Wifi for Employees

Employees may now join their devices to the district's wireless network to gain Internet access.  Once configured, devices will connect automatically when in range of the district's network.

The exact directions will vary from one device to the next, but this article will give the generic information needed for all devices.  For example, the names of the buttons will differ between an iPhone or a Pixel, but the settings that both devices need are the same.

Please note that this will only allow Internet access and not access to internal-only resources, such as most printers and servers.  Resources which happen to be hosted off-site, such as email, Google Drive, and SchoolTool, will work.

The necessary settings are as follows.

• Network name:  Staff
• EAP method:  PEAP
• Phase 2 authentication:  MS CHAPv2
• Certificate:  "Trust", "Accept", or "Do not validate", as your device allows.  If asked to trust the certificate, make sure that it is from dir1.cd.cairodurham.org and expires on 10/2/22 at 2:05:10pm.
• Anonymous identity:  Leave blank, if this option is presented.
• Username:  Use the username that you would use on the Macs or PCs.
• Password:  Use the password that you would use on the Macs or PCs.

For reference, this is what it looks like on iOS 10 on an iPhone 6 after selecting "Staff".

By contrast, this is what it looks like on Android 8 (a.k.a. "Oreo") running on a Google Pixel.

Once these settings are entered, they will allow the device to connect to the district's "Staff" wifi network as soon as the device can see it.  It won't prompt for these settings, including the employee's password, again.  If you change your password on a Mac or PC, you will have to update the setting on your personal device manually.

Please note that use of this wifi service is subject to the usual policies that apply to any district resource.

If you have any questions, please contact the Information Technology department through the usual channels.

Email Scam - Fake Shared Google Docs

There is a particularly effective email scam that tricks you into sharing permanent access to your Google account -- including all or your email.  In this article, I will show you how to identify it and how to recover from it.

It starts with an email message like the one shown below.  It is a very convincing looking notification of a Google Doc being shared with you.  (Names redacted.)




If you click "Open in Docs", it will ask you to authorize access.



It looks innocent enough until you look closer, because it claims to be "Google Docs."  But anyone can be named Julius Caesar;  it doesn't make them a famous Roman emperor.  Likewise, this isn't really Google Docs.  To figure this out, click on the words "Google Docs" and you'll see that it is owned by a random gmail.com account and not google.com.


If you click "Allow," they will gain permanent access to your account, including all email and your list of contacts.  From there, they will send the same message to everyone in your address book.

So what do we do about it?

If you can spot the scam, then just close the "Google Docs would like to..." window.  You're lucky.  Lots of people are tricked by this.

If you were victimized, you need to do the following steps to kick the bad guys out of your account.  Until you do, they're still there.

First, click on your icon in the upper right corner of Gmail.



Then click on the big blue "My Account" button.

That will bring you to a page full of boxes of links.  Inside the "Sign-in & security" box, click on "Connected apps & sites".



From there, click on "Manage apps" near the middle of the page.



This will bring you to a list of apps and website that have access to your account.



Most are probably legitimate.  But if you see anything that you can't explain, just click on it to get more details.



You can see the date that you connected this app to your account under "Authorization date".  Use that as a guide.  If you just added the bad app, then it will have today's date.

If you want to remove something, click on the "REMOVE" button next to it.  If you can't find the button, you click on the item to make it visible.

It will double-check with you.  Click "OK" to continue.



When in doubt, remove something.  It is easy to reconnect apps to your account.

That is it.  Once you've kicked them out of your account, just keep an eye out for odd behavior. If someone shared a Google Doc with you, it won't ask you for access to your email.  So any Deny/Allow choices should raise suspicions.