Hampshire Wireless Network Security

iOS 10 gives hints about how to make Hampshire wireless networks more secure. What’s that about?

If you have a device that runs iOS 10 you may have noticed that it offers hints for improving the security of wireless networks, in particular Hampguest, Wallace, and Gromit, but not for Eduroam. There’s nothing you need to do to improve the security, but all of us should understand the basics of the security issue so we can make the best choice.

Limiting Access to Wireless Networks
There are ways to limit who is allowed to connect using wireless networks. At Hampshire we limit access to the Wallace (faculty and staff) and Gromit (student) networks by requiring a Hampshire account be entered to register each device used on those networks; Hampguest is open for the public to use while on campus. This helps us keep our IT infrastructure somewhat protected, as well as helping to keep wireless traffic within our capacity.

Wireless Network Data Security
What simply controlling access to a wireless network does not do is to encrypt the information that you send over the wireless network. Data that is not encrypted is vulnerable to being intercepted by a nearby hacker. Keep in mind, though, that information you send to secure http sites (web addresses that start with “https”), as well as our email system (and hopefully any current email system), are encrypted by protocols enforced by those systems.

Wireless networks that are encrypted protect the information you send from your computer so that an eavesdropping computer cannot decipher them. There are different methods of encrypting, with a WPA2 encryption method being the current standard.

Eduroam is the Encrypted Wireless Network on Campus
Of the Hampshire wireless networks, only Eduroam provides this encryption protection. We strongly recommend that the Hampshire community use Eduroam whenever possible. Eduroam does provide access to file servers and printing for faculty and staff, but there are Hampshire web services that are not currently available on Eduroam; if you run into problems accessing a service, try switching to Wallace to see if it works.

We are planning to eventually discontinue Wallace and Gromit, and switch entirely to Eduroam. It is a good idea to set up Eduroam sooner rather than later, not only to take advantage of its security features, but also because it is available at many other educational institutions.

Learn more about Eduroam

macOS Sierra

If you have a Mac you may have noticed the offer to upgrade to the latest version of the operating system, macOS Sierra. Here’s our breakdown on whether to upgrade.

[Note that with the introduction of Sierra, Apple has changed its naming conventions from “OS X” to “macOS”, similar to their mobile operating system “iOS.”]

New Features in Sierra
Sierra has several new features, but nothing that we have found to be essential:

  • Siri, Apple’ voice-command system, is a part of macOS Sierra. This allows you to talk to your Mac instead of typing in search commands or using menus for basic commands. Apple does tout several other ways to use Siri, but we haven’t integrated those into our workflow. Being able to talk to our phones seems like a really useful feature, but we aren’t sure how helpful it is to be able to talk to our computers, even in a home environment; in an office environment we have not found Siri to be appropriate or useful.
  • You can copy and paste between your iOS devices and your Mac. We haven’t even wrapped our minds around that one, let alone found a use for it.
  • There is support for iCloud storage for all of your Mac desktop and Documents folder files–the idea being that most of the files you use can be synced with iCloud and accessed on your phone or iPad. We do not recommend you use this feature for reasons that are explained below.
  • “Memories” is a feature of Photos that automatically creates albums from your photos. This was admittedly stunning in some instances–family vacations, for instance–but it was absurd in others (we have an awful lot of pictures of computers in our photos that we use to document inventory numbers, damage, repair processes, etc., and Memories includes them right along with our personal photos).
  • There are other enhancements if you use Apple Pay or an Apple Watch, but we haven’t explored those.

Problems We are Aware Of

  • We have read of a serious issue that arose when a user attempted to use the iCloud storage sync feature with two Mac’s and an iOS device: he ended up losing all of the files on one of the computers. Luckily he had a backup of the files, but this tale convinces us that this feature is not ready for prime time, and you should not enable it. Please also note that work-related files of a sensitive nature must never be saved on non-Hampshire devices; see the Hampshire College Data Security Policy.
  • We have not done broad testing of printers, but we have found that some Cannon PIXMA printers do not work with the new system without going through a multi-step work-around every time a document is printed. Hampshire Xerox and HP printers on campus appear to work just fine.
  • Adobe InDesign may have some graphical issues when dragging items around. This problem is purely visual, and other Adobe Creative Cloud applications reportedly work fine.

