Java Vulnerability Alert - May 21, 2013
Recently, security bulletins have been issued on the internet about risks arising from potentially infected websites that exploit a security hole in all web browsers. Click to expand/collapse.

Infected websites can take advantage of vulnerabilities in the widely used web browser plug-in for the Java platform and pose risks for Internet users. To protect against attack from websites of unverified origin, we advise using two separate web browsers for different purposes.

  1. A designated browser with Java enabled, to access enterprise UBC systems and other trusted websites and
  2. Another browser set as the default browser with the Java plugin disabled for all other web sites e.g. Blogs, internet news, gaming sites, etc.

Instructions for disabling the Java plugin can be found here. If assistance is needed in disabling the plugin for either of these browsers, help can be obtained either from your designated IT support group, or the IT Service Centre staff can help either by phone, or via the Walk-In Support Centre in the UBC Bookstore.

More information is available at our FAQ page.

Identity Based Wireless (ubcprivate)

"ubcprivate" is a the name of the UBC Identity Based Wireless Network. "ubcprivate" is the wireless extension of the Virtual Networks service and allows authorized users, when connected to the wireless network, to be placed directly into their department's own network and security domain. For more information, take a look at the Virtual Networks page.

So what does this mean for you? Say for example, your department operates the 10.10.10.* subnet. And on this subnet, your department has resources such as applications, servers, printers, etc. that are restricted only to that network. Previously, to access these resources, you would have to be physically in that building with your computer connected to one of the network jacks. Now, using "ubcprivate" Identity Based Wireless combined with Virtual Networks, you can be on a laptop or mobile device roaming anywhere on campus and be handed an IP address in the 10.10.10.* subnet, giving you the abilty to access your department's restricted resources as if you were physically there - you are "virtually" a part of your department's network.

Requirements:

  • A departmental network that is Virtualized
  • CWL accounts assigned with a wireless departmental role
    • CWL account administration will be provided to departmental or systems administrators
  • A wireless device that supports WPA2 Enterprise/AES
    • "ubcprivate" is setup in almost the same way as "ubcsecure"

Setup Documents

The "ubcprivate" network supports WPA2 with AES encryption. A compatible wireless card with updated drivers and patches for your operating system may be required.

Since the "ubcprivate" network is similar to the "ubcsecure" network, you can adapt the more comprehensive "ubcsecure" documents  to set up "ubcprivate" on your device (remember that your username will be in the cwluser.departmentid format for "ubcprivate").

Other Operating Systems or to use Manufacturer's Wireless Utilities

There are a variety of wireless enabled devices that might be able to use WPA2 but do not use the above operating systems. Additionally, some people prefer to use the wireless management utility provided by their manufacturer. Since we cannot cover every instance, the basic information you may need for the "ubcprivate" network are:

  • Network/SSID: ubcprivate (you may have to manually type this in)
  • Username: cwl.departmentid
  • Network Authentication Method: WPA2 (also sometimes called WPA2-PEAP, WPA2-RADIUS, or WPA2-Enterprise)
  • Data Encryption Method: AES (WPA2)
  • EAP Type: PEAP
  • Authentication Protocol: MS-CHAP-V2
  • Certificate Server: secure.wireless.ubc.ca (if there is a mutual authentication option)  

Frequently Asked Questions (FAQ)

I set up my computer or device to connect to "ubcprivate" but it refuses to connect. What do I need to do?

"ubcprivate" requires that your department upgrade their network to a Virtualized Network and request Identity Based Wireless as part of the Virtual Network setup process. After this is done, your departmental or systems administrator will:

  • assign special departmental CWL roles to their users
  • provide the users with the CWL departmental ID
  • assist in setting up their users' devices to connect to "ubcprivate"

 

Why would I use "ubcprivate" departmental groups instead of the UBC VPN service with departmental groups?

Although both services provide similar solutions to connecting to a departmental network, "ubcprivate" is the preferred choice because:

  • Your laptop or mobile device will be automatically and immediately placed in the departmental pool once it is logged in and authenticated to the wireless network. No need to do the extra step of connecting to the VPN service.
  • Most, but not all, devices (especially many mobile devices) can use the VPN service - support for WPA2 Enterpise is more common.
  • The VPN service cannot scale up to support more than a few thousand of users, whereas the UBC wireless network can support tens of thousands of users.
  • By having a direct network connection through the "ubcprivate" wireless network and not proxying your network connection through the VPN servers, you will potentially have a faster connection with less latency.

 


a place of mind, The University of British Columbia

UBC Information Technology
6356 Agricultural Rd.
Vancouver, BC V6T 1Z2,

Emergency Procedures | Accessibility | Contact UBC | © Copyright The University of British Columbia

We Want Your Feedback!