Wireless PennNet Frequently Asked Questions: Network Security
Authentication
To keep the network as secure as possible, Wireless PennNet requires
a user to authenticate in some way before connectivity is granted. In public
spaces, users authenticate using their PennKey to gain access. This type of
wireless access is available in Houston Hall, the Graduate Student Center,
several of the College House lounges and study areas, and outside in University
Square and Wynn Commons.
Several of the schools support a variation of Wireless
PennNet connectivity that uses a computer’s MAC address (a unique machine
identification number) to determine a wireless device’s “identity.” This
type of wireless service authentication will be phased out over time as technology
to support more users using PennKey authentication becomes available.
Frequently Asked Questions
|
| Q: |
How secure is my wireless connection? Since data
is being transmitted through radio waves, can someone nearby
intercept
my communications? |
| A: |
The casual wireless user does not have the technical
knowledge or capability to intercept wireless communications. Also keep in
mind that when you connect to well-run web sites with secure connections
(https:// in
the web address), you have reasonable assurances that your connection
is encrypted with SSL.
However, since wireless connections are more vulnerable to malicious interventions
than wired connections, be mindful of sensitive information you could
transmit while using a wireless connection. If you visit web sites that require
a login name and password or credit card information, be aware that the potential exists
for sensitive information to be intercepted.
It is not recommended that you use Wireless PennNet to
access Penn In Touch, U@Penn,
or other services that provide confidential information such as your grades,
salary, or other personal information.
Return to Question list
|
|
| Q: |
When I logged in, I didn't see the padlock symbol for SSL. Did I send my PennKey through the airwaves unencrypted? |
| A: |
No, your PennKey and
password were encrypted with SSL when you
authenticated. The login page is a simple HTML form located on one of Penn's
administrative web servers and is not encrypted with SSL.
However, the login page's action that
occurs when you click login is encrypted with SSL. To see
this for yourself, select "View
Source" (in the Edit menu) for the login page and search
for the text "https". The search will lead you to the form's opening
HTML tag:
<form name="LoginForm"
action="https://wireless-pennnet.cert.mobiledomain.net/"
Secure connections use https:// in their web addresses.
As you can see from this form's action - the point at which your PennKey and
password are transmitted
- is secure.
While many websites encrypt login pages, technically,
only the
form's action needs to be.
Return to Question list
|
|
| Q: |
It is tough to authenticate to Wireless PennNet using my PDA. Would it be appropriate to save my password in an application which authenticates me whenever I walk into a Wireless PennNet area? |
| A: |
We recommend against this approach because of the risk it poses to the security of your individual PennKey. More and more applications at Penn use your PennKey for access to personal data, including U@Penn (salary & benefits), Penn InTouch (course registration and grades), and many others listed here. Your PennKey is also tied to network activity, so a stolen PennKey has the potential to associate the owner with malicious activity.
Return to Question list |
|
| Q: |
What happens if I forget to log out of Wireless PennNet? |
| A: |
After 10 minutes of inactivity, you will
automatically be logged out.
Return to Question list
|
|
|
