Especially for laptop owners, the increasing availability of wireless networking affords Penn students, faculty and staff a great deal of mobility to do their computing all across campus, and ISC Networking continues to expand the coverage areas where secure, PennKey-authenticated AirPennNet sessions can be initiated. (For more information and a coverage map, visit www.upenn.edu/computing/wireless). Many schools and centers at Penn also offer their own professionally managed and administered wireless networks.
But what about the coffee shop on the corner, or the book store in the next block? Many businesses large and small now offer wireless service to their customers, and in many cases it's free. How can you know whether or not it's safe to send e-mail or browse the Web over one of these networks? The fact is, for many if not most of these networks you probably can't. Larger companies and chains will often contract with major service providers for their wireless operations and post security-related information on their websites (Starbucks, for example, does this for their service through T-Mobile). For small businesses, though, the wireless network may have been set up by the owners, or an employee who "knows something about computers" using "off the shelf" consumer equipment with little or no thought given to security. On one of these networks the guy at the table next to you could potentially be "sniffing" and capturing your network traffic - or, he could be doing it from a car in the parking lot across the street. The wireless signal doesn't stop at the sidewalk! Don't be afraid to ask management about their wireless security, and if they won't tell you - or worse, they don't know - you might want to think twice before joining that network.
And in fact, it's not at all unusual these days to turn on your wireless interface and find a half-dozen or more wireless networks available. In many cases the name of the network will give some indication of who is providing the service. On and around the Penn campus, for example, you should see "AirPennNet". If, however, the network name is something nondescript like "wireless_1", or in some cases the default name supplied by the equipment manufacturer (e.g., "linksys"), you're taking a chance by joining a network for which the location and operators are unknown, even if it's "free". Just because you can doesn't mean you should.
If you decide to set up your own wireless network, whether at home or at Penn, here are a few basic things you should pay attention to in order to make it as secure as possible:
- Don't buy cheap Wireless Access Points (WAPs). Buy a well-known brand that uses modern, accepted standards
- Change all default names and passwords on your WAPs to ones of your own choosing
- Change the Service Station Identifier (SSID, i.e. your "network name") to one of your choosing, and disable the broadcast of it so that users of your network will need to know the name
- Use the strongest encryption your WAPs offer. For most consumer-level WAPs currently on the market, this will be WiFi Protected Access (WPA), but some will offer only Wireless Encryption Protocol (WEP). That's better than nothing, but even if it involves exchanging them at the store, WPA-enabled WAPs (yes, it's confusing) are worth it.
- Use MAC address filtering to specify which individual computers may join and use your network
- Make it a practice to check the website for your equipment's manufacturer for updates to the "firmware" for your WAPs, and when they are available, download and install them to keep your WAPs as up-to-date as possible.
- Whenever possible, use applications that provide their own level of encryption to protect your data as it travels across your wireless network
- If you plan to connect your wireless network to PennNet, check with your LSP or ITA before doing so. There may be technical issues, and in many cases (e.g., in campus residence halls and Greek Houses) you will be required to register the network before turning it on.
Last updated: Friday, September 12, 2008