Wireless Network Changes

Greetings!

Over the course of the next several weeks, we will be replacing the wireless networks at Middlebury. (UPDATE 03/13: The first two changes are complete. The final update is scheduled for next Wednesday, March 18th.)

What do I need to do?

Starting March 2nd, please connect to the new secure wireless network named MiddleburyCollege (like midd_secure but better). Middlebury Faculty, Staff and Students will login with your standard Middlebury username and password. Guests will need to create a Middlebury guest account and use it to connect to MiddleburyCollege. This is not a change for change’s sake – we are confident that the end result will be a wireless network that is more convenient and more secure for everyone.

Why are we doing this? What are we trying to achieve?

Some devices have trouble with the current configuration of midd_secure. Midd_secure was created many years ago and wireless standards have since evolved. Additionally, guests have traditionally connected to midd_unplugged, a non-secure network.

It is important that all wireless devices, including those of faculty, staff and students as well as guests, have a way to connect to our network securely, quickly, and easily. Also, as part of our improved security posture, and to comply with all regulations and generally accepted guidelines, devices on our network need to be identified and associated with an individual, for everyone’s benefit.

What will the new configuration look like?

  • Anyone with a Middlebury College username, including faculty, staff, students, etc., will connect to the new wireless network called MiddleburyCollege using their username and password. Guests will also connect to MiddleburyCollege with their guest account name and password, where they will have access to the Internet, but not our internal servers.
  • Guests from other institutions that are also part of the eduroam project will continue to connect to the eduroam network (for Internet access only).
  • Guests and others who do not have a username and password, either because they haven’t created an account or they have forgotten their password, will connect to a new open wireless network created for this purpose, called GuestAccountCreation. No password is required, but connections are limited to intervals of 15 minutes. When they connect, they will be offered links to create a new guest account, reset their guest password, or activate/reset their Middlebury account password.
  • Certain older or residential devices, for technical or procedural reasons, do not support standard security protocols (username and password), and require what’s called a “pre-shared key” instead (a shared password, like Midd-standard has now). For these devices, we are creating a limited-access pre-shared key network called MCPSK. This is only for devices that cannot use MiddleburyCollege. If you suspect this applies to you, please contact us (see “What if I have more questions?” below).

How will we get there? What is the transition schedule?

To reduce the impact of this change, we are planning on a phased implementation that gives people time to transition from one network to another. For performance and capacity reasons, we cannot have more than four different wireless networks at once, so we will introduce new networks on the following schedule:

Now to 3/2 3/2 to 3/09 3/09 to 3/16 3/16 forward
midd_unplugged (transition to midd_secure)
MiddleburyCollege MiddleburyCollege MiddleburyCollege
midd_secure midd_secure (transition to MiddleburyCollege)
MCPSK MCPSK
Midd-standard Midd-standard Midd-standard (transition to MCPSK)
GuestAccountCreation
eduroam eduroam eduroam eduroam (unchanged – for guest access from other institutions)
  1. Anyone currently connecting to midd_unplugged should take a moment now to transition to midd_secure. If you have trouble connecting to midd_secure, please contact the Helpdesk for the password to Midd-standard.
  2. On Monday, March 2nd, midd_unplugged will be removed and we will introduce the new MiddleburyCollege network. From then on, all faculty, staff, and students should connect to MiddleburyCollege, though midd_secure and Midd-standard will continue to work for enough time to allow a smooth transition. We will prepare offices that frequently bring guests to campus to help them get connected to Midd-standard if necessary during this transitional period. In short, midd-unplugged will cease operating on 03/02/2015 – use midd_secure before then, and MiddleburyCollege after.
  3. On Monday, March 9th, all College personnel should be connected to MiddleburyCollege, and we will remove midd_secure to allow for the introduction of the MCPSK network. Starting on this day, anyone who hasn’t been using midd_secure due to incompatibility should first see if they can connect to MiddleburyCollege. If your device doesn’t support it, please contact the Helpdesk so we can connect you to MCPSK. For most devices, switch to MiddleburyCollege before midd_secure goes away on 03/09/2015.
  4. By Monday, March 16th, all individuals who have been using Midd-standard should have moved to another network, so we can remove Midd-standard and add GuestAccountCreation. To recap, switch to either MiddleburyCollege or MCPSK before Midd-standard goes away on 03/16/2015.

Other Frequently Asked Questions:

Are you saying guests will connect to the MiddleburyCollege network? Isn’t that a little weird from a security perspective?

There’s some behind-the-scenes magic there – people with Middlebury Guest accounts will be isolated from the regular Middlebury network and be provided with Internet access only.

Why start by removing midd_unplugged instead of another network?

For starters, it’s slow and insecure, but a good chunk of people keep using it, unaware that that’s the primary reason for their bad experiences. As much as possible during this transition, we want to make life easier for the people who are currently depending on the faster secure networks. We did consider temporarily disabling eduroam instead, since not as many people use it, but it’s part of an agreement with other universities and we want to honor that.

If I’m bringing a guest to campus after March 2nd, how can I make their experience easier?

The best thing to do is direct them to Middguests so they can create an account before they get here. Then, once they arrive on campus, they can immediately connect to MiddleburyCollege with their guest username and password. If they’ve forgotten their account info, once the GuestAccountCreation network is in place, it’ll provide links to help them reset their password or create a new account.

What about College faculty, staff, or students who’ve forgotten their password or don’t have one yet?

The GuestAccountCreation welcome page will also have a link to the password activation/reset page, and the Helpdesk phone number should anyone get stuck.

What if I have more questions?

If you have a technical issue, now or at any time, or if you need access to the limited MCPSK network, please make a ticket or call us at 802.443.2200 so we can assist you. If you have general questions about the plan, please post them here so everyone can see the answers.

Peace and change,

~Zach Schuetz for the Helpdesk

9 thoughts on “Wireless Network Changes

  1. Kevin Sword

    The info about MCPSK will be extremely helpful to anyone who has a Nintendo DS or 3DS. Japanese Language School anyone? They can’t connect to WPA2-Enterprise networks which is really stupid. At UVM for example they only have eduroam and UVM networks which are both RADIUS authenticated. So students have to use virtual router software on their laptops to connect which is a huge security hole. Thanks for doing this. I would assume you would use something like MAC address filtering which is also tied to an account?

    1. Zachary Schuetz Post author

      Exactly, Kevin. We’ll streamline the registration process as much as we can. And that’s a good point about the Japanese School, especially since many students use a DS for a dictionary. I’ll make a note to get the relevant info to them and the other Language Schools early in the process (before they arrive on campus, if possible).

  2. Peter Matthews

    Why aren’t we an eduroam institution? (Or are we?) Most of the institutions at which I find myself opening a laptop and wondering about internet connections seem to be …

    1. Zachary Schuetz Post author

      Hi Peter,

      We are! Anywhere you see the eduroam network, you should be able to connect to it with your e-mail address (pmatthew@middlebury.edu) and Middlebury password, and guests from other participating institutions can do the same here. I wouldn’t recommend using eduroam while you’re on the Middlebury campus, though – it’s intended as a convenience for guests, but doesn’t provide full access to Middlebury resources and isn’t as fast as our other secure networks.

  3. Jonathan George

    What speeds can we expect from this update? How do they compare to speeds now?
    Thanks for the streamline and upgrade! Much appreciated
    JG

    1. Zachary Schuetz Post author

      Hi Jonathan,

      If you were using midd_unplugged, I would expect a speed improvement moving to a secure network. Since our total bandwidth is the same, if you were using midd_secure or Midd-standard before and switch to MiddleburyCollege, your experience will probably be similar (though connecting should be easier).

      However, parallel to this restructuring project, we are upgrading the hardware for the wireless access points around campus over time, so depending on where you are you may see (or may have already seen) improvement in signal strength and speed as that process continues.

  4. Anonymous

    I find this very troubling. Under this new system, students are forced to identify themselves on the network using their real identity, which makes all of their network activity traceable to them. What is the data retention period for internet logs? I, for one, do not trust Middlebury employees and students to keep these activity logs secure. Moreover, I am repulsed by the lack of anonymity this new system creates. I will undoubtedly be subscribing to a VPN service when these changes are implemented, as I refuse to allow college authorities to track each and every website I visit and search query I enter.

    1. Jim Stuart

      Dear Anonymous,

      Thank you for taking the time to express your concerns about the privacy implications of the upcoming wireless network changes. Below, we’ve attempted to address your concerns point by point, but the short answer is that ITS does not snoop on any individual’s network activity. ITS’s role is to provide secure and reliable network services to the Middlebury community and to protect Middlebury’s networks and systems from malicious traffic.

      1. Identification – The reason for associating devices with individuals is simple…every device on our wireless network has the potential to adversely affect the networking experience of the entire Middlebury user community and each person must be accountable for his/her on-line activity. In order to responsibly steward Middlebury’s network services, ITS seeks to identify the user of any device on our network in order to resolve issues ranging from IP address conflicts to security-related incidents as well as, when necessary investigate allegations of violations of College policy or illegal behavior.

      2. Monitoring Individuals’ Network Activity – Middlebury handbook policies expressly prohibit the monitoring or tracking of an individual’s network activity without the individual’s consent, except in clearly-defined circumstances which are also documented in the handbook. Please review the following policies to gain a clear understanding of how online privacy issues are governed at Middlebury:

      http://www.middlebury.edu/handbook/its/privacy
      http://www.middlebury.edu/handbook/its/netmon
      http://www.middlebury.edu/handbook/its/network_policies
      http://www.middlebury.edu/handbook/its/tirp

      3. Retention History and Security of Internet Logs – It is difficult to set a consistent retention period for all of our network/system monitoring devices’ log files largely because it varies tremendously on how much activity there is, hence how voluminous the log files are and then how much disk space we have available to store the logs – as a general rule of thumb we seek to keep about 30 days of logs, not generally more than 30 days and often less if again the volume of logging activity is very high. It is worth noting that only ten Middlebury ITS staff members have access the systems that contain these logs. None of these staff members are students. Each of these staff members is a seasoned professional who fully understands the handbook policies that govern online privacy here at Middlebury. Each has a signed confidentiality agreement. The consequences of violating these policies is severe and swift, as noted in our handbook policies referenced above.

      4. Use of 3rd-Party Privacy Services – There is no language in any Middlebury handbook policies that prohibits an individual’s use of 3rd-party services to protect the privacy of their web browsing activities. Feel free to do so, or even use your own Internet connection, if you deem that necessary. ITS has a responsibility to protect Middlebury’s networks and users of the networks against malicious traffic, and ITS takes that responsibility very seriously.

      We hope that this helps alleviate your concerns. If you would like to discuss further, we would welcome the opportunity to further reassure you that your online privacy on Middlebury’s networks is not just protected but just as importantly, it is respected. Please do not hesitate to contact me directly.

      Sincerely,
      Jim Stuart
      Associate VP for IT
      Information Technology Services

  5. French school student

    I am having lots of trouble this summer remaining connected to any wireless network. It seems that there are many holes on campus, and I am often dropped from both MiddleburyCollege and Midd-standard. Download speeds seem to be markedly less compared to midd_secure in 2013, but that is much less aggravating than being frequently dropped from all internet access. I would assume that the language schools bring a lesser number of students to campus during the summer (this may actually not be true), but we still need consistent internet access (especially the grad students!).

Comments are closed.