IT-News

Fall WiFi issues update 10/15/2020

Posted on Categories WiFi

Day Student Government visit: 10/7/20

On Wednesday 10/7/20 Augsburg Day Student Government invited Scott Krajewski, CIO, to talk about the WiFi issues students are experiencing on campus. The senators had many good questions and shared experiences with Zoom disconnects and connection quality problems.

Scott shared this list of questions to help the Tech Desk troubleshoot student WiFi issues.

Reporting Form

IT has created this WiFi problem reporting form based on the above questions for students to fill out.  The Tech Desk will use this info to better troubleshoot and inform our solutions.

Research

In the past week Augsburg IT has began researching the WiFi issues with other schools. Several other schools across the country are reporting similar Zoom issues with their campus WiFi. There are several theories as to the cause and related solutions. In particular, Gustavus Adolphus College in St Peter, MN experienced the same problems this summer. Augsburg IT met for an hour with Gustavus IT to review their experiences and their solutions. IT is now working with our WiFi vendor to verify the suggestions from Gustavus before changing our WiFi settings.

Technical Notes (for those who are interested)

Several schools hypothesize this has been a problem for a long time however we never noticed it before now. Using Zoom requires a constant connection whereas web browsing or streaming recorded video does not need a constant connection.

The working theory, as of today, is that Apple devices (computers and phones and tablets) are jumping to slower and more distant wireless connections. The WiFi network is actually two networks – one running at 2.4GHz and one running at 5GHz.  The 2.4GHz network is slower and is there for older devices that don’t support the faster 5GHz network. Apple devices are ignoring a close 5GHz connection and instead are trying to connect to a further away (and poorer) 2.4GHz connection. And they are actively doing this during a Zoom session.

Since we have little data from our students at the moment we can’t be sure this is what is happening. However the anecdotes sound very similar what other schools are saying.

Zoom chats and privacy

Posted on Categories Zoom

Every so often we get a question about private chats and meeting recordings. Let’s setup this scenario to illustrate how this works. Professor A is hosting a class in Zoom. Students B and C are attending. Everyone is using the chat feature of Zoom. Here’s the parameters of how Zoom recording/saving works:

People can only save what they can see.

  • So when Professor A starts recording the meeting the public chats will be saved since Professor A can see them. If B and C are private chatting the professor cannot see them (that’s why they’re private) so they are not saved by the professor’s recording.
  • Suppose student B private chats Professor A about a grade question during the recording. Since Professor A can see that chat it is now saved. So Professor A will want to delete that from the chat file if they are going make the chat available to the class with the recording.
  • Suppose student B private chats student C about Professor A. If student C saves their chat they will have saved that private chat.

One thing to keep in mind is that in Zoom a professor is no different than a student in terms of what they can do. Everyone has the same type of account in Zoom’s eyes. The idea of a professor or student is something we’ve constructed that Zoom knows nothing about. So in the above example Professor A could instead be a student hosting a group project meeting for their accounting class.

Phishing reminder

Posted on Categories Security

Spear Phishing

We’ve been noticing more questions recently about suspicious emails that look like phishing. These days we tend to see more “spear phishing” campaigns.  “Spear phishing” is just a way of saying it’s a targeted phishing campaign. People are studying our website to see our organizational structure to figure out who are people in authority. Then they send an email pretending to be that person from a free account they created (not associated with Augsburg or Luther Seminary).

These campaigns try to instill a sense of urgency from a person of authority needing help.  These are techniques to try to lure you in and in the end get money from you.

Here’s a recent example:

Hello, Are you available?

Notice the carefully crafted signature to make it appear to be from Provost Kaivola. But also notice the email address it is from kaivola@my.com. That is not an institutional email address. That odd email address should be a red flag.

The best course of action is to mark this as spam so Google will be more likely to block it. We see most of these getting blocked as they are becoming very common.

If you did reply they will reply back saying that they are in a meeting and need your help with something important (sense of urgency).

I'm in a meeting right now and I need your help with something important. Can you? I will be waiting for your feedback

If you reply again they will ask for you to buy a gift card from some online store — we’ve seen iTunes and Steam recently — and they say they’ll reimburse you for it.  Again they will say it is urgent. This is a script we’ve seen over and over with these spear phishing campaigns.

I need the you to help me get a steam card from the store right now, I will surely REIMBURSE you back today once I'm done with meeting. I don't know when re meeting will be rounding up. So I need your help urgently. If you can help out I will love to get your feedback.

What should you do?

  1. If it seems fishy or odd, it is likely a scam. Mark it as spam so Google will be more likely to block it.
  2. If you’re truly not sure, contact the person directly by phone or institutional email address to confirm. Do not reply to the suspicious message.

Internet Maintenance – Overnight 6/26-6/27

One of our redundant Internet Service Providers will be performing emergency maintenance on Internet fiber circuits.

During this time, there will be two brief 2-5 minute period where some internet traffic may reroute to secondary internet providers.

Maintenance Window:
6/26/2019 – 6/27/2019
10:00pm – 5:00am

Estimated Downtime within Maint. Window:
Internet Traffic: two separate 2-5 minutes windows while internet traffic reroutes to redundant providers.
If on campus, you may see a short 2-5 minute disruption in your ability to get to some web sites or streaming services.
If off campus, you may experience a short 2-5 minute disruption in your ability to get to some Augsburg services.

