Wireless Access Point Security Risks

Question: Are district employees putting themselves at risk when they use open wireless access points or hotel broadband Internet connections with a laptop computer, as when attending a conference or away from school for another reason?

The IT Guy says:
Absolutely. Yes. Without question. This is a huge problem and most people seem to be oblivious to it.

In coffee shops, airports, hotels, other public places or even your own home, unscrupulous hackers can use free software tools to steal passwords and other confidential information quite easily if computer users have not taken steps to protect themselves. And today, most people haven't taken those steps. Even worse, these hacking tools are now graphically based and so require little if any technical background or knowledge to use. It is very scary to not only see, but realize how many people put themselves at risk regularly for identity theft and other problems when someone else obtains their user-ID and password information.

The best defense against identity theft through a wireless access point or even a hotel broadband computer connection is a good offense in the form of a VPN connection. Schools should provide employees with VPN access to the school network, so they can connect in hotels and at open wireless access points through this secure "VPN tunnel." Otherwise, anyone could be watching all the messages and Internet traffic the person is sending and receiving. This includes Email usernames and passwords that are sent as clear text.

People with wireless home computer networks should not stop with the recommendations I have made previously of just changing the network ID (SSID), hiding it so others cannot browse to it, and changing the default password for router administration. What once was considered a safe technique — enabling "MAC address filtering" (a positive security measure that requires the network administrator / homeowner to add the numeric identification number of each wireless device's network card into the router) — is now actually a poor defense, since the TCP packet sent by an authorized computer contains that exact MAC address in its initial character sequence. This means a MAC address can be easily spoofed.

WEP wireless security can also be defeated relatively easily by a hacker who wants to break into your home network, but a secure WPA password can be theoretically impossible to break. The producers of the Security Now podcast offer a free web-based tool for creating theoretically unhackable WPA passwords — access it at Perfect Passwords. Users can refresh the page to obtain different, random 64 or 63 character password strings.
For more on these topics, read the “Wireless Security Recommendations for Rutgers,” and listen to the excellent recent episodes about wireless security, WEP, WPA and VPN on the “Security Now” podcast. Finally, when you are away from home, always connect to VPN before using your Email, posting to your blog, or doing anything else with a program that requires a username and password! If you don't have access to a VPN account, consider paying for and using a service like “HotSpotVPN.”

Next Tip: ePrinting Solutions