Security, Wireless

Immediate Action Required: Eduroam Network Update

Changes are being made to the encryption infrastructure that secures the Eduroam network. Wireless devices require a configuration update to ensure uninterrupted network access. These changes are schedule for April 11th. Failure to run the update in advance may result in an interruption of your Eduroam access.

Please log into your CSU, Chico Portal account and follow the “EDUROAM NETWORK UPDATE” instructions.

Please run this update on each of your mobile devices.  It should only take a few minutes of your time.

If you have questions or concerns, please submit a request at support.csuchico.edu or contact IT Support Services.

Security, Training

February Phishing Awareness Campaign

As part of a phishing awareness campaign an email was sent to campus in February that mimicked a phishing email. About 8% of us that opened this email were found susceptible to phishing. This is lower than the 16% from a similar campaign in December. February’s campaign differed from December in that it linked to a page that asked for credentials to be entered, instead of just linking directly to educational material.  Unfortunately about half of those that clicked on the link then provided credentials. Had this been an actual phishing attempt this would have allowed these accounts to be compromised and put the campus at risk.

Here is what the email looked like with some signs that it was not legitimate noted:

Clicking on the link in the email brought you to a login page. Here is what that page looked like with some signs that it was not legitimate noted:

Simulated Phishing Campaign Results

The simulated phishing campaign was broken into two groups: employees and students. If you are both an employee and a student you may have received two simulated phishing emails. Below you can see the results of this campaign.

Students

Employees

We are planning future phishing awareness campaigns, including more simulated phishing emails. We hope that improved awareness of the signs and dangers of phishing will reduce the number of compromised campus accounts and resources, and help protect campus data.

More information about phishing is available at http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

More information about the PhishMe simulated phishing tool is available at http://www.csuchico.edu/isec/tools_resources/phishme.shtml

Maintenance

Network: VPN Certificate Change

Maintenance Window: 7:00 AM to 7:30 AM Wednesday, March 15th
Services Impacted: VPN; no user outage expected, but open connections may need to be reestablished

During this maintenance window the security certificate for the campus VPN service will be changed. No downtime is expected, but open VPN connections may be disconnected and need to be reestablished.

Maintenance, Voicemail

Telephony: Voicemail System Migration

Maintenance Window: 4:00 AM to 8:00 AM Wednesday, March 15th
Services Impacted: Voicemail; up to full duration of maintenance window. Callers during this period will receive a voice message that the system is under maintenance.

During this maintenance window, the campus voicemail system will be migrated to a new hardware platform. This will require significant downtime to the voicemail service as data is transferred, and systems are reconfigured and tested. Callers into the voicemail system during this downtime will receive a voice message that the system is unavailable due to maintenance.

Maintenance, Wireless

Network: Clearpass Certificate Change

Maintenance Window: 7:00 AM to 7:30 AM Tuesday, March 14th
Services Impacted: Clearpass web and 802.1x authentication; no downtime anticipated

During this maintenance window, the security certificate for the Clearpass authentication system will be changed, which supports encryption for wired and wireless network authentication. This is an advisory only; no downtime is anticipated.