Kansas State University

search

IT News

Tag: Security

Warning: Increase in phishing scam emails trying to steal K-State eID passwords

Attention, K-State faculty, staff, and students.

Since the start of the spring 2012 semester, K-State has seen a significant increase in the number of phishing scam emails that are trying to steal eID passwords. Thus far, at least 10 K-Staters have been tricked into providing their eID and password to criminals under the guise of needing to upgrade their webmail account or exceeding the mailbox storage limit.

THESE ARE ALL SCAMS. K-State IT support staff will NEVER ask for your password in an email. Do not under any circumstances reply to these scam emails or click on a link in the email and fill out a form with your eID and password.

Abide by this simple rule and you will be safe from these scams and others:  NEVER provide your password to anyone in response to an email!

Continue reading “Warning: Increase in phishing scam emails trying to steal K-State eID passwords”

Spring eID password-change period open until Feb. 8

The spring 2012 semester eID password-change period is open until Feb. 8. This mandatory password change occurs every fall and spring and applies to all eIDs, including individual and group eIDs.

To change your password go to eid.k-state.edu, sign in with your eID and current password, then click “Change your eID password” and follow the steps.

Once you have changed your password, immediately update the password settings with your new password in all your computers, devices, and applications, or else risk getting locked out of K-State wireless or email. This includes:

  • KSU Wireless and/or KSU Housing wireless connections (using XpressConnect)
  • Your local email and calendar client such as Outlook, MacMail and iCal, Pegasus, or Gmail
  • Your mobile device(s) such as your cellphone or tablet

Forgot your password? Call the IT Help Desk (785-532-7722) and verify your identity. Staff can set a temporary password for you to sign in.

Email reminders are sent to K-Staters with unchanged passwords prior to the password change deadline. After Feb. 8, those with unchanged passwords will lose access to K-State webmail, iSIS, K-State Online, limited-free printing, university computer labs and other resources.

For more password details, including how to choose a good one, read the “frequently asked questions about eID passwords.”

 

eID password changes increase as Sept. 14 deadline nears

With the Wednesday, Sept. 14, eID password deadline a little more than a week away, email reminders were sent Thursday, Sept. 1, to all K-State eIDs with unchanged passwords.

K-State employees are ahead of K-State students on making their password changes.  As of Friday morning, Sept. 2, about 2,851 (46.9%) of current employees have changed their password.  About 10,368 (39.6%) of current students have changed their eID password.

Password statistics from Andy Wiens, in the Office of Mediated Education, also show how many K-State eID passwords haven’t been changed as of Sept. 2:

  • eIDs required to change password: 44,890
  • eIDs that have NOT changed password: 29,069
  • eIDs that have changed password: 15,821
  • Current students: 26,171
  • Current students that have NOT changed password: 15,803
  • Current employees: 6,076
  • Current employees that have NOT changed password: 3,225

The above eID statistics include many eIDs for people, groups, or systems that are not students or employees, Wiens explained, and he noted that the “current student” subset of eIDs overlaps with the “current employee” subset.

Key tips about passwords

1. Email phishing scams abound, as hackers try to trick users into divulging their eID password.  K-State will never ask for your eID password via email. Any email that asks for a password — or points to a webpage that asks for a password — is a phishing scam and should be deleted immediately.

2. Users of the new KSU Wireless network (which has WPA2 security) will need to also update their wireless password after they’ve successfully changed their eID password.

3. It’s easy to change your password online or by contacting the IT Help Desk.

  • To change your password:  Use the Sign in to K-State webpage, sign in with your eID and current password, then click “Change your eID password” and follow the steps. (Tips on choosing a good password are in the Frequently asked questions about eID passwords.)
  • Forgot your password? Call the IT Help Desk, 785-532-7722, and verify your identity. Staff can set a temporary password for you to sign in.

4. After Sept. 14, eIDs with unchanged passwords will lose access to K-State webmail, the iSIS student information system, K-State Online, free laser printing, university computing labs, and other resources.

eID password-change timeframe is Aug. 1-Sept. 14

Aug. 1-Sept. 14 is the timeframe for changing K-State eID passwords for the Fall 2011 semester. This mandatory password change occurs each fall and spring, and applies to both individual eIDs and group eIDs.

Note that K-State will never ask for your eID password via email. Any message that asks for your password is a phishing scam and should be deleted immediately.

  • To change your password:  Use the Sign in to K-State webpage, sign in with your eID and current password, then click “Change your eID password” and follow the steps.
  • Forgot your password? Call the IT Help Desk, 785-532-7722, and verify your identity. Staff can set a temporary password for you to sign in.

Email reminders are typically sent to K-Staters with unchanged passwords prior to the password deadline. After Sept. 14, those with unchanged passwords will lose access to K-State webmail, the iSIS student information system, K-State Online, free laser printing, university computing labs, and other resources.

