AOH :: ISN-2907.HTM

'Rogue' spots expose U of I data

'Rogue' spots expose U of I data
'Rogue' spots expose U of I data 

August 24, 2006

Iowa City, Ia. -- Wireless Internet allows computer users to go online
from almost anywhere - such as in the library, on the lawn or in a
dormitory lounge on a college campus.

But university students, faculty and staff who set up their own
wireless connecting points, called "hot spots," may be putting
themselves and the school's network at risk, computer security
officials said.

The University of Iowa recently discovered 80 unauthorized access
points to its wireless network in an audit of nine academic buildings.  
These so-called rogue access points were probably set up by faculty or
staff impatient for wireless service, which covers only 15 percent of
campus, said Jane Drews, information technology security officer for
the U of I.

But these rogues, half of which were not encrypted, leave the U of I
vulnerable to hackers or people who want to commit crimes through
someone else's Internet connection, computer specialists said.

"Someone could actually use the university's e-mail system to send
spam or download copyrighted materials," said Carl Hirschman, vice
president for X-Wires Communications in Iowa City. "Really, the
worst-case scenario is that they could use that (access) as an in to
hack into the university's system."

All three of Iowa's public universities offer wireless computer access
on parts of their campuses.

The service isn't available to just anyone - users must have
registered computers or identification numbers and passwords. In
places without wireless, people can use "land lines" or create
wireless hot spots with access point devices.

The universities approve some access points, but others are springing
up without permission or security, officials said.

The U of I is the only public university in Iowa doing a large-scale
audit of wireless access points. The University of Northern Iowa and
Iowa State University respond to complaints about rogue connections,
officials said.

Some newer computer software can find rogues and let administrators
shut them down, said Seth Bokelman, senior systems administrator for

"I've only found one and that was a graduate student who had set one
up in his office," he said. "We disabled it pretty quickly and
referred it to his department head."

An Iowa State University undergraduate who set up a non-encrypted
access point in his dormitory room complained when he got a notice
from the government about illegal music downloads through his
connection, said Mike Bowman, assistant director for information
technology security at ISU.

"If they haven't restricted the access point, we've had some
situations where there has been some activity they didn't think they
were responsible for," Bowman said.

Robert De Lara, a U of I biomedical engineering student from Lisle,
Ill., said he does not see why students would need to set up rogue
access points because there are lots of wireless hot spots, such as
the library, Iowa Memorial Union and Seamens Center for Engineering
Arts and Sciences.

"If you're an engineering student, you're paying a fee and getting it
anyway," he said of wireless.

The U of I is trying to pinpoint their rogues and convert them to
wired connections or authorized access points, Drews said. The
universities are also expanding their wireless networks, which would
eliminate the need for access points.

HITBSecConf2006 - Malaysia 
The largest network security event in Asia 
32 internationally renowned speakers 
7 tracks of hands-on technical training sessions. 
Register now: 

Site design & layout copyright © 1986-2014 CodeGods