A Rogue By Any Other Name
For schools that can’t get full-campus wireless coverage
in place fast enough, there is now a new price to pay.
Not long ago, I was home recuperating
from surgery and depending
upon my new wireless
router to keep me connected to the
office and the world while I healed.
Imagine my surprise when I booted up
my laptop and discovered that I could
also hook up to “bob’s network,” “ichabod4,”
and “ravenathome”—other networks
that had been set up near my
condo. What was interesting was how
easily I could jump right on to someone
else’s network via my new router which
was, in actuality, an access point. Evidently,
this capability is now of interest
to campus IT administrators, too.
According to an Aug. 24 story in the
Des Moines Register, in an audit of nine
academic buildings, technologists at the
University of Iowa recently discovered
80 unauthorized (and previously undetected)
access points. If they hadn’t
uncovered them with “sniffer” or probe
software during a walking audit with laptops,
they might never have known that
enterprising students, faculty, and staff
impatient for full-campus wireless had
taken matters into their own hands by
setting up “rogue” access points. Problem
is, these unauthorized hot spots can
seriously jeopardize the campus network—
and often, even the access
points’ owners.
The do-it-yourself hot spots lay the
university’s network wide open to hackers
who can gain access without being
detected. But access point owners may
also be making themselves responsible
for criminal acts not of their design. One
U of I student actually led officials to his
own access point when he was notified
by the government that illegal music
downloads were coming through it. The
access points can also act as conduits
for spamming the campus e-mail system
or downloading copyrighted material.
So, what’s a network security official
to do? According to the Register, the
University of Iowa is currently the only
public university in that state to conduct
a large-scale audit of wireless access
points. I wonder: How many schools in
other states are looking at this issue too,
and drawing up plans to counter the
proliferation of rogue access points? In
a time of transition—when so many institutions
are attempting to roll out wireless
coverage, expand it campuswide, and
even extend it to the off-campus community—
this kind of monitoring cannot
come too early. (For free tools to first
sniff—then snuff out—spots where
hackers may sneak onto the campus
network, see “Tools of the Trade,” page
40 in our network security feature.)
But I am wondering, too, if this would
not be a good time for campus PR to
step in? Campus members considering
setting up access points of their own
may be completely unaware of the dangers
lurking there; may even be unaware
of the campus schedule for ubiquitous
wireless connectivity, or soon-to-come
improvements that would preclude the
purchase of rogue access points. This
may be an excellent time for some internal
marketing, to communicate to all
mobile technology users just what the
campus intentions are—and what
mobile device users risk by heading off
to the computer store to pick up that
nifty access gizmo. What’s going on at
your school? We’d like to know.
—Katherine Grayson, Editor-In-Chief
What have you seen and heard? Send to: [email protected].
