Western Kentucky University

IT Division - Network

Security

Wireless technologies have introduced many new challenges to the world of networking, particularly in the realm of security. We recommend being aware of these issues before using any wireless network.

Authentication

To access the WKU Wireless network, users are required to authenticate using their WKU username and password. To log in, open a web browser such as Internet Explorer or Mozilla and you will be redirected to the secure login page. You will then be asked for your username and password that will be encrypted and sent to the server for verification. Once authenticated, you will be free to browse web sites and use other network applications.

You will not be able to use any network services such as Email, Instant Messaging, FTP, etc until you first follow the aforementioned procedure and log in.

Data Security and Encryption

Unlike wired networks, wireless networks use radio signals that can easily be picked up or intercepted by other users. This can give a malicious user the ability to view the data you are sending across the wireless connection. For this reason, wireless connections are generally considered less secure than wired networks but many of the topics discussed below can still apply to both. Sensitive information includes, but is not limited to, pieces of data such as usernames, passwords, social security numbers, credit card numbers, or essentially anything you would not want someone else to be able to get their hand on. There are several potential ways to protect your sensitive information. Use of these technologies and their effectiveness depends greatly on the environment in which they are used. Below are several common wireless security options along with a brief description, and why or why they are not in use on the WKU Wireless Network.

WEP (Wired Equivalent Privacy) The WKU Wireless Network does not use WEP which is a feature of the 802.11 wireless standard intended to provide some degree of security for the information traveling through the air. However, since WEP requires publishing the WEP security key to all wireless users, it is unsuitable for use in a large network. (A secret which must be published to over 20,000 people is no secret.) Also since its inception, WEP's design itself has been demonstrated to be flawed and is generally considered insecure. This protocol is still commonly used in small, home wireless networks.

WPA (Wireless Protected Access) The WKU Wireless Network does not currently use WPA ("Wireless Protected Access"), a technology offered by many wireless vendors and is defined as a precursor to the relatively new IEEE 802.11i standard. WPA is intended as a temporary replacement for WEP, designed to address many of WEP's flaws. It is positioned as a temporary solution, until the 802.11i standard for wireless security is complete, and all existing wireless hardware and software is replaced with a new generation of equipment designed to support 802.11i. At this time, most client software does not currently support WPA and as a result the vast majority of campus users would not be able to access the wireless network. There is no plan to deploy WPA at this time; However, we expect to re-evaluate this stance in the future pending the outcome of upcoming standards and their distribution in client devices.

Application-level Encryption To secure any potentially sensitive information, it is strongly recommend that you use services that provide encryption. This concept applies to both wired and wireless networks, but is even more imperative for wireless. Typically SSL (Secure Sockets layer) is used to provide encryption for web pages. Information sent over SSL is encrypted by the application and prevents someone from spying on your information. These secure web sites will have an address that begins with https:// rather than the traditional http://. Most browsers will also show a lock symbol in the lower right hand corner to represent a secure connection.

All key WKU network services can provide this level of security. For example, the WKU Wireless Login page, Webmail, Topnet, ecourses and many other pages use SSL encryption to help protect your information. We also offer this or an equivalent level of encryption on other services such as POP, IMAP and SMTP email connections. These settings vary across different email clients so please contact the Helpdesk if you require assistance with these settings or if you have any questions or general security concerns.

VPN (Virtual Private Network)

There are several different implementation options for VPN's and for several years VPN's were the only way high-security organizations were permitted to use wireless networks. The VPN concept involves creating an encrypted "tunnel" between the client computer and a VPN endpoint on the other side of the wireless network. This provides protection for all data sent across the wireless network. Under most circumstances, VPN's require special software to be installed and configured on the client device. For most users in our environment this setup is level of security is not required, as most sensitive data should already be protected by application-level encryption. However, in the future we are looking at an option to provide this type of service. Please check the WKU Wireless web page for updates as this and other new services are deployed.

General Tips:

The following tips are several things you can do to help secure your information and keep your computer free of viruses, malware, and spyware.

  • Keep your operating system up-to-date. Patches fix various bugs in the software and many of them are security related.
  • Use complex passwords and never give them out under any circumstance even if asked to do so by support personnel.
  • Run quality anti-virus software and keep the virus definitions current. New viruses are literally released every day. Virus definitions let the antivirus software know about them and how to catch and block them. The software cannot properly do its job if it doesn.t know about all the potential viruses out there.
 Last Modified 7/23/13