Wireless SECURITY
Issues
by Hanz
Makmur - LCSR Computing
Facility
Status: Last modified:
Feb 7, 2003
The LAWN network is designed with
flexibility and expandability in mind. Because we want to make sure
that users can get access to the network easily, LAWN does not
requires users to install additional software for quick and easy
access. LAWN basically provide an equivalent of wired network
wirelessly. Like a wired network, LAWN doesn't encrypt any data
transmitted to avoid giving user a false sense of security. It is
true that wireless networks have some security solutions like the
WEP(Wired Equivalent Privacy) protocol and 801.1x protocol. However,
WEP is known to be a weak
and insecured protocol and
802.1x is not standard on all operating systems. Moreover, none are
as secure as VPN or other solutions.
LAWN does NOT FORCE users to use a
specific Virtual Private Network (VPN) solution to avoid conflicts
with users's current security setup. (example: User's current VPN
solution) There are certain security measures that users can and
should take. We are recommending users use whatever encryption method
they prefer to use when they communicate on the wireless
network.
Here are some suggestions that we are
recommending:
Use SSH and SCP to
replace Telnet and FTP.
SSH and SCP are secured forms of
Telnet and FTP respectively. Data transferred using SSH and SCP are
encrypted. If FTP, Telnet or other insecure protocols (such as POP3, IMAP, SMTP) are the only available methods,
use SSH Tunnels with these insecure protocols to secure them
Beware of what you
are sending
Never send password/username or
private info that you don't want other people to see unless you use
some kind of encryption. (That is, never send your password in the
clear) You should know that Telnet, FTP, HTTP, POP, IMAP, SMTP
always send data in the clear. Use SSH Tunnels with these insecure protocols to secure them
Use Secured method
whenever you are sending personal information.
When you are using a browser,
make sure that you are using https:// for secure transaction.
HTTPS is standard on WEB browsers. This is an encrypted protocol used
when you connect to a site instead of http://
Use SSL based
(secured) IMAP, POP and SMTP to read or send your email.
If you are using
regular POP, IMAP or SMTP protocol on our Unix system, you should
stop doing so. We recommend you switch to the more secure mail system
and enable SSL when connecting to your mail server.
For mail reading, we
strongly recommend SSL IMAP, POP and SMTP.
We are
recommending that users who use wireless networks here at RU or at
HOME should use SSH, SCP, SSL, IMAPS, SSL SMTP and
VPN such as SSH Tunnel
Further Info:
SSH, SCP and SFTP
Clients:
|
Operating
System
|
SSH2
client
|
SCP client
|
SFTP
client
|
|
MacOS 8 and 9
|
MacSSH
(F)
dataComet
F-Secure
SSH (C)
|
-
|
MacSFTP(S)
|
|
MacOS X
|
Built in
|
Built in
Fugu
(F)
|
Built in
Fugu
(F)
|
|
Windows98 and up
|
SecureShell
(FE)
|
-
|
SecureShell
(FE)
|
|
Linux/Solaris
|
Built in command
|
Built in command
|
Built in command
|
(F) Freeware , (S) Shareware, (C) Comercial, (FE) Free for
Education
SSL Capable Email
clients:
Note:
Make sure
you check SSL on your IMAP
or POP or SMTP settings to enable the security feature. Please note
that some mail servers may not support SSL yet. Please contact your
mail server system administrator to get this security feature
working or use SSH Tunnel as your Wireless or home VPN
VPN Solution for Wireless and Rutgers Home users:
SSH Related
Documentations: