Department of Information and Innovation
The Department of Information and Innovation was created in 2003 to provide direction and oversight for all activities directly related to information technology within state government, including telecommunications services, information technology equipment, software, accessibility, and networks in state government. The CIO and Commissioner of DII has broad authority to meet the goals of the department as established by statute and policy.
DII Mission Statement
To improve state government effectiveness and productivity, the Department of Information and Innovation provides expertise, standards and shared services for the state enterprise and supports agency and/or department-specific information technologies.
DII Vision Statement
Achieve cost savings by leveraging technology to drive down the cost of doing business.
Known Vulnerability - For Your Information
|Heartbleed OpenSSL Bug|
Entered on 04/09/2014 at 10:00:25 EDT (GMT-0400) by Leslie Hight:
For F5 Networks/BIG-IP SSL users, F5 has issued a statement re: Heartbleed. Please see the attached document.
Entered on 04/09/2014 at 09:04:52 EDT (GMT-0400) by Leslie Hight:
David Kreindler has addressed this OpenSSL vulnerability and offers the following advice to other System Adminstrators:
"If you are running OpenSSL 1.0.1 (through 1.0.1f, inclusive), you have to assume that your servers' private keys and all data transported to and from your servers for the last two years have been compromised. This includes things like login usernames and passwords of all of your systems' users, including administrators.
Since lots of things use OpenSSL, not just your web services are affected. Your mail servers and even your administrative access using OpenSSH are also cracked. There is no way to know that your system has not been cracked. If you are running OpenSSL 1.0.1, you have to assume that your servers' private keys have been compromised. (An IDS might be able to detect a successful attack, but I am not sure that an IPS could prevent one.)
So, how to recover?
1. First, upgrade OpenSSL to 1.0.1g or later; re-link binaries if necessary, and restart the services.
2. Generate new key pairs (certificates) for every SSL/TLS service, and revoke the old certs.
3. Change all of the passwords on the system, including web- or other application passwords of all users.
4. Get around to implementing PFS, so at least your traffic, in the future, will not be vulnerable to retrospective cracking.
If you do not know whether you are running a vulnerable system, as a last resort (if it is a web server) Qualys SSL Labs server test can help: https://www.ssllabs.com/ssltest/."
|OnBase images currently unavailable|
Entered on 04/21/2014 at 14:25:15 EDT (GMT-0400) by Leslie Baker:
Please close and restart your browser to restart OnBase for the fix to take affect.
Entered on 04/21/2014 at 13:38:20 EDT (GMT-0400) by John Oleen:
The server having the issue has been restarted and OnBase is back in full operation.
I will leave this ticket open until the end of the day in case there are any more issues.
Entered on 04/21/2014 at 13:12:35 EDT (GMT-0400) by John Oleen:
There are reports that the OnBase imaging is currently down. I am looking into the issue and have sent a notice to all users
Notification of Work Notices - Scheduled Maintenance
|Solarwinds - Apply MS Patches and Updates|
Entered on 04/17/2014 at 12:27:58 EDT (GMT-0400) by Rick Shover:
I am going to apply MS Patches and Updates at noon on 4/18. This will require a restart and the servers will be down for about 1 hour.
Please let me know if you have any questions or concerns.
|STEERWEB1 migration to DII VM environment 4/17 @ 8pm|
Entered on 04/16/2014 at 12:36:43 EDT (GMT-0400) by John Oleen:
The STEERWEB1 server will be migrated to DII hardware 4/17 starting at 8pm. During this work the following web sites will be down: childsupportcalculator.vermont.gov and MyBenefits.ahs.state.vt.us
This work is expected to be completed by 9:30pm.
SSL Ordering Changes: SHA-256 Transition Update
Entered on 03/12/2014 at 10:12:35 EDT (GMT-0400) by Leslie Hight:
Commencing March 31st 2014, all SSL Certificates will default to using the stronger SHA-256 algorithm; with SHA-1 available during the ordering process as an option should your legacy applications still require it.
If you require SHA-1, state so explicitly when you open a ticket.
After March 31, all existing SSL Certificates can also be reissued and upgraded from SHA-1 to SHA-256 at any time with no additional charge.
Please note that due to the Microsoft imposed 2017 deadline for not trusting SHA-1 Certificates, 4 and 5 year SHA-1 Certificates will no longer be available.
Known issues are created in Global tickets in Footprints. You can login to Footprints at https://ent-footprints.state.vt.us and subscribe to any open issues.