Every K-State eID password must be changed, as long-term use of the same password is a known risk factor. For more password details, including how to choose a good one, read the Frequently asked questions about eID passwords.

Important changes to K-State wireless network

K-Staters can now connect to the more secure WPA2 Enterprise wireless network using their eID/password. Faculty, staff, and students who use the wireless network and are on campus during the summer are encouraged to connect today, before the rush of new students and employees in August.

  • Individuals who do not live in residence halls or Jardine Apartments will use the KSU Wireless SSID (network name) instead of the k-state.net SSID.
  • Students living in residence halls or Jardine Apartments will connect to the KSU Housing SSID.

Instructions on how to connect to this more secure wireless network are available at  wireless.k-state.edu/connect, which has links to an easy-to-use, automated configuration tool for Windows, Mac OS X, Ubuntu, Apple iPhone, iPad, iPod touch, and Android operating systems. For manual configuration instructions, see the Wireless at Kansas State University document (PDF).

On Aug. 1, the k-state.guest SSID will be disabled, and K-Staters will no longer be able to connect to the wireless network using this SSID. Campus visitors will use the KSU Guest SSID, which will not require an eID/password. KSU Guest will restrict access to enterprise systems such as K-State Online, webmail, iSIS student information system, and HRIS employee self-service.

On Oct. 25, the k-state.net SSID will be disabled, and K-Staters will no longer be able to connect to the wireless network using this SSID. Note: If you do not switch to KSU Wireless, you will not be able to use K-State’s wireless network on Oct. 25.

Information about K-State wireless networks is available at wireless.k-state.edu.  If you need assistance, contact your departmental IT support staff or the IT Help Desk, 785-532-7722, helpdesk@k-state.edu.

Enhanced wireless security went live July 12

On July 12, Information Technology Services increased the security of the wireless network by migrating from WEP to WPA2 Enterprise. K-Staters will find three new SSIDs (network names) in their list of wireless networks available on campus:

  • KSU Wireless (for all K-Staters)
  • KSU Guest (for campus visitors)
  • KSU Housing (for residence hall and Jardine residents only)

K-Staters will use the more secure KSU Wireless network. To access “KSU Wireless”, users will be routed to an automated configuration tool that requires signing in with an eID and password.

Campus visitors will use the KSU Guest network, which is unencrypted and will not require an eID/password. KSU Guest will be restricted to not allow access to K-State Online, webmail, iSIS, HRIS, Service-now, VPN, and the financial information system, which will protect those systems.

The current wireless network (k-state.net) that requires the WEP key will be disabled Oct. 25.

Our goal is to improve the security of the wireless network and simplify access. Since mid-June, SIRT and system administrators have been testing the new WPA2 Enterprise wireless network. Watch for more about WPA2 Enterprise in future articles.

For more information, see Wireless Networks at K-State and use the Wireless Network setup tool to configure your device.

Two new staff join IT Security and Compliance

With the addition of two new staff to the security team in the office of Information Security and Compliance (ISC), K-State’s ability to protect information and technology resources is greatly enhanced.

Richard Becker, network manager in Computing and Telecommunications Services (CTS), will be joining the security team as a network security analyst. He started half-time on Monday, April 18, and will continue half-time in CTS until he becomes full-time in security on Monday, May 16. Continue reading “Two new staff join IT Security and Compliance”

Q/A: How long to scroll 69 million computer addresses?

At last week’s IT Security Training Event, a competition was held to guess how long it would take to display 69,404,957 IP addresses. Those addresses represent machines that were attacked by a recently compromised computer at K-State.

Continue reading “Q/A: How long to scroll 69 million computer addresses?”

Last chance to register for FREE IT security training event!

This is your last chance to register for the free IT security training event being held tomorrow, Wednesday, April 13, in the K-State Student Union. This year’s event is 8:30 a.m.-4 pm. and will feature eight break-out sessions. Most sessions will be presented twice. The event is open to all K-State faculty, staff, and students. To attend either the full day or even part of the day, register here.

Note that one of the break-out sessions is the live version of the mandatory “SecureIT@K-State” IT security training. A separate attendance will be taken at that session in order to ensure that attendees receive credit from Human Resources for completing the annual security-training requirement.

A full list of the available sessions are listed below.

Continue reading “Last chance to register for FREE IT security training event!”

SSL VPN service now available to all K-Staters

As part of an ongoing project to decommission the aging hardware that is currently supporting most VPN services at K-State, all users with an active K-State eID are now enabled to use the new SSL-based VPN (K-State Virtual Private Network) and the Cisco AnyConnect client. The new client:

  • Is available for Windows, Mac, and Linux
  • Is simpler to configure
  • Should work better than the older IPSEC-based client in more restrictive network environments

Continue reading “SSL VPN service now available to all K-Staters”