Our Recommendations

  • We do not find the new features compelling enough to recommend an upgrade. If you do have a strong desire to upgrade, there are no show-stoppers that we have found except for the iCloud syncing feature–use that at your own risk on personal computers, and please do not use it on Hampshire-owned computers.
  • As with any upgrade, you should do a full backup of your computer before you do the upgrade. Our recommendation is to use Time Machine, but if you have another full backup solution that you use, go ahead and use that.
  • Be aware that there may be compatibility issues with applications or printers. It’s always a good idea to do a Google search to see if anyone else has reported issues with key applications or printers and the new operating system.

What to do About a Wet Computer

Accidents happen, and unfortunately often involve liquids and computers. Your best chances include shutting it down immediately and tenting it upside down. Read on for more suggestions, plus what to do with a wet phone.

If your computer does get wet you need to act quickly for the best chance of its survival. So even though your computer isn’t wet right now (right?), read this so you’re ready if disaster strikes:

  1. Unplug it. Electricity and liquid are not something you want to mess with, and having power course through your computer while liquids are there is a recipe for short circuits, which cause further damage.
  2. Do not remove the battery if it involves taking the case apart with a screwdriver. If the battery is intended to be removable by consumers it will be removable without taking the case off, but most computers these days have batteries integrated inside the case. Batteries are dangerous if handled incorrectly.
  3. Tent the computer upside-down. This will help the computer drain the water away from the electronic components, and allow air to circulate to dry.
  4. Don’t take the computer apart unless you are an experienced technician. You can cause more damage than you do good.
  5. Bring it in to us as soon as you can (still keeping it tented upside down if possible). We will be able to take it apart so that it dries more quickly. We will work with you to make a plan to try to recover your data if your computer does not survive. Our hours are M-F 8:30-4:30, except holidays.
  6. Do not turn on your computer until at least 48 hours have passed and the computer appears dry. The temptation is to test whether it still works, the iron is that if it is still working you can render it inoperable by turning it on too soon. Do not yield to this temptation.

If your phone gets wet:

  1. Turn it off immediately.
  2. Put it in a bin of rice to help draw out the moisture. We don’t generally recommend this for computers because they have vents where the rice could enter, but it’s great for phones.
  3. Wait 48 hours before trying the phone I know this is unfathomable, but a new phone is expensive so (at least for me) it’s worth the precaution.

Other things to know about electronics and liquids:

  • Spill damage is not covered by standard or extended warranties, it is covered in special accidental damage warranties if it is offered at all. Apple does not have that sort of warranty
  • Computer manufacturers may put spill detection points in the computer. These will change color if they come in contact with a liquid, and will likely void your warranty in case of a spill.
  • No liquid is good for your computer, but water is better than anything else. Sugary drinks leave a sticky residue, acidic drinks will corrode the components more.
  • Even if your computer is ok after it dries out, there may be follow-on damage from corrosion.
  • It’s heartbreaking to lose a computer to water damage, but for most of us it’s truly a disaster to lose all of our data. We can often recover data from a liquid-damaged computer, but the safest bet is to regularly back up your data, just in case.

New to Hampshire? IT Tips.

If you’re new to the Hampshire campus there are a few things we know might trip you up. Here are some of the issues that we typically see problems with at this time of year.

Having Trouble Printing?
As you may have noticed, Hampshire has several wireless networks; knowing which is appropriate to connect to can help avoid problems accessing services. In order to print or access file servers you must be using either Wallace or Eduroam, or be plugged into the Ethernet. For details on the Eduroam network see https://www.hampshire.edu/it/connecting-to-eduroam-at-hampshire .

Smart Phone Not Accessing the Internet on Campus?
If your smart phone seems to lose internet access as soon as you set foot on campus, it may be that it is trying to connect to the Wallace network but hasn’t yet registered with it. You have a choice: choose the Hampguest network instead, or register your phone with Wallace by using its browser to go to https://netreg.hampshire.edu . Note that if you choose Hampguest instead of netreg’ing, you may find that it switches back to Wallace on occasion all on its own.

