Eduroam is here (and there, and everywhere)

Former Information Privacy Officer Geoff Nathan got firsthand experience with Wayne State’s new eduroam service this summer. Check out what he had to say.

— Michael Barnes


Wayne State University has joined the international consortium known as eduroam. Eduroam allows anyone with login credentials at member universities to log in to the network at any other member institution.

What does this mean?
It means that if you can log in to the Wayne State wireless network (the secure one), then you can log in to the wireless network at any other academic institution that is also a eduroam member. This means you have a secure Wi-Fi option at hundreds of universities, research institutes and more.

How well does it work?
Very well! This past summer I visited the University of Hawaii (Manoa campus)1,  Tartu University in Tartu, Estonia and Southern Illinois University Carbondale. While on the campus of each place I simply chose eduroam as the network I chose to connect to, entered my Wayne State credentials and immediately got access to their network.

The only drawback is that you may get a mysterious error about certificates, but this only means that the university has made a small configuration error, not that there is a real problem.

So next time you are visiting another academic institution around the world, you probably can use their secure Wi-Fi with your WSU AccessID and password.

Find a full list of every eduroam institution around the world (sorted by country) at eduroam.org/where/. There are over 500 eduroam institutions in the United States alone and there are additional institutions in nearly 100 other countries.


1 Yeah, I know. But I’m an alum. I lived there in the ’70s.

Welcoming our new Information Privacy Officer

Those who know me (or those who occasionally look at the blog listings on Today@Wayne) may know that after 15 years at Wayne State University, I announced my retirement this past spring. I was proud to serve as Wayne State’s first Information Privacy Officer and I’m confident that my successor, Michael J Barnes, will be able to do even more with the role. You already met him when he posted over the weekend about the nasty Equifax security breach. Please join me in welcoming him.

Thanks for reading this blog over the years. I may do a guest post from time to time, so this won’t be the last you hear from me. Now for a few words from Michael:

Hi all. I am an Associate Professor in the College of Fine, Performing & Communication Arts in the Maggie Allesee Department of Theatre and Dance, having served as the Artistic Director and on its Executive Committee since 2011. I’ve served on numerous committees at Wayne State and, as a member of the Academic Senate, served on the Facilities, Support Services, and Technology Committee. Before I came to Wayne State, I was faculty at the University of Miami in the Department of Theatre Arts, also teaching in their School of Law, and at Temple University. I’ve been obsessed with technology since I started learning on the original Macintosh computer.

I’ve worked with Geoff on a handful of projects in my time at Wayne State and I’m excited to become a member of the C&IT team and turn my passion for technology into a position where I can effect change. I’m taking over the ProfTech blog, so keep an eye out here for regular updates about university privacy and how faculty can best use technology resources. You can also reach me at mjbarnes@wayne.edu with questions or comments about university privacy.

Quick info about Wayne State’s cybersecurity

In the wake of the cyberattack on Equifax and the loss of the personal data of millions of U.S. citizens, I thought it would be interesting for the Wayne State community to know a bit more about cybersecurity on our campus.

Wayne State takes your privacy and the storage of your information very seriously. C&IT works constantly to make certain that all information is kept safe. It is a top priority to keep our employees information safe and to make certain that we uphold standards set by regulations like FERPA and HIPAA.

For a brief overview to understand the university’s methods of securing data, Director of Information Security Kevin Hayes shared the active controls utilized here at WSU:

  • Multiple layers of firewalls
  • Regular vulnerability scans check for malware and security issues on our central servers
  • Automatic blocking of new attackers and threats
  • Two-factor authentication for access to sensitive data
  • Manual reviews of servers, systems and processes to ensure data integrity

He also shared metrics to understand just how successful the firewall and security systems have been at Wayne State.

On a typical day, university firewalls block:

  • 187 million connections at the Internet edge
  • 8 million connections for residence halls and housing
  • 7 million connections at the data center
  • 1 million connections at our Disaster Recovery (DR) site
  • 300,000 connections for the President, Provost and Office of General Counsel
  • 200,000 connections for the WSU Police Department

In the month of Aug. 2017, the systems:

  • Dynamically blocked 2,844 attackers attempting to scan our network
  • Blocked 4,373 viruses and malware components
  • Prevented 482,316 outbound connections to other malicious destinations
  • Thwarted 91,793 hacking attempts

Yes, you read that correctly. There are close to 200 million attempts to hack into WSU systems in one day. When I first heard these figures, I was shocked. In our modern world, it is virtually impossible keep information about you completely private. Rest assured, WSU does everything possible to make certain that we are never the source that compromises your personal privacy.

