Print This Issue

One Step Ahead
January 29, 2008, Volume 54, No. 19

One Step Ahead

Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy.

Be Careful About “Free” Wireless Networks

The availability of wireless networking on the Penn campus has expanded greatly over the last couple of years, and members of the Penn community have the luxury of using PennKey-authenticated and encrypted wireless sessions for secure networking over PennNet. Of course, more and more businesses—especially coffee shops, bookstores and airports—are also offering wireless “hot spots” for their customers to use, and even when it’s a major company or chain, it can be difficult to know how secure the network is. How can you be sure the person at the table next to you isn’t “sniffing” all the traffic going across the network, including yours?

When turning on wireless networking these days, it is increasingly common to see a half-dozen or more available networks to join. Some of them will be “free,” even though there may be no indication of who is providing the service. Just as clicking a link in a “phishing” message may take you to a malicious website, joining an unknown wireless network may lead to compromise of your data.

Whenever possible (even on a secure wireless network), use applications that provide their own level of encryption. Because virtually all legitimate commercial websites use SSL encryption (“https://”), it’s generally safe to shop online. Check with your e-mail provider to see if they encrypt messages in transit—if not, be cautious about using e-mail. If you regularly use a wireless network provided by a reputable business, check their website for information about how they provide security for wireless sessions. Don’t join “free” and/or anonymous networks just because you can—they may not be as “free” as they appear.

For more information on Penn’s wireless networking offerings, visit www.upenn.edu/computing/wireless/.


To receive weekly OneStepAhead  tips via email, send email to listserv@lists.upenn.edu with the following text in the body of the message:  sub one-step-ahead <your name>.

For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security/.

Almanac - January 29, 2008, Volume 54, No. 19