Can’t Log into The Hub?
If you are having trouble logging into The Hub and you’re new to Hampshire, it might be because you haven’t completed the short FERPA (Family Educational Rights and Privacy Act) training video and quiz. To take the quiz go to https://hamp.it/FERPA. If you’re not new to Hampshire we encourage you to take it anyway–and we promise it is quick and painless.

New Email Account not Working?
If you have a new email account but you can’t seem to get your email, did you accept the AUP (Acceptable Use Policy) at https://password.hampshire.edu? While you’re there, change your password to something you will remember, and then set up your security questions.

Want to Forward your Hampshire Email to Another Email Account?
Faculty and students sometimes prefer to receive personal and Hampshire email in one place. If that sounds like you, you can set up forwarding by going to https://password.hampshire.edu and selecting “Email Settings.” Just make sure that you pay attention to messages telling you that it’s time to change your password–you have to do that once a year–and at that time go back to https://password.hampshire.edu.

Not Sure if an Email Message is a Scam?
When critical announcements are made to the entire campus, they are both posted on the Intranet and emailed to faculty, staff, and/or studnets directly from the announcement system. You can verify authenticity of these messages by checking https://intranet.hampshire.edu. You should also know that to change your password or check your email quota we would only ever send you to https://password.hampshire.edu. Just remember that web address & type it into your browser if you ever want to check the status of your account–anywhere else is a scam.

Have a Scam Email You Think You’d Better Share with IT?
Scam emails can be sent to phishbowl@hampshire.edu, which will bring them to the attention of the system administrators.

Need IT Help?
The IT Help Desk is staffed M-F from 8:30 a.m. – Noon, and 1 – 4 p.m. If you need immediate assistance give a call to 413-559-5418. For non-emergencies you can email helpdesk@hampshire.edu. To enter an IT ticket go to https://thehub.hampshire.edu.

Looking for Amazing Tech Tips on a Weekly Basis?
Or just need some help falling asleep at night? Watch this space.

Changes to Eduroam

If you have previously connected to Eduroam, we want to let you know about a change that may require your attention. If you’ve never connected to Eduroam, time to find out about it.

About Eduroam

If you look at the wireless networks available to you on campus, depending on where you are you may see one called “eduroam”. Eduroam gives you access to the Hampshire network just as if you chose Wallace or Gromit. But the really cool part about Eduroam is that if you travel to many other campuses–including all of the five colleges–you will see Eduroam as an option there; if you connect via Eduroam at Hampshire first, then you will be able to connect to Eduroam at any other campus that supports it.

Connecting to Eduroam for the First Time

The first time you connect to Eduroam you must be on the Hampshire College campus network. You can find full instructions at https://www.hampshire.edu/it/connecting-to-eduroam-at-hampshire, but a few salient points:

  • Eduroam does not work on Macintosh computers that are running system 10.6 or earlier.
  • Connecting to Eduroam on Windows 7 takes a little more work than on other systems.
  • When you get to the point of entering your username and password to use Eduroam, you must enter your username and include “@hampshire.edu”.

Eduroam and Certificates

When you read about setting up Eduroam you will come across the word “certificate.” Certificates are special electronic documents that guarantee your computer is connecting to the service that is who and what it claims to be, and also encrypt your data in transit. Before your computer connects to Eduroam it will first want to check that Hampshire’s Eduroam certificate is valid; this includes that it was generated by a trusted authority, and that the certificate has not expired.

Hampshire’s Eduroam Certificate

Hampshire’s Eduroam certificate is expiring soon, but we have generated a new one that will be valid for 5 years. This certificate will be installed on your computer when you first connect to Eduroam at Hampshire.

Read This if You Have Already Connected to Eduroam Before

If you have previously used Hampshire’s Eduroam service, your computer installed a version of the certificate that is expiring shortly, and you will need to update the certificate on your computer. In many cases this will be simple–the next time you connect to Eduroam you could receive a message telling you that there is a new certificate, and all you have to do is make sure it has the correct serial number and accept it.

