The Latest

Wireless Network Security

Wifi iconThere is no doubt that wireless Internet has increased productivity and improved communications.  Users can join wireless networks at NSHE, on campuses, in airports and hotels, and even restaurants.  However, wireless connections may not always be safe.  Many public WiFi spots are not secured and users are at risk of exposing sensitive information and data.

Unsecured WiFi

The information you send over an unsecured WiFi network is not encrypted.  Always keep that in mind when deciding what information your are sending.  You should always know what network you are joining.  In an Evil Twin attack, a users is tricked into joining an impostor network that mimics the authentic public access network.  Once the user joins, the attacker can easily intercept sensitive information.  This is often seen in airports and hotels where the bad guy creates an wireless network with the an official looking name such as “hotel-guest-network”.   Always check with the hotel for their official network name.

Weak Security WiFi

Some WiFi networks are still secured with the Wireless Equivalent Privacy (WEP), a networking standard.  Its intention was to provide encryption for your wireless network traffic.  This proved to be too weak of a standard and allowed for very quick and efficient cracking of “encrypted” network traffic.  Many old WiFi networks still use this standard and any connection using WEP should be considered the same as connecting to an unsecured WiFi network.   WEP has been replaced with WiFi Protected Access II (WPA2) and should be preferred for wireless networks.

Tips

  1. Remember that data sent through an unsecure WiFi network is sent in the clear and can be intercepted.
  2. Wireless data is not limited to just the range of your computer.  Bad guys can increase their range by using amplified antennas to intercept the signal from greater distances.
  3. Be cautious about the wireless network you join.
  4. Be careful about what information you are sending.  You should never send personal information such as user ID, password, banking information or credit card numbers over an unsecured or weakly secured wireless network.