We explain here the reasons why certain E-mail attachments are blocked and offer alternatives to receiving these.

E-mails, especially files attached to them, may contain dangerous viruses or worms. We use software to electronically scan e-mails and take appropriate actions to protect the computers of our users as well as the Wesleyan network from the viruses and worms.

All e-mails addressed to Wesleyan users are electronically scanned by a program called MailScanner. If the e-mail contains attachments, MailScanner first consults a table containing potentially dangerous file name extensions such as .zip and simply removes them from the e-mail as a safeguard. It informs the recipient that it removed the attachment, but does not send the same information to the sender of the email.

If the attachment is not one of the potentially dangerous ones, it is then passed on to the virus scanner. At Wesleyan, we use software on the mail servers called Sophos to remove any files that are infected with a virus or worm.

Administrative staff, administrative assistants and a few faculty members have been converted to Microsoft Exchange Server. They use Microsoft Outlook or Entourage for accessing their e-mails. All e-mails that are sent by a Wesleyan Microsoft Exchange user to another goes through a similar procedure for file blocking and virus scanning, but using different software. 

The list of extensions that are not allowed as attachments can be found here.

We offer two suggestions on how to bypass the file blocking if you really trust the sender and the file that is being sent to you.

1. When you receive an e-mail indicating that a file has been blocked, open the Wesleyan-Attachment-Warning.txt file that is attached to the mail to note the name of the file that was blocked. You should send an e-mail to the original sender explaining that a file he/she sent was blocked, that he/she should rename the file by removing the extension, such as .zip, replacing the extension with any three characters not on the list of blocked attachments (“aaa” works fine) , and resend the attachment. If this renaming has been done correctly, and the attachment is in fact virus free, you will see it in your e-mail. Now you should save the attachment (rather than double clicking on it to open it) and rename it with the proper extension on your computer so it can be opened.
2. If you are a WesFiles user, you should use the sharing option explained in detail here: https://wesfiles.wesleyan.edu/xythoswfs/static/en/sharing.jsp. You can create a folder and share it via a ticket that you send to the original sender. By clicking on the ticket link in your email, the sender will be directed to a web folder to which he/she can upload one or more documents and notify you. If you have any questions on how exactly to do this, please contact your desktop support staff or the ITS Helpdesk.

These events are submitted to the system by clicking on the Submit an Event link found in the events calendar page. Submitting an event requires a valid Wesleyan email address and password. The events can be categorized into one or more categories that are available in the system as well as marked as “Wesleyan only” (Only computers on campus network or those connecting from outside using VPN will see these events). The events calendar interface provides various ways to look at these events - either by date or by categories. In addition, we provide basic and advanced search of the calendar.

Once the event is submitted, the Events & Scheduling office verifies that the event’s location has been reserved and the Public Affairs office proofreads the text. When these two offices approve the event, it appears immediately in the events calendar. If the on-campus location has not been reserved or if the Public Affairs office finds errors in the description, the event request will be returned to the requestor for further action.Calendar RSS Feeds and Customized Email

If you are familiar with RSS Feeds and use them on your desktop (such as the Google Desktop ) or websites (iGoogle or Bloglines), you can subscribe to Events Calendar feeds. You will find RSS icons on several of the Events Calendar pages which provide the subscription links.

If you would rather be notified of these events by email, we provide an application that allows you to do this. In your electronic portfolio, in the Tools & Links bucket, you will find the application Customize Events Calendar. When you click on this application, you will see the options shown below. Please click on the thumbnail of the image below to see details (A new window will open).

If you have already customized your calendar email, you will find that the appropriate checkboxes are checked. This application allows you to choose the categories of events that you wish to add to the email, the days of the week that you would like to receive these emails. These emails will contain all events belonging to the categories that you chose and will show the date, time and the title of the event. If you wish to see more details, you can choose the additional fields that should be added to each event in the email. It is important to click on Save Settings to save your changes.

Each event in your email is a clickable link that will take you to the details about the event by opening a browser window. As you can see, this is a very useful tool that lets you customize the email about Wesleyan events. If you only want to know about events on Fridays and the weekends, you may want to choose the categories of interest and choose to receive the email on Thursdays. These emails are typically sent out around 11 AM on the day that you chose.

Hope you find this useful and will use this application to know more about the rich collection of campus events and enjoy them!

Wikipedia describes it as “In computing, phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication.”

I am sure that many of you have received official looking emails from eBay, PayPal or your online bank and some may have either inadvertently clicked on a link in the email or responded to it. This posting was prompted by the most recent phishing attempt - an email from support@wesleyan.edu sent to some of the Wesleyan users on Feb 26, 2008 asking them to respond with their password. As soon as we found out about this, we took the necessary actions, such as blocking further emails from the computer that was sending these messages and informing our users not to respond to it.

There are excellent resources that provide advice on how to avoid phishing attacks and we provide links to a few of them below. Please take a few minutes to read them.

• How to Avoid Phishing Scams from the Anti Phishing Working Group
• Anti-Phishing Phil From CMU
• Recognizing phishing scams and fraudulent e-mails

If you receive any emails that request personal information such as password, credit card number or your bank account number, treat it with suspicion and DO NOT RESPOND TO IT IMMEDIATELY. Please note that ITS and most of the financial institutions will never request personal information be sent over Email. Consult with your financial institution or ITS on the legitimacy of such email - almost always, the answer is going to be “delete it”.

Basically, all of them advise you to:

• Be suspicious of any email that asks for your personal information.
• Avoid clicking on links in these emails (Instead, open a web browser and navigate to your financial institution’s website directly). Some of them can create such lasting damage to your system that you may have to reinstall the operating system from scratch.
• Always make sure that any website where you provide personal information shows a security lock.

So, how are the hackers able to do this?

• The first step is for them to collect millions of email addresses. Unfortunately, this is fairly easily done and there are many e-mail address harvesting programs that are out there to do the job.
• Then they simply steal the graphics and text styles used by the institution that they are trying to fake, so that the email looks legitimate.
• The final step is to make the emails to look as if it is coming from a legitimate email address. You might wonder how can someone not associated with Wesleyan can send an e-mail that appears to come from a valid wesleyan email address. The answer is that this is fairly easy to do, though in recent years the technology is making it harder to do.

Unfortunately, the central storage that we provide has gotten too fractured. As a result, it is confusing to the users, especially faculty members who have to deal with three to five different document storage areas. Many times, accessing them requires different front end programs and the access control and security are also not consistent.

WesFiles is an attempt to centralize all the different document stores into one system. There are many advantages to storing your documents in WesFiles beyond the centralization.

• Easy network access to all your documents from anywhere.
• Easy web access. You simply have to connect to https://wesfiles.wesleyan.edu and provide your credentials to access all your documents
• WesFiles system can also be mounted on your desktop so it appears as though it is another disk on your computer
• Ease of collaboration - you can set the access control for any document yourself; you can also share documents with anyone who doesn’t even have a Wesleyan email account.
• You don’t have to worry about backing up your files because WesFiles is backed up for you on a regular basis.
• WesFiles lends itself to extensions easily. For example, we have written a dropbox function that the faculty can set up in WesFiles.
• We will soon be integrating WesFiles with Blackboard so documents stored in WesFiles can be easily referenced in Blackboard.
• WesFiles provides a document workflow engine that is very powerful.

We converted all the student accounts to WesFiles in mid-January and are in the process of converting the faculty members over to WesFiles. What this simply means is that the faculty members and students who had document storage on various locations such as Dragon and Condor have their relevant content moved to WesFiles. The Academic Computing Managers, Desktop Support Staff and the ITS Helpdesk are helping both with the transfer and answer any questions on this subject.

We have decided to wait until 2008 summer to move administrative users to the new system. The reason for this is because of some changes that are anticipated in desktop support for administrative users as well as the complexity involved in transferring their shared spaces from Dragon to WesFiles.

For more details on WesFiles, please visit the WesFiles Blog at: http://wesfiles.blogs.wesleyan.edu

So, here are some guidelines.

1. Wireless security configurations are complicated - Depending on your level of technical expertise, you may want to seek professional help in configuring the wireless network at home. One of the popular service that you may consider is the Geek Squad (Please note that we do not officially endorse them in any way).
2. Change the Administrator Password - All modern wireless routers provide a Web interface for you to manage its settings. You should read the manual (if you have lost it, you can get it on the Web) for instructions on how to connect to the router. Typically, trying to connect to http://192.168.0.1 or http://192.168.1.1should take you to your router’s login page. In a few cases the address may be http://192.168.2.1or something else. Once you are at the login screen, you will typically need to enter the administrative username and password. The username is typically administrator or admin. If you have never changed your router’s password, you should enter the default password. The default password is frequently blank or the word admin or administrator, but you will need to consult your router’s documentation to find the default password if these do not work. Once you have logged in, you should immediately navigate to your router’s user administration page to reset it to something that is not easily guessable.
3. Change the Default SSID - Every wireless router advertises itself with a name. Its default is typically the name of the manufacturer like “Linksys”. You should change this to something that is a little bit more meaningful to you (though for added privacy, you may opt for a name that does not indicate where the router is located). If you do not change the default SSID, it is typically an indication that you have a poorly configured router and exposes it to hackers.
4. Turn on Encryption - Traffic from your laptop to the router travels unencrypted unless you connect to services that require encryption (such as URLs beginning in https://). Despite the fact that most of the important data, such as financial information, is already encrypted, we still connect to many services that are not. A hacker can potentially capture the packets going from your laptop to the router and use it to his/her advantage. So, you should turn on encryption. We strongly suggest that you turn on WPA (or WPA2) encryption, which is the strongest possible encryption available. This requires reconfiguration of all the laptops, so do it with extreme care. WEP, which an older standard, is easily broken in to, and in our opinion, gives a false sense of protection. If encryption is important to you, we advise you to use WPA instead of WEP. If your router does not offer WPA encryption, you may be able to download a firmware upgrade from the manufacturer’s Web site that will add this functionality. Some very old routers may need to be replaced to add WPA encryption.
5. Turn Off Broadcasting - This simply instructs the router to stop advertising itself over the air. When this is done, you will no longer see your router listed when you browse for available networks, so you will need to manually type the name of your wireless network when joining new machines to the wireless network. From security point of view, this is a very good step, but from usability, this requires you to reconfigure your wireless laptops. The good news is that the reconfiguration needs to be done only once on every computer.
6. Turn on Firewall - You should seriously consider turning on the firewall on your router. This provides additional security at the perimeter, so hackers are stopped at the firewall and not allowed to invade your network. Please be aware that if you have youngsters in your house who use game consoles such as Xbox or Nintendo Wii, you will have to reconfigure your firewall to allow for exceptions if they play against other users on the Internet.

As we mentioned above, these suggestions offer you some best practices guidelines. Exactly how these are implemented depends on both the router that you have as well as the operating systems that run on your computers. Here are a few links that can provide additional information on various configurations:

The following Web site contains directions for connecting to the Brandeis wireless network using WPA.  While the documentation is specific to Brandeis, it also contains useful information for general WPA configuration.

http://lts.brandeis.edu/techresources/connecting/wireless/securewireless.html 

Information on Macintosh and WPA:

http://docs.info.apple.com/article.html?artnum=107795

Setting up the ubiquitous Linksys WRT54x wireless router with WPA:http://kimpeacocke.blogspot.com/2006/06/setting-up-linksys-wrt54g-wireless-g.html 

Setting up WPA2 on a Belkin router (with XP screenshots): http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9002706

Setting up WPA on a Windows Vista client: http://www.periodiklabs.com/support/manual/mac/vistaclients.html

One component of this process has been President Roth’s commitment to sign the American College & University Presidents Climate Commitment which will encourage Wesleyan to “move the campus forward in concrete ways towards a smaller environmental footprint and climate neutrality” (taken from an email from the Sustainability Advisory Committee). In tandem with this institutional commitment, the Wesleyan community is being encouraged to individually pledge to work towards sustainability by signing a Community Climate Agreement which is available in the Personal Information section of the Electronic Portfolio.

We thought this is a good time to introduce some best practices regarding “Green Computing” as well as talk about what ITS will be doing in the next few months to contribute towards this worthy initiative. Each of these recommendations and suggestions provides you with the chance to make a difference. We urge you to adopt as many of the following suggestions as you can, and to reply to this blog with other ideas that you might have to add to the list.

• Turn Your Computer and Monitor Off: When you intend to leave for the evening, go through a full Shut Down, and then (if you have a separate monitor) turn off the monitor. While using the “Power Management” settings of your computer does save energy, and while in many cases, the difference between a computer and monitor that is on “energy saving mode” power vs. the computer and monitor that is fully shut down is very small, it is always better to shut the computer off if you plan not to use it for a stretch of time. This will extend the life of your computer and save energy at the same time. For an illustration of power usage for various devices on the Gustavus Adolphus College, click here. You should note that the cost of Electricity in Wesleyan’s wood frame houses and off –campus is roughly 66% more expensive than on campus, so turning your computers and monitors at home can add up to significant savings.
• Turning a computer off does not harm the computer: It is a myth that turning computers off and on creates surges that damage the computer. Here is relevant information from Ohio University Green Computing Guide which points out that the heat stress from being “on” is far more damaging to the computer than being turned on and off.
  • Myth: It is bad to turn off the computer.
    Truth: Computers are now designed to handle 40,000 on/off cycles. This is considerably more cycles than the average user will initiate in the computer’s 5-7 year life span. Turning your computer off helps reduce heat stress and wear on the system.
• Buy Green Computers: If you are looking to buy a new computer, take a few minutes to research the most “green” and environment friendly computer and peripherals that satisfies your functional needs. Electronic Product Environmental Assessment Tool - EPEAT provides an excellent rating system that includes not just the power management, but such details as whether they use recyclable material for packaging.
• Think about replacing the worst offenders: Take an inventory of computers in both your offices/labs as well as homes. Older computers and monitors tend to be very inefficient. Especially the bulky old CRT monitors. A CRT monitor can cost Wesleyan up to $120/year, whereas an LCD screen of the same size can cost Wesleyan up to $25/year. Similarly, a Mac G5 (without the monitor) can cost Wesleyan up to $270/year, whereas a Mac 17” laptop can cost Wesleyan up to $30/year in electricity costs. If you can afford to get rid of old inefficient technology, please do. We do offer recycling for computing equipment.
• Turn off printers when they are not being used and turn them on only when you need them:
  Printers left on all year around can cost Wesleyan between $45 and $440 per year (!) in electrical charges.
• When possible, avoid printing on paper - read drafts on the screen, use the track changes feature to manage edits, print in smaller fonts (that are still comfortable to read) and use double sided printing (choosing appropriate paper on certain printers such as inkjet is important to avoid ink on the back side from showing on the front side). If you are a faculty member, consider making  your readings, assignments, exams, etc. available in electronic format. If you want to learn more about how to do any of these, please contact your Academic Computing Manager or your Desktop Support Specialist.

We have formed a “Green Computing Committee” at ITS to look into and implement several other suggestions for reducing the energy usage of the computers and other systems that we support. In order to accomplish the items listed below, we need the cooperation of faculty members, students and staff. Several of them also will have serious financial impact. The committee will look at all of these factors and come up with a plan of implementation by late December.

• Backups: We currently offer a remote backup service for faculty and staff desktops. Those who signed up for this are asked to not switch their computers off when they leave. The reason for this is several-fold. Firstly, the majority of backups are scheduled to occur when you are out of the office so any slowdown due to the backup, occurs when you are away. Secondly, because the backup does not save files that are currently being worked on, scheduling the backup to occur when the majority of people are away from their desks insures that all files are backed-up. We plan to ask you if you are willing to schedule your backup during the day. This would require you to bear with a slight slow down in your computer’s response as it is backed-up, and to try to limit the number of open files during the backup period. Due to server capacity, not everyone can be backed up at the same time, so we would spread out the backups over the course of the day. Given that we have over 600 computers participating in this backup program currently, we are likely to see significant savings in energy consumption. Up to $185 per year, per computer could be saved.
• We are also researching other kinds of desktop backup software that would reduce the slowness caused by the backup.
• Public Computers: We will examine computers in the public computer labs and develop a workable policy to manage usage of these machines. One of the suggestions has been to replace separate PCs and Macs with a Mac Duos. However, we have to make sure that all applications work flawlessly on a Mac Duo before committing to doing this. A more attractive proposal is to implement an automated power management policy that shuts down the computers when the lab is closed (or when we are on semester breaks, etc.) .
• Duplex Printing: We will develop a workable plan for installing duplex capable printers in public labs. This requires significant financial commitment from us, so we need to look at the best way to roll out the plan and possibly give incentives for double sided printing.
• Environment-Friendly Purchases: We will commit to buying the most environment friendly hardware for central services. We have already begun doing this, but we will commit to consulting the EPEAT ratings for hardware before purchasing.
• EPEAT Ratings: Our computer store staff will be trained in “green computing” best practices, Energy Star and EPEAT ratings, so that they will be better positioned to answer questions from the customers about environmental friendly computers and peripherals.
• We will also look at various ways to indicate the ratings (using labels) on the computers and peripherals we sell in our computer store.

We use a system called Tivoli Storage Manager (TSM) from IBM to manage all our backups. It is a very versatile system and helps us manage the backup with very little human intervention. The basic premise of TSM is “incremental backup” - which simply means “backup ONLY the files that have changed between the last backup and now”. Obviously, when you start for the first time, all the files will be backed up and subsequently only the files that changed and any new files created since the last backup will be backed up.

All the relevant data on our servers such as dragon, condor, and mail servers are backed up every night. If you signed up for the desktop backup service, the backup starts sometime after 6 PM every night. The exact time is unpredictable because it is a function of the load on the server. Laptop backups begin sometime after 12 midnight. The desktop or laptop that is scheduled to be backed up needs to be on at the time of backup. The status of backup is shown in the top frame of faculty and employee portfolios and the user can look at more details about the backup by clicking on the “Desktop Backup Status” link in the Tools & Links” bucket.

TSM provides hundreds of options, but there are three that are worth mentioning here:

• Exclusions - we exclude files that have no value being backed up. These are typically operating system files and temporary files which, even if we were able to restore, cannot be used.
• Number of copies of a file - We can configure how many copies of a file to keep in the backup. Sometimes, an earlier version of a file is more useful than the most recent one, so having multiple copies is very useful. For example, if you overwrote one of your documents by mistake yesterday and realized the mistake only today. Last night’s backup would have saved the overwritten document. What you would need is the previous night’s version. We typically keep 2 copies of each file and in some cases the files on servers have three copies.
• Deleted File - Sometimes, one may accidentally delete a file on the disk, realize the mistake a few days later and would want the file back. We configure TSM to keep a deleted file for sixty days, anticipating such situations. The choice of sixty days is indeed arbitrary, but increasing the number of days would consume a lot of hardware resources.

If you are a faculty or staff member and have not signed up for this service, we strongly encourage you to do so. Please contact your desktop support staff to learn more.

Backing up data on home computers

Most of us have one or more computers at home for family use and we very rarely backup the data on these machines. Some of us have attempted to backup what we feel are important files on several CDs or more recently on DVDs. The problem with this approach is, unless one is extremely careful about cataloging what is on these disks and keep them safeand easily accessible , this is not going to be a reliable system.

There are many remote backup services available on the internet. If you feel comfortable with the idea of your data being backed up elsewhere, then you might want to consider this. Our recommendation is that go with a reliable and respected company even if it costs more. It is your personal data that you are backing up and you certainly don’t want it ending up in the wrong hands. As an example, you might want to consider AT&T Online Vault which costs $7.95 a month for the first 2 GB and $2 for each additional GB. Please note that we do not endorse any particular remote backup vendor because we do not use them. You need to do the necessary research before picking a vendor.

If you are not comfortable with the remote backup idea, we suggest that you look at purchasing a large external USB disk drive that can hold backups of all your home computers with additional space for future expansion. You can purchase a 250 GB or 500 GB external disk at the Cardinal Technology Center located in Usdan Center. With a disk like this and a versatile backup software, you should be able to make reliable backups. Here are some pointers:

• Buy a large external USB hard disk (250 GB or 500 GB).
• Purchase a good backup software.
• Many backup software, including the one that comes with Windows XP, tend to store the entire backup as a single file in a format that is not humanly-readable. Browsing and restoring files from such a file is cumbersome. Look for a software that lets you copy the files and directories to the backup disk as is.
• Look for a backup software that lets you save only files that have changed since the last backup. It should also provide you with an option that will not remove files from the backup disk automatically if it was deleted from the source (your computer). You can always manually delete any file(s) from the backup disk to save space.
• Make up a realistic schedule to do backups. If you chose the right software, only the first backup will take a long time. Subsequent ones will complete fairly quickly.
• The easiest method is to connect the backup drive to each machine in the house and backup the information. Create different subdirectories on the backup disk for each of your machines.
• If you are an advanced user, you can leave the backup disk connected to one machine and perform the backup across the network rather than moving the hard disk from machine to machine.
• The natural question is, what happens when the backup disk itself goes bad. Of course, to protect against this, you need a second external disk to which you can copy. But, let us be realistic, let us first get the first disk going… So you understand how this whole thing works, and how easy it is to do. Then you can go get that second disk…

We suggest you look at a program like SyncBack for Windows operating system (a few of us use this software at home and like it). It allows you to configure rules for incremental backup, exclude files from being backed up and is relatively easy to set up and use.

Our Mac expert, Todd Houle, says that there is currently not a good software for the Macs except the usual copying from your computer (either full disks or manually selecting a subset) to the external disk. Todd points out that this is one area where the new Mac OS 10.5, called Leopard, excels. Please read about it here.

Your data is extremely important and backing it up is extremely important. Hopefully the pointers that we have provided here would help you get started.

If you already backup your home computers and want to share how you do it, what software you use and any other useful pointers, please add a comment.

Almost all of the leased Ricoh copier/printers on campus can easily be configured for document scanning. This is a convenient way to convert a printed image to a file. The Ricoh machines can be set up so that you can either send the file to someone via email or store it to your departmental folder on Dragon.

Your Desktop Support Specialist can set this up for you and other members of your department. Once configured, all you need to do is place your document on the platen and press the Scan button on the console. The touch-screen display will show a special scanning menu where you can indicate whether you want to scan to email or send to a shared scan folder. You must also indicate your identity – your name or initials will appear in the display so they can be selected. This is both for security purposes and because your email address has been input as part of the configuration. You have the choice of sending the scanned document to your own email address or to another which you can type into the console on the touch-sensitive keyboard which will be displayed.

Once scanned, the file will be stored with a name based on the time & date of its creation and a file extension of .tif. If it has been stored in your shared scan folder, you should then copy it to a more appropriate folder and rename it.

It is important to understand that the scanned image that is created is just that – a digital image of the printed page that you scanned. It cannot be edited in a word processor. This limits the purposes for which the file can be used.

If you would like to be able to use your copier for document scanning please contact your Desktop Support Specialist to arrange for the configuration.

Have you ever been frustrated because that one critical file or email that you desperately need is on your office computer and you are either at home or at a conference? Remote Desktop is a tool that can help you in situations like these. It allows you to access your computer from another computer anywhere on the internet. In order to take advantage of Remote Desktop, you need to configure both the computer that is being accessed as well as the computer that will take control. Of course, if you keep all your work on a laptop or on a network file server, you may never need this technique.

In this write-up, we will explain how to control a campus computer from an off-campus location. With Remote Desktop, you don’t have to worry about whether the programs or data you need are on your off-campus computer since they are all on or accessible from your campus computer. Likewise, you don’t have to worry about whether your home computer is fast enough or has enough memory to run your programs. Everything is running on your campus computer and only the screen images and keystrokes are being transferred across the Internet.

Another question that you may have is, what if you are at work and you want to access to your home computer? This is complicated and unless you are an advanced user who understands networking, we strongly discourage you from trying to do this. If you do not set up the network access properly, your home network may be open for access by computer hackers.

In order to establish a Remote Desktop connection to your campus computer, there are a few requirements:

• The campus computer must be turned on and connected to the network

• The computers must be running either Windows XP Professional or Mac OSX

• The off-campus computer must use VPN to establish a secure connection into the campus network. For instructions on using VPN please click on the following link: http://www.wesleyan.edu/its/vpn

The specific configurations for the campus and off-campus computer differ according to whether they are Macs or PCs. Please select the appropriate link below for configuration instructions. We recommend that faculty and staff work with their Desktop Support Specialist to configure their computers for Remote Desktop sessions.

Remote Control between two Windows XP computers

Remote Control between two Mac OSX computers

Remote Control a Windows XP computer from a Mac OS X computer

Remote Control a Mac OS X computer from a Windows XP computer

Wesleyan provides wireless networking throughout most of the campus, including academic and administrative buildings, dormitories, and many outdoor spaces. While the strength of a signal can vary locally as a result of physical obstructions or transient interference, ITS has recently made significant upgrades to the wireless network in order to reach areas that previously had absent or unreliable signals. If you are aware of an area that continues to have a weak signal, please let us know by emailing wireless@wesleyan.edu. Your feedback lets us know where to focus our efforts in improving service.

Compatibility (with a special note about Windows Vista)

The Wesleyan wireless network is typically compatible with any machine that is equipped with an 802.11b or 802.11g adapter. Windows XP, Macintosh OS X, and Linux machines can all connect to the network. Machines running the newest Windows operating system, Vista, have had difficulty connecting to the wireless network. We recommend that you wait to upgrade to Vista while we work to resolve these issues.

Speed

The wireless network is rated for speeds up to 54 Mb/sec, though in practice, these speeds are seldom achieved. Each wireless access point may have several users connected to it, and the total speed is divided among all users. Consequently, more popular areas will typically yield lower speeds than less used areas. Signal strength also plays a large role in connection speeds. As a rule of thumb, wireless speeds are just fine for Web browsing, streaming music/video, e-mail, and small file transfers. If you will be working with very large files over the network, you will be better served by a wired connection, which is consistently several times faster than a wireless link.

Unauthorized Access Points

In some areas where the Wesleyan wireless network has been unreliable, users have attempted to set up their own wireless access points to fill the gap. It is critical that you do not do this. Unauthorized access points potentially open up our network to unauthorized users. Also, unauthorized access points emit radio waves that interfere with Wesleyan access points and make it impossible for us to provide complete coverage in these areas. We then must spend time and resources to find and shut down the unauthorized access points. Our recent wireless upgrade has already filled in many of the gaps in our network. Again, if you find others, let us know at wireless@wesleyan.edu

Logging In

Users are required to login when using the Wesleyan wireless network. Requiring wireless network logins provides a way to restrict use of the network to faculty, staff, students, and authorized guests. You must log in to the wireless network before using any wireless network services, including e-mail, Web browsing, and accessing files on network drives.

Once you have configured your computer to connect to the wireless network, you can reach the wireless network login page by launching any Web browser and opening any Web page that begins with http://. You will be automatically redirected to the login page.

Note: Pages that begin with https:// cannot be redirected. If you use a page that begins with https:// as your home page, please browse to any Web page beginning with http:// to reach the login page. Once you have logged in, you will be able to reach https:// pages without a problem.

You should login to the wireless network with your Wesleyan username and password. Once you have logged in, you will be able to browse to any Web page, and use other networking services such as e-mail and Dragon access.

Please note that wood frame houses have their own access points separate from the main Wesleyan wireless network and have different connection procedures. For more information on wireless in Woodframe houses, go to:
http://helpdesk.wesleyan.edu/tipsheets/woodframe/woodframe.shtml.

Security

Because the wireless signal can be potentially intercepted as it travels through the air, the wireless network is potentially less secure than a wired connection. While the risk of someone eavesdropping on your wireless communication is typically very small, you should be aware of the risks and what you can do to make your data more secure.

AirWes vs. AirWesLS

Wireless users join the network by connecting to AirWes or AirWesLS. AirWes differs from AirWesLS in that it uses an encryption method called WEP (Wired Equivalent Privacy). WEP encrypts data as it is sent back and forth between your computer and the wireless access point, which makes it unreadable to electronic eavesdropping. For directions on how to configure WEP at Wesleyan, go to:
http://www.wesleyan.edu/its/wireless/data/wireless_config.html
You will be prompted to log in with your e-mail password to reach this page. AirWesLS does not use any encryption, requiring less configuration but also providing less security.

Problems with WEP

In real terms, the added security provided by WEP is marginal for a couple of reasons. First, the WEP key is very widely known throughout the Wesleyan community, and anyone with the WEP key can unscramble the encrypted data. Also, the WEP encryption protocol is relatively easily broken, so a determined hacker could defeat the encryption even without knowing the WEP key. We are working on solutions to these security issues, which will be discussed in greater detail below.

Secure Protocols

You can safeguard your data by using secure protocols such as HTTPS and SSH to transmit the data. Secure protocols will protect your data from being read in transit even if you are not using WEP. In addition, secure protocols are more secure than WEP alone because your data will be encrypted at every stage between your computer and the remote computer with which you are communicating. By comparison, WEP encrypts your data at only the wireless stage between your computer and the wireless access point. Not all remote machines will be configured to allow you to use secure protocols, but it is a good idea to use secure protocols whenever they are available, even if you are also using WEP. Below is a table showing common secure protocols and their less secure equivalents.

Secure Protocol	Less Secure Equivalent	Purpose
HTTPS (a.k.a SSL)	HTTP	Web browsing
SSH	Telnet	Remote login
SFTP	FTP	File transfer
POPS and IMAPS	POP and IMAP	Retrieving e-mail
SMTPS	SMTP	Sending e-mail

Most servers at Wesleyan support or require secure protocols, and you are strongly encouraged to use them.

Upcoming Changes for the Fall

Starting this fall, we will be rolling out a new way of connecting to the network that will encrypt your data much more reliably than WEP. The new method will also be much more convenient to configure than the current AirWes procedure. Once the new system is in place, we will phase out AirWesLS, and all users will connect to the wireless network using safe and convenient encryption. In addition to the new encryption, we will be rolling out a system that will scan machines for viruses and security vulnerabilities. If a machine is found to have security problems, the system will show the user how to remediate the problems. All security issues must be resolved before a machine is allowed to join the wireless network. These measures will help ensure that the wireless network does not become a conduit for infected machines to spread viruses throughout our network.