@Derek: I just thought I would mention that if you stop the Zscaler Connector altogther on a Mac by clicking on its icon in the menu bar and selecting 'Exit', it really does terminate and plays no further part in subsequent network connections, as confirmed by the 'netstat' utility in a terminal and also by looking at the network traffic on the Mac's upstream connection. Andy On Tue, 29 Oct 2024, Lee, Derek K K wrote:
Dear David,
Dumb question: would you have a list of community computing reps please?
I have been using Zscaler mostly successfully. There are some mysterious circumstances when it does not work. In particular, I cannot access a certain Microsoft app for lab attendance.
I am also wary of putting Zscaler on my personal computer at home as I am not confident that it will not monitor personal traffic (e.g. my online banking? Confidential emails?) It is a process enabled at login but cannot be prevented from doing so from the system settings (on MacOS).
A MFA-enabled VPN might be more predictable.
Regards
Derek
From: David Colling <d.colling@imperial.ac.uk> Date: Tuesday, 29 October 2024 at 16:55 To: ph-staff-dl <ph-staff-dl@imperial.ac.uk>, physics-departmental-computing <physics-departmental-computing@imperial.ac.uk> Subject: Cyber security and (loss of) VPN access
Dear All,
As you may well be aware, the College is tightening up on all aspects of our cyber security. One, very significant, aspect of this is the use of the current legacy VPNs (of which we have several). For some time ICT has been working to replace the use of VPNs with Zscaler to access university resources when not connected to the Imperial network. This is because VPNs pose a significant security risk to the College as they bypass Multi-Factor Authentication (MFA). For this reason, the College, will turn off the legacy VPNs as soon as is practical - no time scale has been set for this yet but the expectation is that it will be around the end of the year. It is possible that Zscalar will not satisfy everybody's needs, in which case a new VPN with MFA will be introduced to replace the legacy VPNs. ICT is currently surveying the College's VPN users to see if they have needs that are not satisfied by Zscalar and if so what those needs are. It is only in this way that ICT can ensure that any VPN solution that they bring in, alongside Zscalar, will satisfy everybody. This is being carried out systematically, with non-faculty people and FoM having been surveyed so far. It is now the turn of FoNS. VPN users who do not respond to the survey will loose access to the VPNs.
Physics has more than 240 people who are currently active users of one of the legacy VPNs. These are people who have used a VPN recently. These people will be contacted directly by ICT, however there may be many more who only use one of the VPNs occasionally, but nevertheless rely on it when they do use it. If you are one of these people, and you think that Zscalar will not work for you, please contact one of your community representatives on the Departmental Computing Committee. If you do not fill in the appropriate form you will loose access.
Best, david