Holly Dickson
hollydickson.md@gmail.com
Mustang Wireless, the wireless network Cal Poly students have been using for the past eight years, began to disappear from select campus buildings this week. Students have been able to choose between the secure or unsecure networks for the past two years, but by the end of this quarter, Secure Mustang Wireless will be the only option.
Secure Mustang Wireless protects users’ information at sites, such as Facebook or YouTube, which don’t already have the lock-symbol on the Web browser, Information Technology Services (ITS) Chief Technology Architect Ryan Matteson said.
“So no matter what you’re doing on the network, we’re trying to do our part to protect that information,” Matteson said.
While more than half of people using the Internet on campus already use the secure network, Matteson said it’s time the rest of Cal Poly begin using it as well.
“Now we’re in this mode where it’s been a while and we need to move off the non-secure option,” Matteson said. “And we also want to communicate to people that there’s benefits to secure wireless.”
The secure network is easier to use, he said.
“It protects your data, but also it’s more convenient in many cases where you just turn on your device and it works,” Matteson said. “You don’t have to enter your password each time.”
Currently, each time a person connects to the non-secure option, an ITS sign-in page intercepts them and they must enter their Cal Poly Portal username and password, he said.
The unsecure network will continue to disappear in phases until the end of the quarter. ITS sent out an email and added a memo to the sign-in page for Mustang Wireless network warning users that the network will soon disappear and that it would be beneficial for them to switch over.
If users haven’t used Secure Mustang Wireless before, they need to configure their computer or phone so the network will work on it, ITS policy and compliance officer Mary Shaffer said.
Some of the larger areas on campus where many students use the Internet, such as Robert E. Kennedy Library, will be the last buildings to lose the network, Matteson said.
Gone phishing
Cal Poly email account holders received the most recent scam email on Nov. 5, instructing them to submit the information linked to their account, including: email address, username, password, date of birth and country. The email appeared to be from “CAL POLY SAN LUIS OBISPO” and the subject line read, “Emergency Alert!!!? CAL POLY SAN LUIS OBISPO WEBMAIL ACCOUNT USERS.”
While the spelling mistakes and extra exclamation marks, as well as the fact that ITS never asks for email or Cal Poly Portal information, alerted most that this was a scam email, some still fall for emails like it, ITS enterprise applications lead analyst and programmer Michael Green said.
“I think with students it might be that they’re sort of new to the whole protecting your information idea,” Green said.
There are two methods ITS commonly uses to identify compromised accounts, Shaffer said. Once they have identified a phishing email in the system, the email system blocks replies to that email and delivers notifications to ITS when a user does reply. The system is also configured to identify when Cal Poly accounts are used to send spam or test messages to previously identified phishers, she said.
Matteson said that now it’s more common for a student to realize on their own that they’ve fallen for a scam and call ITS immediately after.
“We’d rather they’d not respond (to those emails), but we’re glad that once they do it’s usually triggering in their head that they did something wrong,” he said.
Cal Poly’s servers occasionally let scam emails through because they are lax enough to let all legitimate emails through, Matteson said.
“With all this stuff there’s a balance,” Matteson said. “So we’re not blocking all the bad things because we also don’t want to block some legitimate email. The systems can’t be perfect because people can’t be perfect.”
Green said ITS stops more mail from going through Cal Poly’s servers than people tend to realize.
More than 1,400,000 emails were stopped from being delivered to campus in one recent 24-hour period. On that same day, 90,000 legitimate messages were delivered, which means less than 10 percent of the mail that tries to make its way through the servers each day is valid, Green said.
Phishers usually try to gain access to email accounts so they can turn around and send more emails to the people in that accounts’ address book, Green said.
“It’s important to realize a lot of this is automated,” Matteson said. “They have programs that will send this. There’s not someone manually sending these millions of messages.”
In order to help guard against phishers, ITS recommends Cal Poly users keep their Cal Poly password separate from other passwords.
“We always advise users not to use the same password here as you use at your bank,” Matteson said. “You should have different levels of passwords and keep your Cal Poly one separate.”
While ITS works to keep the campus safe on the Internet, ITS information security officer Sharif Sharifi said it’s not just up to them.
“We can only do so much, we need everyone’s help,” Sharifi said. “Information security is everyone’s responsibility.”
Gigabytes
Students and employees each receive the use of a Cal Poly email address during their time at Cal Poly. Students are allotted one gigabyte of space, while employees receive three gigabytes, Green said.
“Employees receive more space because hopefully they’re here longer than four years,” Green said. “A lot of students use off-campus services, which is fine, our system is geared to work that way and interact.”
Once students graduate, they can expect their email accounts to be deleted within two or three months, Green said.
Students can sign up through the Alumni Office to keep their Cal Poly email after graduating. The emails are redirected to a different personal account, but they can still use the Cal Poly address to use on résumés, for example, Green said.
Occasionally, students have realized after they graduated that they needed content, or most often, contacts, from their Cal Poly account.
“If the student has been gone for a month or more after graduation, they probably can’t retrieve stuff from their account,” Green said. “But if the accounts locked or they’ve only been gone a short while they can unlock it so students can get the info they need before it’s deleted.”
Besides the email accounts, each student receives a UNIX account during their time at Cal Poly.
Although many students don’t know they have access to this, Shaffer said UNIX is often used to create and host websites. Student clubs are also able to request accounts for club-related work, she said.
Students can find more information about UNIX on the ITS website.