Penn Computing

Penn Computing

Computing Menu Computing A-Z
Computing Home Information Systems & Computing Penn


Friday, February 23, 2018

  New Resources
Security Logging Service
Travel Tips for Data Security
Free Security/Privacy Training Resources
Two-step verification
Combating Malware
Phishing Archive
Cloud Computing and Data Outsourcing
Best Practices for Applications with Confidential University Data
  Security "Greatest Hits"
Managing Passwords
E-mail Harassment & Forgery
Hoaxes, frauds & scams
Wireless Networking
  Best Practices
Secure desktop computing
Secure servers
Secure data deletion
Securing printers
Tips for safe computing
Computing policies
  More in-depth information for
Local support providers
System administrators
  Security initiatives
Critical Component compliance
Authentication & authorization
Penn Security & Privacy Assessment (SPIA)
Security Liaisons (Restricted Access)
Secure Share
Secure Space
Vulnerability Scanner
  Related links
Electronic privacy
Worms, trojans, backdoors

Wireless Networking

Especially for laptop owners, the increasing availability of wireless networking affords Penn students, faculty and staff a great deal of mobility to do their computing all across campus, and ISC Networking continues to expand the coverage areas where secure, PennKey-authenticated AirPennNet sessions can be initiated. (For more information and a coverage map, visit Many schools and centers at Penn also offer their own professionally managed and administered wireless networks.

But what about the coffee shop on the corner, or the book store in the next block? Many businesses large and small now offer wireless service to their customers, and in many cases it's free. How can you know whether or not it's safe to send e-mail or browse the Web over one of these networks? The fact is, for many if not most of these networks you probably can't. Larger companies and chains will often contract with major service providers for their wireless operations and post security-related information on their websites (Starbucks, for example, does this for their service through T-Mobile). For small businesses, though, the wireless network may have been set up by the owners, or an employee who "knows something about computers" using "off the shelf" consumer equipment with little or no thought given to security. On one of these networks the guy at the table next to you could potentially be "sniffing" and capturing your network traffic - or, he could be doing it from a car in the parking lot across the street. The wireless signal doesn't stop at the sidewalk! Don't be afraid to ask management about their wireless security, and if they won't tell you - or worse, they don't know - you might want to think twice before joining that network.

And in fact, it's not at all unusual these days to turn on your wireless interface and find a half-dozen or more wireless networks available. In many cases the name of the network will give some indication of who is providing the service. On and around the Penn campus, for example, you should see "AirPennNet". If, however, the network name is something nondescript like "wireless_1", or in some cases the default name supplied by the equipment manufacturer (e.g., "linksys"), you're taking a chance by joining a network for which the location and operators are unknown, even if it's "free". Just because you can doesn't mean you should.

If you decide to set up your own wireless network, whether at home or at Penn, here are a few basic things you should pay attention to in order to make it as secure as possible:

  • Don't buy cheap Wireless Access Points (WAPs). Buy a well-known brand that uses modern, accepted standards
  • Change all default names and passwords on your WAPs to ones of your own choosing
  • Change the Service Station Identifier (SSID, i.e. your "network name") to one of your choosing, and disable the broadcast of it so that users of your network will need to know the name
  • Use the strongest encryption your WAPs offer. For most consumer-level WAPs currently on the market, this will be WiFi Protected Access (WPA), but some will offer only Wireless Encryption Protocol (WEP). That's better than nothing, but even if it involves exchanging them at the store, WPA-enabled WAPs (yes, it's confusing) are worth it.
  • Use MAC address filtering to specify which individual computers may join and use your network
  • Make it a practice to check the website for your equipment's manufacturer for updates to the "firmware" for your WAPs, and when they are available, download and install them to keep your WAPs as up-to-date as possible.
  • Whenever possible, use applications that provide their own level of encryption to protect your data as it travels across your wireless network
  • If you plan to connect your wireless network to PennNet, check with your LSP or ITA before doing so. There may be technical issues, and in many cases (e.g., in campus residence halls and Greek Houses) you will be required to register the network before turning it on.

Last updated: Friday, September 12, 2008

Information Systems and Computing
University of Pennsylvania
Comments & Questions

Penn Computing University of Pennsylvania
Information Systems and Computing, University of Pennsylvania