Wireless access, strings attached

U officials say hacking rare but still possible

Than Tibbetts

Wireless access is nearly pervasive on campus, and with it comes convenience and a little concern.

Although there hasn’t been a major security breach reported on campus, University officials said, the possibility remains because of a few vulnerabilities in facets of the wireless networking system.

Steve Cawley, associate vice president and chief information officer of the Office of Information Technology, said the University’s wireless network is designed to be secure.

The University uses the 802.11 networking standard, also known as wi-fi, which lets computers connect to the network via radio waves.

Cawley said the wireless network sits behind a “wirewall,” the wireless network’s version of a firewall.

But one of the difficulties University officials are encountering are “rogue access points” – wireless base stations purchased elsewhere and connected to the University’s network.

Cawley recommended that students not use these open wireless networks because they introduce the potential for anyone coming on the network and doing something inappropriate.

Computer science professor Yongdae Kim said rogue access points can also be used to create pages that look like the University’s standard login pages. This scam, commonly called phishing, is often seen in junk e-mails asking recipients to update some sort of personal data or account information at a Web site.

Although the possibility for wrongdoing exists, Kim said, the chances probably are slim.

“Overall, our University provides pretty good security,” he said. “But from the network security point of view, we are not doing anything special.”

Cawley said all the University’s online applications, such as One Stop, use secure socket layer encryption, which protects data from being seen by other people.

Without that encryption, Kim said, anyone can eavesdrop on whatever users are typing.

“I can do it very easily,” he said.

Daniel Westacott, a network engineer at Networking and Telecommunications Services, said one of the safest things wireless users can do is to create a virtual private network, which creates a virtual “tunnel” between the user’s computer and the network.

Perhaps the most unsafe thing people can do is check their e-mail on the wireless network using a program such as Microsoft Outlook that isn’t set up to encrypt the data. Westacott said a user’s X.500 username and password would be easily visible if someone was monitoring the network traffic.

He said that if a staff member’s password were compromised, his or her paycheck could be rerouted. Students could also have their class dropped and a refund check issued to the network fiend, he said, though that particular scam has been around for a while.

“People used to do that when I was in college, when it was pieces of paper,” Westacott said. “They’d steal your wallet, drop you out of classes and get a check.”

Accounting sophomore Breane Loeffler said she just assumed the University’s networks are safe.

“I think the ‘U’ – being such a big institution – would have that covered,” she said.

Cultural studies and comparative literature junior Dave Nguyen said he thinks the network is secure, but said he would like the University to provide more free security programs, such as anti-adware or anti-spyware software.