If you have questions, contact the TechDesk, your LFC, or Matt Schornstein, Associate Director IT Systems

Gmail Confidential Mode

Posted on Categories Google
In late June Google will be releasing “confidential mode” in Gmail. Here’s a few key things to keep in mind
  • this only prevents accidental sharing of an email, people can still take a picture or screen shot of the content or attachments
  • this feature is meant to protect personal or sensitive information but not regulated or legally governed data
  • any regulated data (SSNs, credit card numbers, bank information) should still never be sent via email. When in doubt consult the Data Classification Policy and the Regulated Data Storage Chart.
More detail is found here

Internet Maintenance – Overnight 4/16-4/17

One of our redundant Internet Service Providers will be performing emergency maintenance on Internet fiber circuits.

During this time, there will be two brief 2-5 minute period where some internet traffic may reroute to secondary internet providers.

Maintenance Window:
4/16/2019 – 4/17/2019
11:00pm – 4:00am

Estimated Downtime within Maint. Window:
Internet Traffic: two separate 2-5 minutes windows while internet traffic reroutes to redundant providers.
If on campus, you may see a short 2-5 minute disruption in your ability to get to some web sites or streaming services.
If off campus, you may experience a short 2-5 minute disruption in your ability to get to some Augsburg services.

If you have questions, contact the TechDesk, your LFC, or Matt Schornstein, Associate Director IT Systems

Meltdown and Spectre vulnerabilities

Posted on Categories Notification
The latest computer vulnerabilities, being called Meltdown and Spectre, relate to how the CPU (brain) of computers operates. The major software vendors are releasing patches to their software (Windows, MacOS, linux) to deal with the vulnerabilities.
We are updating servers as the updates are made available by vendors. We may have to schedule some off-hours downtime for major services to complete the patching.
For institutional PCs we’ll be pushing out updates once they are available.  For Macs those will be pushed by Apple through the App Store under the Apple Menu. On your personal computers be sure to run your system updates.
Early news reports suggest computers may become slower after the patching though whether that will be noticeable will likely depend on how old the computer is.
We’ll be monitoring this as it continues to unfold.

Sharing Google documents or another phishing attack?

Posted on Categories Security

What happened?

The afternoon of May 3 saw a widespread phishing attack across the internet.  The phishing attack is an email that looks like a Google document sharing request as shown below.

It is a convincing phish but note the odd To: address.  That should be a warning sign that something is off.  In some cases people recognized the name of the person but perhaps it was spelled slightly wrong.  That’s another warning sign.

The link, which you should not click on, takes you to a page that appears to request access to your Google account.  Real Google docs do not need this access.  Once you grant access they will try to send more messages using your account to your contact list.

What can I do?

First, if you clicked the link you should change your password on Inside Augsburg.  This is true for any phishing email that has fooled you into clicking on a link.

Second, and more importantly this time, is you need to review all connected Applications and Websites connected to your Google account.  The phish has tricked you into giving their application access to your Google account.  You do not want that.

This is done in three quick steps.

  1. Visit https://accounts.google.com
  2. Under Sign-in & Security pick Connected apps & sites
  3. Click MANAGE APPS and review and remove any sites or apps that you do not recognize.  This phish shows up as “Google Docs” which is very tricky.  If you see that listed, remove it.

 

How can I learn more about information security?

We have a broad information security self-paced course in moodle that anyone at Augsburg can complete to improve their information security awareness skills.  The course has about 35 minutes of short videos (closed captioned, no sound required).  You can find it in moodle community at the following address https://moodle.augsburg.edu/moodlecommunity/course/view.php?id=946.

Emergency Maintenance – Switch Restart 12/8/2016

In an effort to resolve the sporadic and unpredictable routing issues we will be restarting the the affected network switch.
Maintenance Window:
12/8/2016
5:00am – 5:45am
Estimated Downtime within Maint. Window:
Internet Traffic: 5-10 minutes (ingress and egress from campus)

National Cyber Security Awareness Month – Week 1

Posted on Categories NCSAM

National Cyber Security Awareness Month (NCSAM) – celebrated every October – was created as a collaborative effort between government and businesses to ensure every American has the resources they need to stay safer and more secure online.

At Augsburg, Faculty and Staff should yearly renew their Information Security Awareness Certificate through the short, 30 minute Moodle course.

If you ever have questions regarding information and computer security, an odd email message you receive, or other questions regarding data safety, do not hesitate to contact your LFC or the TechDesk

 

Find out more information about National Cyber Security Awareness Month at their website https://staysafeonline.org/ncsam/

Week 1: Oct. 3-7
STOP. THINK. CONNECT.: The Basic Steps to Online Safety and Security
Staying safer and more secure online starts with STOP. THINK. CONNECT. – the simple, actionable advice anyone can follow. STOP: make sure security measures are in place. THINK: about the consequences of your actions and behaviors online. CONNECT: and enjoy the Internet.

Whether banking, shopping, social networking, tracking our health or downloading the latest app, in today’s interconnected world, practicing good cybersecurity is critical. All digital citizens must learn to stay safer and more secure in their ever-expanding digital lives, including by preventing and responding to identity theft and scams, ensuring that home networks are secure, managing the security of mobile devices and teaching children to use the Internet safely, securely and responsibly. Week 1 shares simple ways we can protect ourselves and communities along with actions to take if impacted by a breach, cybercrime or other online issue. It will also examine the outlook for cybersecurity jobs and how to engage young people in pursuing careers devoted to protecting the Internet.

 

wk1_ncsam_2016
National Cyber Security Month Info Graphic