http://desmoinesregister.com/apps/pbcs.dll/article?AID=/20060824/NEWS02/608240380/1001/NEWS By ERIN JORDAN REGISTER IOWA CITY BUREAU August 24, 2006 Iowa City, Ia. -- Wireless Internet allows computer users to go online from almost anywhere - such as in the library, on the lawn or in a dormitory lounge on a college campus. But university students, faculty and staff who set up their own wireless connecting points, called "hot spots," may be putting themselves and the school's network at risk, computer security officials said. The University of Iowa recently discovered 80 unauthorized access points to its wireless network in an audit of nine academic buildings. These so-called rogue access points were probably set up by faculty or staff impatient for wireless service, which covers only 15 percent of campus, said Jane Drews, information technology security officer for the U of I. But these rogues, half of which were not encrypted, leave the U of I vulnerable to hackers or people who want to commit crimes through someone else's Internet connection, computer specialists said. "Someone could actually use the university's e-mail system to send spam or download copyrighted materials," said Carl Hirschman, vice president for X-Wires Communications in Iowa City. "Really, the worst-case scenario is that they could use that (access) as an in to hack into the university's system." All three of Iowa's public universities offer wireless computer access on parts of their campuses. The service isn't available to just anyone - users must have registered computers or identification numbers and passwords. In places without wireless, people can use "land lines" or create wireless hot spots with access point devices. The universities approve some access points, but others are springing up without permission or security, officials said. The U of I is the only public university in Iowa doing a large-scale audit of wireless access points. The University of Northern Iowa and Iowa State University respond to complaints about rogue connections, officials said. Some newer computer software can find rogues and let administrators shut them down, said Seth Bokelman, senior systems administrator for UNI. "I've only found one and that was a graduate student who had set one up in his office," he said. "We disabled it pretty quickly and referred it to his department head." An Iowa State University undergraduate who set up a non-encrypted access point in his dormitory room complained when he got a notice from the government about illegal music downloads through his connection, said Mike Bowman, assistant director for information technology security at ISU. "If they haven't restricted the access point, we've had some situations where there has been some activity they didn't think they were responsible for," Bowman said. Robert De Lara, a U of I biomedical engineering student from Lisle, Ill., said he does not see why students would need to set up rogue access points because there are lots of wireless hot spots, such as the library, Iowa Memorial Union and Seamens Center for Engineering Arts and Sciences. "If you're an engineering student, you're paying a fee and getting it anyway," he said of wireless. The U of I is trying to pinpoint their rogues and convert them to wired connections or authorized access points, Drews said. The universities are also expanding their wireless networks, which would eliminate the need for access points. _________________________________ HITBSecConf2006 - Malaysia The largest network security event in Asia 32 internationally renowned speakers 7 tracks of hands-on technical training sessions. Register now: http://conference.hitb.org/hitbsecconf2006kl/
This archive was generated by hypermail 2.1.3 : Thu Aug 24 2006 - 23:17:57 PDT