Advice for University wireless users following news reports about ‘KRACK attacks’

Following the news about potential security problems in wireless networks worldwide, the University has reviewed its services to be able to provide advice to users. While the risks are relatively low, everyone needs to consider how they use wireless networks until the issues are resolved. The issues affect all wireless networks so the advice below should be considered while using Wi-Fi anywhere, whether in the University, at home or elsewhere.

On affected networks, there is a risk that an attacker might be able to read data you send or receive including, potentially, online shopping or banking. There is currently no workaround to address this issue but information is safer if it is encrypted so users should follow the advice below while using any wireless network.

  • Make sure the software on your device is up to date.  Manufacturers regularly release security patches to fix issues and vulnerabilities in operating systems and it is important that these are promptly installed. For University equipment, Digital Technology Services (DTS) will provide advice about what you need to do when these are available. Users of SHU-owned Macs have been advised NOT to accept an update to High Sierra until DTS has confirmed that it is okay to do so but they should continue to install any security patches which are offered.  On your personally-owned devices, use the latest operating system and install patches when they are offered to you.
  • Wherever possible, use websites that are encrypted – these normally display a padlock next to the address.
  • University staff should use the VPN (Virtual Private Network) service when using laptops or other portable devices to ensure any University data is encrypted while using Wi-Fi networks. This includes while in public areas on campus such as University cafes and other open areas.  More information on the VPN service.

What else can I do to protect myself

Sign up to the new CyberAware course which has just been launched for all SHU staff and visit blogs.shu.ac.uk/ITsecurity for more information about the latest threats.