Solved

What does my windows security alert mean?

Posted on 2014-03-03
9
449 Views
Last Modified: 2014-05-11
My University account has been behaving strangely recently with a certain pattern to it, namely that 'important' contacts have been assigned to Junk Mail. This is impossible for me to do without making a deliberate decision and I haven't done this. So it seems likely someone has been able to access my password.
The other day I logged on to my account at the Uni and tried to access a powerpoint file and I got the following message:
"Windows Security Alert: The connection attempt could not be completed."
It then gave the following information:
Radius server: itstrad1.bham.ac.uk
Root CA: AddTrust External CA Root
"The server "itstrad1.bham.ac.uk" is not configured as a valid NPS server to connect to for this profile"
Is this hacking/phishing? And if so, what can I do to discover who is doing it?
0
Comment
Question by:acquisitive
  • 3
  • 2
  • 2
9 Comments
 
LVL 19

Expert Comment

by:Kash
ID: 39900398
first things first. You need to change your login password to a complex one.

if you are still getting issues then you may want to speak to the network admin at Birmingham uni.

NPS : that tells me that you are using DirectAccess of some kind to connect to the resources possibly from your laptop PC. The NPS (network policy server) has a checklist which it has to tick before it can let you logon to the resources.

If your PC (which I assume you are using) has some kind of virus on it or doesn't have certain patches installed on it then NPS server will deny access.

Hope this helps.
0
 

Author Comment

by:acquisitive
ID: 39900427
Kash
my password is complex, very complex, and I have also changed it but the phishing continues.
What is DirectAccess?. I do indeed connect to the system via my laptop and usually remotely, but this time it was in my office.
I have two antivirus programs on my computer, Norton and Superantispyware, so I don't think it's a virus.
please respond.
0
 

Author Comment

by:acquisitive
ID: 39900431
And also, this alert has never appeared before. And how do you explain the access to my email to change mail to Junk? And how do you explain changing my password does not affect the process of junking?
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 19

Expert Comment

by:regmigrant
ID: 39900479
If your password is complex, you haven't given it out to anyone and we can assume that the Uni is not compromised then I think its unlikely you have been hacked. A Trojan also seems like a remote possibility given your available security.

If there is a problem with the certificate chain then its possible your profile has been 'blacklisted' (probably not the correct term in this case but you see what I mean) locally and that's why your emails are hitting the junk folder.

There is a root certificate problem for wireless connections so try to connect by a hard line if available and/or refer the following article to the administrators:
http://support.microsoft.com/kb/2518158

Of course all this assumes you are not a high profile target who has annoyed the Russians in which case a directed attack might be possible too.
0
 
LVL 19

Expert Comment

by:Kash
ID: 39900529
if your password is complex then it is not the password.

Direct access is a Microsoft Technology which is configured on the servers by Admins which basically allows you to access your files remotely which is the case.

The reason I said it is DA is because its uses NPS server to perform its tasks.

Have you tried speaking to the IT at uni whether they have recently done some updates or modified some settings etc. I bet that is the case.

It may be they have applied some stronger spam threshold to the emails UNI WIDE which in turn has caused your emails (legit ones) to end up in the junk email folder.
0
 

Author Comment

by:acquisitive
ID: 39915232
Just to clarify: the junking occurs even after I have changed my password. You don't think it is phishing by an outsider who can read my passwords?
0
 
LVL 19

Accepted Solution

by:
regmigrant earned 500 total points
ID: 39917057
No password/encryption system is 100% effective but unless you have reason to believe you are being specifically targeted by someone with high level access to UNI servers (or a government) I would look elsewhere. However changing your password won't change the white/black lists applied by the mailbox scanner that is doing the junking - even if YOU mark them as trusted it may be that their domains have been identified as spam from outside the University -
http://whatismyipaddress.com/blacklist-check

The problem with the powerpoint is more likely a change in policy or certificates as outlined by Kash
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Deploying a Microsoft Access application in a Citrix environment is not difficult but takes a few steps. However, Citrix system people are often of little help, as they typically know next to nothing about Access. The script provided here will take …
You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
Viewers will learn the different options available in the Backstage view in Excel 2013.
The viewer will learn how to use a discrete random variable to simulate the return on an investment over a period of years, create a Monte Carlo simulation using the discrete random variable, and create a graph to represent the possible returns over…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question