The Equifax cyberattack: Be on the lookout for identity theft

On Thursday, Sept. 7, the national media reported that Equifax, which is one of the three major consumer credit reporting agencies, has been the victim of a cyberattack that affected 143 million customers. Whether you like it or not, this will likely affect you, your spouse, or any number of your family members. Unfortunately, I know many people who seem to walk blindly into what are now the forests that constitute our modern commerce and economy. Some of them feel they are protected because they don’t shop online, or because they don’t pay their bills online, or because they only use their debit card…or, or, or…  That simply is not the case anymore; no one is immune to identity theft.

In the last few years, we have been seeing a rising number of major corporations being hit by this type of attack. We saw the national retailer, Target, experience a security breach in 2013 where the names, credit card numbers, expiration dates, and security codes of approximately 40 million people were stolen by hackers. Yahoo was hit by a couple of these attacks — the information of over one billion account holders was breached.

You may think “I’m not a customer of Equifax; It doesn’t affect me.” This simply is not the case. Whether we like it or not, we are all customers of Equifax. As one of the three major credit bureaus (the other two are Experian and TransUnion), any time you apply for a credit card, a loan, or utilize your bank, your information is being shared with these agencies. They maintain consumer credit information and sell that information to businesses in the form of credit reports. Though they are heavily regulated, they are publicly traded, for-profit agencies.[i]

Media sources have reported that hackers may have gained access to sensitive information, which includes social security and drivers’ license numbers, for 143 million customers. Given that the current adult population of the United States is 245.3 million people, this means that over half the adult population of the U.S. has now had their information stolen and is at risk for identity theft.

A quote from the New York Times indicated that in severity, on a scale from 1 to 10, this attack is a 10. Unlike the Yahoo or Target attacks, thieves were able to acquire information of a more personal nature. They were able to retrieve names, birth dates and addresses; information that would allow access to bank accounts, employee accounts and medical information; the credit card numbers for 209,000 people; and documents used in personal disputes for 182,000.[ii]

What Do You Do? 

It is important that all individuals investigate as to whether their information has been compromised. Equifax has set up a site to help determine whether your data is at risk. That site is: equifaxsecurity2017.com/. You should also acquire a free copy of your credit report from one of the three major agencies. This can be obtained at annualcreditreport.com.  If you think your data has been used, be certain to contact your local law enforcement officials. In addition, if you find that your information was stolen, you should place a fraud alert on your credit files; the FTC has a website with a guide for placing a fraud alert. Equifax is also offering all consumers the ability to freeze their Equifax Credit Reports as well as making use of their Credit Protection Service for free for one year.

It is worth noting that the Attorney General of the state of New York has pointed out that the terms of service for Equifax’s credit monitoring service, TrustedID Premier, say that users give up their right to participate in a class-action lawsuit or arbitration. However, he has also stated that, in the case of this breach, those Terms of Service would not be able to be upheld in a court of law.

As one last point, I would suggest that each of you take the time to contact your elected Representatives and encourage them to examine the policies we have in place for consumer data protection. This type of event demonstrates the importance of making certain that this the industry of sharing your financial data be strictly regulated. The information that these cyber-thieves acquired could affect people for years to come.

Important Websites

 

ADDENDUM

Since my initial writing of this posting, I have read a number of articles on how to best handle the Equifax breach.  In my opinion, the best way to deal with it is to have a freeze put on your credit file with Equifax and the other services.  Because it makes makes it so that no credit report can be run, it stops any thief from opening credit in your name.  If you need to apply for credit you temporarily thaw the account by providing a PIN number (which will need to be kept in a very safe place where you cannot lose it).  Of course, the credit services do not let you freeze an account for free, nor do they thaw it for free.  However, the cost is far less than what you might experience if you are the victim of identity theft.  Equifax has bowed to pressure, however, and will offer credit freezes free for the next 30 days.[iii] If you are still a bit confused about just exactly what to do, I would suggest these articles the New York Times, “Equifaxes Instructions are Coinfusing, Here’s What to Do Now“the Chicago Tribune, “After the Equifax Breach, Here’s How to Freeze your Credit to Protect your Identity.”

 

 

[i] Irby, LaToya. “What You Should Know about the FCRA.” The Balance. 11 May 2016. https://www.thebalance.com/what-you-should-know-about-the-fcra-960639

[ii] Bernard, Tara Siegel, Tiffany Hsu, Nicole Perlroth, Ron Lieber. “Equifax Says cyberattack May have Affected 143 Million Customers” New York Times. 7 September 2017. https://www.nytimes.com/2017/09/07/business/equifax-cyberattack.html?hpw&rref=business&action=click&pgtype=Homepage&module=well-region&region=bottom-well&WT.nav=bottom-well

[iii] Leiber, Ron. “Equifax, Bowing to Public Pressure, Drops Credit-Freeze Fees for 30 Days.” New York Times. 12 September 2017.  https://www.nytimes.com/2017/09/12/your-money/equifax-fee-waiver.html?mcubz=3