The sight of students chatting and using the Internet on their laptops while sitting in the grass or in classrooms has become common on the Ball State University campus thanks to Wi-Fi, which gives users the freedom to go online without having to find a place to plug in their computers.
Ball State's Wi-Fi network requires users to provide their usernames and passwords. This encrypts the connection, preventing others from snooping on students' Web browsing and IM conversations. Many Wi-Fi networks, however, lack security.
"If it doesn't ask for a password, then you are prone to having someone be able to access your PC," Karen Sohl, a spokeswoman for networking equipment manufacturer Linksys, said.
The San Francisco Chronicle reported March 18 that at a large computer security conference in San Francisco, a group of hackers from Boston was able to eavesdrop on more than half of the wireless traffic.
Loren Malm, assistant director of security services at University Computing Services, said the encryption of Ball State's wireless network prevents these sorts of activities.
"Anyone listening in can't get your password or any other traffic that's going through," he said.
Malm said users at off-campus locations with unencrypted Wi-Fi networks, such as airports, should make sure that Web sites requesting passwords or other sensitive information had Secure Socket Layer, or SSL. These Web sites have addresses beginning with "https," indicating that anyone intercepting information will be unable to read it. If the Web sites begin with "http," users can sometimes secure the connection by retyping the address with "https." If that doesn't work, however, they should avoid using the site altogether and contact the company that operates the Web site and inform it of the security risk. Sites such as LiveJournal and Blogspot offer this option, while MySpace and Xanga do not, leaving them open to programs called sniffers.
A Ball State senior with a minor in computer applications, who asked that his name not be used, conducted a Wi-Fi security experiment, without malicious intent, as a freshman by walking up and down Riverside Avenue with a laptop.
"I've been able to get account numbers and credit card numbers," he said, saying that he became scared of getting in trouble and stopped after 30 minutes. "It was just seeing what I could get."
He gathered the information using a program installed on the laptop called a sniffer. Normally used for network security, sniffers pick up the bundles of information that computers transmit to each other over networks. Sniffers are legal to obtain and widely available on the Internet. Parents sometimes use sniffers to monitor their children's online activities, while employers use them to monitor employees' activities.
"I think a lot of the problem is that consumers don't know what precautions they should take," communications director Danielle Yates of the Internet Education Foundation said. "When consumers buy wireless routers, they're not always keen on going the extra steps to encrypt."
In March 2006, the IEF and Symantec Corp. conducted a security survey in five major US cities, finding that almost 50 percent of Wi-Fi users didn't encrypt their traffic. The company conducted the survey using a technique known as wardriving, which involves driving through neighborhoods with a laptop and searching for unsecured networks.
Services on Ball State's Web site that require password authentication, such as Blackboard and student E-mail accounts, have SSL. Non-Web services, such as iLocker and FTP, do not. Many other Internet services, such as instant messaging and telnet, almost totally lack security. The Payment Card Industry Security Standards Council's Data Security Standard requires participating companies and organizations to use SSL for online commerce. The latest version of the DSS, released in September 2006, specifically requires this to protect people using Wi-Fi networks.
While saying that SSL sites were safe, Yates still expressed reservations.
"Some of these hackers are very advanced and very smart, and they're willing to go to any lengths," she said.
To secure off-campus connections, students can use Virtual Private Network, or VPN, which encrypts data sent over high-speed Internet connections.
"It's giving you your own virtual secure tunnel that enables the user to connect securely from their PC out over the Internet," Sohl said.
Linksys sells routers and USB adapters for VPN. Linksys' parent company, Cisco Systems, offers VPN software, which Ball State students can download for free from the Ball State UCS Web site.
According to JiWire, a database of worldwide Wi-Fi hotspots, computer users should use Wi-Fi networks with Wi-Fi Protected Access encryption, or WPA, including on home networks. Older networks often use Wired Equivalent Privacy, or WEP. While WEP provides some security, it is easy to crack. Many hotspots, such as cafes and hotels, have begun using WPA Enterprise, which assigns each user a unique encryption key that prevents third parties from intercepting traffic.
"I think it's best to password protect your computer," Yates said. "Caution is always necessary."
Read More
Three Air Jam teams take home the win
October 12, 2012Nineteen teams shimmied, shook and flipped for a sold out John R. Emens Auditorium on Thursday night during the 25th annual Air Jam.
Bill Clinton Speaks at North Central High School
October 12, 2012Former President's Speech Could Have Effect on State Senate Race
