eCampus and Internet 2 About Internet 2 at WSC WSC eCampus
Contact Info

 

Help Desk

(402) 375-7107

Email: helpdesk@wsc.edu

 

Network Notices

Heartbleed vulnerability and wireless/dorm network downtime

Published: 4-12-2014 11:05 am

Greetings all,

As I'm sure all of you have noticed, a major security vulnerability nicknamed "Heartbleed" was announced this week which impacted many secure services on the web. We've spent most of our week in NATS identifying and assessing potentially vulnerable systems, as well as communicating with off-campus service providers regarding their vulnerabilities.

The good news is that we had very few vulnerable systems, so our exposure has been relatively minimal. One system which was vulnerable, however, is the login system for the Aruba wireless network which serves the dormitories and a few other buildings on campus (alumni house, Benthack, Rice, Studio Arts, and Carhart Science). We have found no evidence that the vulnerability was exploited, but nonetheless we are taking precautions to ensure the security of the network.

This will be a multi-stage process, the first stage of which will be to upgrade the software. This will take between 3 and 5 hours, during which time users will not be able to login to the wireless network in effected buildings. While we normally try to have much more notice for outages, this is a time-sensitive security measure and needs to be done as soon as possible. We plan to start the upgrade process at 4AM tomorrow (Sunday) and hope to be done by 9AM at the latest.

Stage two of the process will be to replace the server security certificate with a new one. This will cause many of wireless devices to prompt you to accept a new certificate (something you also had to do when you first configured your device for the campus wireless network). Over the next few days we will be preparing for this stage, readying the help desk for any calls and ensuring that Sunday's upgrade is running properly. We will announce the time for stage two early this coming week in another e-mail once we have those preparations completed.

We will continue to monitor the situation ongoing, but let me stress once again that we've seen no evidence at this point that security has actually been compromised, just that we were vulnerable.

Thank you for your patience as we navigate through the situation.

JD

Wayne State College
Our focus is your future
Find us on Facebook
Follow us on Twitter
Watch us on Youtube
Linked IN
Instagram
Flickr