Wireless SECURITY Issues

by Hanz Makmur - LCSR Computing Facility

Status: Last modified: Feb 7, 2003

The LAWN network is designed with flexibility and expandability in mind. Because we want to make sure that users can get access to the network easily, LAWN does not requires users to install additional software for quick and easy access. LAWN basically provide an equivalent of wired network wirelessly. Like a wired network, LAWN doesn't encrypt any data transmitted to avoid giving user a false sense of security. It is true that wireless networks have some security solutions like the WEP(Wired Equivalent Privacy) protocol and 801.1x protocol. However, WEP is known to be a weak and insecured protocol and 802.1x is not standard on all operating systems. Moreover, none are as secure as VPN or other solutions.

LAWN does NOT FORCE users to use a specific Virtual Private Network (VPN) solution to avoid conflicts with users's current security setup. (example: User's current VPN solution) There are certain security measures that users can and should take. We are recommending users use whatever encryption method they prefer to use when they communicate on the wireless network.

Here are some suggestions that we are recommending:

Use SSH and SCP to replace Telnet and FTP.
SSH and SCP are secured forms of Telnet and FTP respectively. Data transferred using SSH and SCP are encrypted. If FTP, Telnet or other insecure protocols (such as POP3, IMAP, SMTP) are the only available methods, use SSH Tunnels with these insecure protocols to secure them

Beware of what you are sending
Never send password/username or private info that you don't want other people to see unless you use some kind of encryption. (That is, never send your password in the clear) You should know that Telnet, FTP, HTTP, POP, IMAP, SMTP always send data in the clear. Use SSH Tunnels with these insecure protocols to secure them

Use Secured method whenever you are sending personal information.
When you are using a browser, make sure that you are using https:// for secure transaction. HTTPS is standard on WEB browsers. This is an encrypted protocol used when you connect to a site instead of http://

Use SSL based (secured) IMAP, POP and SMTP to read or send your email.
If you are using regular POP, IMAP or SMTP protocol on our Unix system, you should stop doing so. We recommend you switch to the more secure mail system and enable SSL when connecting to your mail server.

For mail reading, we strongly recommend SSL IMAP, POP and SMTP.


We are recommending that users who use wireless networks here at RU or at HOME should use SSH, SCP, SSL, IMAPS, SSL SMTP and VPN such as SSH Tunnel

Further Info:

SSH, SCP and SFTP Clients:

Operating System

SSH2 client

SCP client

SFTP client

MacOS 8 and 9

MacSSH (F)
dataComet
F-Secure SSH (C)

-

MacSFTP(S)

MacOS X

Built in

Built in
Fugu (F)

Built in
Fugu (F)

Windows98 and up

SecureShell (FE)

-

SecureShell (FE)

Linux/Solaris

Built in command

Built in command

Built in command

(F) Freeware , (S) Shareware, (C) Comercial, (FE) Free for Education

SSL Capable Email clients:

Note: Make sure you check SSL on your IMAP or POP or SMTP settings to enable the security feature. Please note that some mail servers may not support SSL yet. Please contact your mail server system administrator to get this security feature working or use SSH Tunnel as your Wireless or home VPN

VPN Solution for Wireless and Rutgers Home users:

SSH Related Documentations: