an exercise.

Usage Guide.

""   Get Help:

Vendor support: Immersive Labs help center (logged-in users only)

Internal support: Email security@utoronto.ca to create an ESC ticket.

Security Awareness and Training (SAT)

"" Overview and Key Features:

Security Awareness and Training (SAT) service is designed to equip staff, librarians and faculty with the knowledge, practices and technologies needed to protect themselves and the University from cyber threats.

This service is institutionally funded and comes at no cost to units.

  • Essential security and privacy modules: Engaging, short and interactive training modules to provide baseline knowledge in security and privacy
  • Monthly Phishing Simulations: Realistic phishing exercises to test users’ ability to identify and report malicious emails
  • Delegated access to units: Units get delegated access to the SAT platform and can onboard their users at their own pace

""  Getting Started:

This service is offered to all staff, librarians and faculty through their unit administrators. Any unit can join the service by submitting a SAT service unit onboarding request.

Once onboarded into the Security Awareness and Training (SAT) service, users receive initial onboarding training, followed by quarterly refresher modules. For more information, refer to the SAT user onboarding workflow article.

For details on the delineation of responsibilities between the unit and the institutional service team, please refer to the SAT service roles and responsibilities (RACI) chart document.

""   Get Help:

To request support, as an end user: Please contact your local administrator.

To request support, as a unit administrator: Please submit a SAT service support request.

For any other questions or feedback: security.training@utoronto.ca

Risk Guidance and General Inquiries

"" Overview and Key Features:

The Information Risk team is available to provide guidance and answer general inquiries about information security risk management. This service can help to enable units and divisions to manage their exposure to risks and make risk-informed decisions.

""  Getting Started:

To access this service, please submit a ESC ticket.

""   Get Help:

All questions about risk are welcome. If you have a question or you’re unsure whether something is an information security risk, please reach out to Kanupriya Kejriwal, Manager, Risk Management at kanupriya.kejriwal@utoronto.ca.

Preferred name (display first name)

"" Overview and Key Features:

Members of the University of Toronto community often have a first name other than an official name that they use to identify themselves to others. Recognizing this, U of T allows students, faculty and staff to set and use their preferred first name.

Differentiating between the preferred and official first names allows the University to enable individual preference in applications that do not have a requirement to use official names. The preferred name option enacts the adoption of a consolidated preferred name across the University’s IT infrastructure.

The preferred name service was previously known as display first name.

""  Getting Started:

Access the preferred name service.

  • How to use:

To change your preferred name, log in to the preferred name service page and follow the prompts.

  • Application owners:

If you’re an application owner, learn how to consume preferred name information from Shibboleth.

""   Get Help:

Questions about selecting a preferred name

Students should contact their registrar’s office and employees should contact their divisional human resources office.

Forensic services

"" Overview and Key Features:

The Incident Response team offers digital forensic services for malicious computer activity. This service also facilitates access to third-party services if information security incidents need a more detailed analysis of changes made by malicious actors.

""  Getting Started:

Forensic services are provided for reported information security incidents. If you are experiencing an incident and you have not reported it, please follow the steps below.

  • Low severity incidents:

For low severity incidents, such as a compromised account or clicking a link in a phishing email, contact security.response@utoronto.ca.

  • Medium to critical severity incidents:

For information about medium to critical severity incidents, refer to the Incident Response Plan. If you are experiencing a medium to critical severity incident, complete the incident intake form.

""   Get Help:

If forensic services work is not already happening as part of a reported security incident, contact security.response@utoronto.ca.

VPN and Secure Remote Access

""   Overview and Key Features:

Members of the University community must secure their access to sensitive systems and protect themselves when connecting from remote locations, such as while traveling or working from home. Virtual Private Networks (VPNs) allow a user to route their computer’s internet traffic through a specific network while not directly connected to it. U of T offers two VPN tools for different purposes:

  • UTORvpn: A general remote access VPN that protects connections and allows users to connect to the campus wireless network remotely.
  • AdminVPN: Allows the owners of administrative and academic systems, as well as department administrators, to enforce strong authentication and secure connections.

   

Help - Free computer icons   Getting started

  1. Download Cisco Secure Client (for desktop) or the Cisco Secure Client app (for Android/iOS). Cisco Secure Client was previously known as “Cisco AnyConnect Secure Mobility Client”.
  • Installation instructions for Secure Client can be found below.
  1. Open Cisco Secure Client.
  2. From the dropdown menu, enter or select “general.vpn.utoronto.ca” and click Connect.
  3. An authentication window will open. Enter your UTORid and password, then cick OK.
  4. Your computer will notify you that it is now connected to UTORvpn.

For detailed connection walkthroughs, see the Enterprise Service Centre (ESC) Knowledge Base:

 

Installing the VPN client

You must have an administrator account to install Cisco Secure Client on desktop. If you are using a U of T-managed workstation, contact your local IT help desk to have them install the software for you.

Installing on Windows

  1. Navigate to your Downloads folder and run the Cisco Secure Client .msi
  2. Agree to the licence agreement and the installation will complete.

Installing on Mac

  1. Navigate to your Downloads folder
  2. Double-click on the Cisco Secure Client .pkg file to start the installer.
  3. Click Continue and accept the license agreement.
  4. Uncheck all modules except VPN. Click Continue.

 

Installing on Linux (Ubuntu)

  1. Navigate to your Downloads folder and extract the Cisco Secure Client gz file to a directory.
  2. Navigate to the VPN directory under the extracted directory. Right-click and choose Open In Terminal.
  3. Run the command: sudo bash vpn_install.sh. Enter your password when prompted.
  4. Agree to the license agreement and the installation will complete.

 

Endpoint Protection Service (SentinelOne)

Product overview - Free business icons   Overview and Key Features:

Only IT administrators or divisional leads may request this service on behalf of their units. Individual users should contact their local IT administrator for help with service requests.

Advanced endpoint protection provides next-generation anti-virus protection for university-owned user devices and servers. It gives units delegated access to manage their endpoints, including visibility on security alerts generated by the endpoint solution. This service enables quick detection of and response to attacks and device compromises.

This service is institutionally funded and comes at no cost to units for level 1 support.

 

Help - Free computer icons   Getting Started:

   

Question mark - Free communications icons   Get Help:

To request support, as a unit administrator:

To request support, as an end user: