Security

Gordon+Bates+%2F+Arizona+Daily+Wildcat%0AGiancarlo+Guevara%2C+a+senior+in+Mechanical+Engineering%2C+participates+in+a+photo+illustration+to+demonstrate+the+level+of+security+associated+with+the+UAWifi+Public+network+on+Thursday%2C+Aug+25.

GKB

Gordon Bates / Arizona Daily Wildcat Giancarlo Guevara, a senior in Mechanical Engineering, participates in a photo illustration to demonstrate the level of security associated with the UAWifi Public network on Thursday, Aug 25.

Amer Taleb

Students automatically receive a CatMail account when making their NetID upon admission to the UA. If used carelessly, CatMail can forward unwanted material and present problems to students.

Online behavior is a cardinal indicator of the issues that students may encounter with CatMail , said Kelley Bogart, senior information security analyst with the Information Security Office.

Personal information can be hooked away from students responding to phishing emails, which are designed by cybercriminals to imitate trustworthy organizations like a bank asking for credit card information.

Bogart said the UA may send students email reminders to change their NetID passwords, but will never ask them to send confidential information through an email. Spam levels range drastically and are contingent on user habits and filter settings, Bogart added.
UAWiFi is the safest wireless Internet connection students can use on campus.

“UA Public (Wi-Fi) scares me,” Bogart said. “Your confidential information is in the air.”

The UA Public connection is designed for visitors to use, not students. A banner page initially pops up detailing the risks of the unsecured service that can easily be accessed and used by criminals to steal private information. Bogart said connecting to UAWiFi is a simple process that only needs to be done once. More information can be found on the University Information Technology Services website.

Ibraheem Kashkash, a pre-business freshman, said he was unaware of the risks associated with UA Public.

“It’s a strong signal, I guess I never really thought about it,” he said.

Mugtaba Idris, a junior studying molecular and cellular biology, said he was satisfied with the security of his CatMail account.

“People shouldn’t complain about the Goat Man either,” he said. “They apologized, that’s it. They don’t owe you anything.”

Earlier this month, a crude image called the Goat Man was sent out on the UA employee Listserv, and the UA responded with an apology the next day. The sender was able to forward the photo because the Listserv was not moderated, meaning anyone on the Listserv could forward anything to everybody, said Cathy Bates, university information security officer with the Information Security Office. Bates said nothing like the Goat Man has ever occurred at the UA and the Listserv is now moderated and the campus community should not worry about it happening again. She said it can be difficult to trace the sender, a sentiment Bogart echoed.

“They could’ve hacked someone’s NetID,” Bogart said. “Who knows?”

UAccess and Desire2Learn, course management systems that, along with CatMail, are probably the most used virtual student services, are heavily secured, and their systems regularly scanned. The likelihood of someone infiltrating them is nearly non-existent, Bates said. Like CatMail, student habits indicate how secure they will be. Bogart said at least one website allows students to bet on the class grades they will receive. A NetID is required to participate.

“It (the site) sounds like a good way to ruin your life,” Kashkash said.

Bogart strongly advised students to never send confidential information via email or share NetID information with a friend. Students, faculty and staff can download free Sophos Endpoint Security software for Windows and Macs from the UA. Having a strong password is essential.

“Passwords aren’t there to be a nuisance,” Bogart said. “If a hacker wants your information and you have a weak password, that’s it.”

If a student suspects someone is using their account, they should immediately change their password. Students can also contact the Information Security Office for help or the 24/7 IT Support Center, which provides online, telephone and walk-in assistance.

Kashkash said he was impressed with the UA’s security systems, but said they could do a better job of marketing and simplifying their information.

Bogart said the Information Security Office tries to raise awareness about security issues through events and services and is always evaluating their methods to see if they are successful.

“We definitely want students to know we’re a resource for them,” Bogart said.