On Windows 7 this process is more complicated. You should run the Eduroam setup program at https://hamp.it/eduroam. In most cases this will work smoothly, but if you find that your computer will not connect to Eduroam after doing this, please contact the IT Help Desk at 413.559.5418 or helpdesk@hampshire.edu.

If you are using Macintosh OS 10.10 (Yosemite) or older, you must first remove the old certificate from your computer.

  1. From the “Go” menu in the Finder select “Utilities.
  2. Double-click on “Keychain Utility.”
  3. With “login” selected on the top left, choose “Certificates” from the bottom panel on the left.
  4. Find the certificate named “lelantos.hampshire.edu” that has the serial number “00 C2 E2 D0 66 98 48 BD C2”. You can see the serial number by double-clicking on the certificate and checking out “Details.”
  5. Once you have verified that you have the right one, select “Delete” from the “Edit” menu.
  6. Quit Keychain Utility and try connecting to Eduroam . You will receive the new certificate – ensure that it is issued by Hampshire College Certificate authority and has the serial number 00 C2 E2 D0 66 98 48 BD CF and then accept it – and you should be all set for 5 years.

Google Apps for Education at Hampshire

What if you could easily share a document with a co-worker, Five College colleague, committee member, or student?

What if you could both edit the document at the same time, roll-back to previous versions, and never have to worry about what machine that document is stored on?

Welcome to Google Apps for Education.

Hampshire College is joining our Five College partner schools and rolling out Google Apps for Education, joining the over 40 million worldwide users.

Google Apps for Education offers many features that will benefit the Hampshire community:
Unlimited Storage: Google Drive offers unlimited storage for files and folders.

Collaborate: When you share a Google Docs file, all your collaborators can view and edit the file simultaneously. While this is currently possible using personal Google accounts, having a Hampshire-specific account will make it much easier to find the people you want to share with. You will no longer have to collect gmail addresses from Hampshire collaborators and will be able to simply use their Hampshire email addresses.

Share files: You can easily share any file on your Google Drive with anyone else who has a Google account.

Large file transfers: Most email systems (such as the College’s) limit the size of file attachments, but Google Drive lets you share files of any size.
Web Conferencing: Google Hangouts allows for web conferencing with up to 15 participants.

You can now access the following services with your Hampshire login: Google Drive (including Docs, Sheets, Slides, Forms, etc); Hangouts; Groups; Maps; YouTube, and more.

Some Google services will NOT be available, however. After careful review of both Gmail and Calendar, Hampshire College’s Information Technology department has determined that both Gmail and Calendar at this time are not products that we feel provide the level of performance, support, data privacy, or data retention that the College requires. We will continue to monitor enhancements to these products as well as new offerings in the Google Apps for Education suite for future deployment possibilities.

If you have been using an older Google Drive account with your @hampshire.edu email address or Hampshire alias as your login, you must first create a new Google account with a different email address in order to retain your files. Please visit the Transferring Google Drive page here: https://www.hampshire.edu/it/transferring-google-drive-to-a-new-google-account.

To get started using Hampshire’s Google Apps, please visit: https://www.hampshire.edu/it/google-apps-for-education-at-hampshire

Let us know how it goes! We have a feedback form for these services: http://goo.gl/forms/eBix5dw7ILlX4PzS2

What’s in a name?

Certain characters in file and folder names can cause problems. Here’s a list of characters to avoid when saving documents, especially when sharing files or storing on a server, such as Patterson:

< (less than)
> (greater than)
: (colon)
” (double quote)
/ (forward slash)
\ (backslash)
| (vertical bar or pipe)
? (question mark)
* (asterisk)

If you do use one of these characters in a file that is stored on a server, Windows users (and some Mac users, depending on how they connect) will see a “mangled” filename instead–yes, that is the technical term for it, and in this instance it really fits. As an example I just named a file “MangleThis?.docx” from my Mac, but when I look at it from a PC it is named MX8WX9~I and has the wrong icon. Not pretty.