In the last couple of days ZiefBrief has noticed a mysterious influx of technicians from USF's Information Technology department. They've been staring at our ceilings and rooting around in the telecom closets in ways consistent with the impending installation of a wireless network. We've been told that wireless will be available in the Zief Library this coming semester, so we're taking all of this activity as a good sign. As our excellent Dean often says, stay tuned…
[Update: 8.11.06] Short answer - Yes! Wireless is here!
ZiefBrief itself wandered around with its laptop this morning, successfully surfing the internet on all three levels. (Our helpful Law IT staff ask us to remind you that, wireless being wireless, it will never be 100% secure. So please don't us it for your online banking and such!)
"(Our helpful Law IT staff ask us to remind you that, wireless being wireless, it will never be 100% secure. So please don't use it for your online banking and such!)"
I must point out that this is a common misconception about wireless networking - that "wireless being wireless", it is inherently less secure. Yes (wireless or not!), someone can hack into your computer if you leave it vulnerable and the hacker knows what (s)he is doing. Yes, people can get around any password protection on the wireless access point itself.
But no, online banking would not be vulnerable in transit if the site is SSL encrypted. Someone isn't going to intercept the packets and decrypt them more easily because you are using a wireless network. If a hacker wanted to break a 128-bit SSL encrypted session, it would take more than someone's lifetime.
Posted by: Mike B | August 12, 2006 at 09:40 AM
It's fine advice. Of course wireless is inherently less secure. Wired networks require physical access at some hop along the way. Wireless requires no such access.
If wireless has been rolled out as it existed over the summer, advertised with the USFWireless SSID, there's no meaningful authentication of the wireless network one is joining. The only authentication that occurred over the summer was the standard corralled login to use network resources. As a result, an easy end-run around SSL would simply be a man-in-the-middle attack accomplished by a rogue wireless network.
In short, one shouldn't assume security over SSL when operating over an untrusted medium. If, on the other hand, the school implemented a wireless security protocol that allowed for authentication of the remote networks, it would be far easier to feel secure. When I was forced to implement such a network -- back in 2000 -- I terminated all wireless at an isolated port on our IPSec VPN concentrator. The only way out was with the use of a VPN client. However, even with all of those precautions, wireless would still be inherently less secure than a wired network.
Security issues aside, while it will be nice to have wireless in the library, having it will make it more difficult to stay off the network when work should be getting done. It will be especially bad if it extends to the classroom, where the already rampant surfing is a major distraction.
Posted by: Greg Haverkamp | August 15, 2006 at 05:56 PM