Information Services > Security > News & Updates > Recent DePaul Security Events

Recent DePaul Security Events

[October 2, 2018] [Copy of email sent to Remote Access VPN users]
You are receiving this email because our records indicate that you have used the Aventail Remote Access VPN in the last two years. 

To confirm that that this is a legitimate email from Information Security, a copy of this email can be found on our website at the following location.
To navigate to this page instead of clicking on the link, please go to and click on “News & Updates” and then “Recent DePaul Security Events”.

We are in the process of migrating everyone who uses the Remote Access VPN to a new VPN using Duo two-factor.  To access the new VPN, you will need to install the new VPN client.  The instructions for installing the client as well as the client can be found at this location.

Please follow the instructions to install the new client.  You can keep the original client in place until you have completed a successful connection to the new VPN.

You also need to ensure that you have Duo two-factor configured to use with your phone.  The instructions for setting up Duo can be found here.

Once you have the VPN installed and Duo configured, you can login to the new VPN.  The instructions for logging in can be found here.

We are planning on shutting down the old VPN on November 1st, 2018.  Please make sure that you are migrated over to the new VPN before the 1st.  If you have any questions or concerns, please contact us at

[April 11, 2014] [Copy of email sent to DePaul University Community]

This email is to provide information to the University community on the recent, well-publicized Internet vulnerability known as the "Heartbleed bug" [1]  and to advise you on actions you should take to protect your information both at DePaul and at other institutions.
The Heartbleed vulnerability is an exposure in software widely used on the Internet to secure network communications.  Servers that run the vulnerable software could have their memory contents exposed to an attacker without the attacker logging in.  Memory contents might include user credentials, other highly sensitive information, and even the "secret keys" by which network communication is secured.   The bug has existed for two years, but was only recently discovered and made known to the public.

What we are doing

Organizations around the world, including DePaul University have been working to remediate the problem.    DePaul Information Services has evaluated our data centers and has been in communications with other areas at DePaul which may also run servers.   We have remediated those servers which were vulnerable and continue to monitor events relating to this and other security events.

What you can do

Because of the Information Services data center protection strategy and architecture, DePaul had very few central sites which were vulnerable to this bug.     Although we believe that the likelihood of any particular user credential being compromised is not very high, in an abundance of caution, we advise all DePaul users to change their CampusConnect password, most especially if you use the same password on outside systems.  For most customers on DePaul systems, this can be done through CampusConnect - Change My Password.     If you use an external system for DePaul business, which is not tied in to your CampusConnect credentials, please also change your password on this external system.
The Heartbleed bug has affected a number of very large, high profile websites, including Yahoo, Tumblr, Amazon and other very popular online businesses.   DePaul Information Security believes that it would be in each person's best interest to take this opportunity to change the passwords they use on all websites - both professional and personal, especially if the system does not employ some form of "two factor" authentication.    If however, a website you have an account on has notified you that they have not yet remediated this issue - it is best to wait to change your password there until they have.   This is a difficult situation in that it may not be possible to understand whether a particular site has been made  safe or not.  There are some pages which perform tests of a given site, yet they are not 100% reliable.[2]
Although managing multiple credentials can be very challenging, please remember that it's not a good idea to synchronize passwords across websites when the information the account accesses is sensitive (such as health information, financial information, business-related private information).  We have, unfortunately, seen many examples of credentials stolen from a weakly protected site used successfully on a different, more critical site.
We expect that coming soon will be numerous scam emails, purporting to be from companies you may or may not do business with, asking you to change your password because of Heartbleed and providing you a link.   Please exercise extreme care with these emails.  It is much safer to go to the website by typing it into your browser and navigating to the change password functionality.  It is practically a certainty that most of us will be receiving an email of this type, attempting to gain access to our credentials.  If you have any questions about the validity of an email  like this that your receive, please forward it to and we'll be glad to review it.
If you have any questions on this please write to or call the Technology Support Center at 312.362.8765.
You have received this message because our records indicate that you are a current student, faculty member, staff member, or retiree of DePaul University. Such messages are sent periodically to the entire university community on a need-to-know basis. Students, faculty, staff, and retirees may not choose to unsubscribe to these messages. If you are NOT a current student, faculty member, staff member or retiree: contact Thank you.