Wireless Security Information

There are two aspects to security. First is security of the network itself. Second, is security of the data crossing the network. In order to properly secure the network itself, KU requires all prospective Wireless Zone users to authenticate using a valid KU Online ID and Password. Therefore it can be determined if a prospective user is authorized to use University resources.

Securing data crossing a wireless network poses a number of different challenges. Since wireless LAN transmissions transverse free space, they are more easily intercepted than wired transmissions. We have endeavored to make KU Wireless Zones as secure as practical. For example, the initial stage of authenticating the wireless user (when the user is required to enter the user’s KU Online ID and Password) is encrypted via SSL (Secure Sockets Layer). However passwords to enterprise systems, credit card numbers, email, calendar, and task information, etc, may be transmitted unencrypted and thus intercepted, easily read, and abused by others. Therefore, the user’s data is no more secure than the server or web site accessed. Sites offering SSL (as indicated by a small lock icon appearing on the status bar of the browser or https:// on the address bar) provide greater security and should be used when available.

Manufacturers of wireless LAN equipment offer a number of data encryption techniques as an alternative to transmitting sensitive data un encrypted. The most common is Wired Equivalent Privacy (WEP). However, WEP keys are fairly simple to decode. A common WEP key must be given to all authorized users. Preventing a common WEP key from being given to unauthorized users is difficult in a large enterprise network.

Some manufactures wireless LAN equipment distribute dynamic WEP keys. However, our testing found that most of these systems depend on proprietary standards limiting interoperability between Access Points and wireless cards produced by different manufacturers. Therefore WEP was not a viable solution for a campus wide encryption solution.

As of March 10, KU is no longer offering an encryption solution. The encryption certificate for wireless personal computers expired for the campus wireless system on that date. A user may receive a message advising that the certificate is no longer trusted. New wireless service is being designed and an upgrade will likely occur during the summer break. Until the new service is announced, users should use the same precautions in the use of wireless access on the KU campus as they would at any other public hot spot.

Data encryption will not shield your computer from infection by viruses or worms. Visit the University of Kansas IT Security Office web site for current information on protecting your computer from these threats.