A Rogue By Any Other Name

Katherine GraysonFor schools that can’t get full-campus wireless coverage in place fast enough, there is now a new price to pay.

Not long ago, I was home recuperating from surgery and depending upon my new wireless router to keep me connected to the office and the world while I healed. Imagine my surprise when I booted up my laptop and discovered that I could also hook up to “bob’s network,” “ichabod4,” and “ravenathome”—other networks that had been set up near my condo. What was interesting was how easily I could jump right on to someone else’s network via my new router which was, in actuality, an access point. Evidently, this capability is now of interest to campus IT administrators, too.

According to an Aug. 24 story in the Des Moines Register, in an audit of nine academic buildings, technologists at the University of Iowa recently discovered 80 unauthorized (and previously undetected) access points. If they hadn’t uncovered them with “sniffer” or probe software during a walking audit with laptops, they might never have known that enterprising students, faculty, and staff impatient for full-campus wireless had taken matters into their own hands by setting up “rogue” access points. Problem is, these unauthorized hot spots can seriously jeopardize the campus network— and often, even the access points’ owners.

The do-it-yourself hot spots lay the university’s network wide open to hackers who can gain access without being detected. But access point owners may also be making themselves responsible for criminal acts not of their design. One U of I student actually led officials to his own access point when he was notified by the government that illegal music downloads were coming through it. The access points can also act as conduits for spamming the campus e-mail system or downloading copyrighted material.

So, what’s a network security official to do? According to the Register, the University of Iowa is currently the only public university in that state to conduct a large-scale audit of wireless access points. I wonder: How many schools in other states are looking at this issue too, and drawing up plans to counter the proliferation of rogue access points? In a time of transition—when so many institutions are attempting to roll out wireless coverage, expand it campuswide, and even extend it to the off-campus community— this kind of monitoring cannot come too early. (For free tools to first sniff—then snuff out—spots where hackers may sneak onto the campus network, see “Tools of the Trade,” page 40 in our network security feature.)

But I am wondering, too, if this would not be a good time for campus PR to step in? Campus members considering setting up access points of their own may be completely unaware of the dangers lurking there; may even be unaware of the campus schedule for ubiquitous wireless connectivity, or soon-to-come improvements that would preclude the purchase of rogue access points. This may be an excellent time for some internal marketing, to communicate to all mobile technology users just what the campus intentions are—and what mobile device users risk by heading off to the computer store to pick up that nifty access gizmo. What’s going on at your school? We’d like to know.

Katherine Grayson, Editor-In-Chief What have you seen and heard? Send to: kgrayson@1105media.com.

comments powered by Disqus