I regularly teach workshops on wireless networks in libraries. It's a technology that almost all libraries are interested in implementing, but many. have avoided it out of concern for security. Though many valid security issues prevail, solutions also abound. Let's take a tour of this technology and explore some of its major security issues.
Wireless networks suffer from a reputation of poor security-a reputation often wellearned by many of its early implementations. Fortunately, the technology has advanced considerably over the last few years and can be deployed without sacrificing the security of your library's network.
The Achilles' heel of security for all Ethernet (IEEE 802.3) networks is eavesdropping. To explain this concern, let's review a few network basics.
Understanding Ethernet, Wi-Fi1, WEP and WPA
The low-level media access rules that govern how Ethernet networks communicate follow the party-line telephone model. These rules, termed Carrier Sense Multiple Access with Collision Detection (CSMA/CD), allow many devices to share a network media, each sending data as needed but checking afterward to be sure that the transmission didn't collide with another device's traffic. When collisions happen, each device waits a random number of milliseconds and retransmits. While this introduces some overhead, CSMA/CD has proven itself a highly efficient communications method.
A fundamental characteristic of Ethernet is the possibility for eavesdropping. As bits of information travel on an Ethernet, they are bundled into packets, each marked with the hardware address of its destination and origin. In an ideal, polite society, no one would ever listen in on someone else's conversation on a party line, but, in the real world, eavesdropping happens. Similarly, on an Ethernet network, the prescribed rules only allow packets to be opened by the device that matches the destination address. Unfortunately, packet analyzers, or sniffers, originally developed for system administrators to perform diagnostics, are now a common part of a hacker's toolkit. A hacker can program a sniffer to open all packets on a network, putting all transmitted information in full view. Because of the capability for others to eavesdrop on an Ethernet, one must assume that any info sent without additional protection can be viewed by an unfriendly third party. This additional protection usually takes the form of encryption, where only the intended recipient has the ability to decrypt the information.
Wireless networks (often called Wi-Fi), as defined by IEEE 802.11, share many of the characteristics of Ethernet networks. However, the media access rules work on the principle of collision avoidance rather than collision detection. The concern for eavesdropping still applies, though, and is exacerbated by the fact that the unfriendly third party does not even have to have a physical connection to the network in order to view information.
Why worry about eavesdropping? Keep in mind that sensitive information (username/password combinations, credit card numbers, Social security numbers, bank accounts, etc.) in the wrong hands could cause a person considerable problems. Such information must never be sent "in the clear"; it must be securely encrypted.
In fact, even the early versions of Wi-Fi included encryption to provide a layer of security. Called Wired Equivalency Privacy, or WEP, this security protocol allows a person to set up a 40-or 128-bit security key that is shared between a mobile device and an access point. The key will encrypt all of the information packets that are transmitted on the network, but it must be entered into the configuration of any device that connects to a wireless network through the access point.
The name Wired Equivalency Privacy implies that WEP can provide users with the same degree of protection from eavesdropping as wired networks. Unfortunately, this isn't true. It turned out that the encryption provided by WEP was fairly easy to crack. Using software such as AirSnort, an open source tool that can capture wireless network transmissions and crack the encryption keys, a hacker can view information as it crosses the airwaves. Recently, a stronger security protocol called Wi-Fi Protected Access, or WPA, was developed and is beginning to see deployment. Further, an entire security architecture for wireless networks that defines multiple layers of protection, called 802.11i, has recently been approved.
To make matters more interesting from a security perspective, many wireless networks operate with WEP, or any other encryption method, disabled. Does this mean that these networks are unsafe to use? In my mind, no, as long as those who use such an open wireless network are aware that their sessions may be exposed and have the good sense not to transmit sensitive information without additional precautions.
Given that many wireless networks are secured by weak WEP or are completely open and exposed, how can libraries make use of this technology? Fortunately, there are lots of good answers.
Open Wireless Networks
Most publicly accessible wireless services do not implement encryption security. One does not expect high security or encryption when connecting to public wireless hotspots. Before connecting to an unsecured wireless network, most computers will issue a message warning users that "any information transmitted over this network may be viewed by others." Such a connection is fine for most informal uses of the Web but not for transactions that involve sensitive data. Before conducting any business that requires credit cards, Social security numbers, or other personal information, one must be sure that the session is encrypted. Web sites that employ SSL (secure sockets layer), for example, offer a layer of encryption that provides adequate security even over an open wireless network.
Virtual Private Network (VPN) technology is especially well-suited for use with open wireless networks. A VPN establishes an end-to-end tunnel of encryption between a user's computer and a remote network. VPNs employ strong encryption that allows sensitive data to travel across the unsecured networks, such as an open WLAN or the Internet, without the possibility of eavesdropping. A business traveler, for example, might have a VPN client loaded on his or her laptop that connects to a company's firewall, allowing secure access to sensitive information on the internal network without risk of exposure on the Internet. With the assistance of VPN technology, open wireless services can be used for even the most sensitive information.
Your Wireless hotspots
Many libraries are (or soon will be) offering Wi-Fi. The largest perceived barriers to providing this service are concerns about security. On one hand, librarians want to ensure that they will not be liable for any harm done to a user's computer while it is connected to the library's WLAN; on the other hand, they must ensure that their own networks and systems are not threatened by activity on the WLAN.
Library Wi-Fi hotspots can be configured in many ways. When it comes to security configurations, the ease of use is indirectly proportional to security. It's possible to set up strong security on the library Wi-Fi hotspot, enabling WEP or WPA, but users would have to obtain the encryption keys from the library before connecting. This introduces some logistical problems for both the library staff and the clientele who want to use the WLAN.
A more convenient, but less secure, approach would be for the library to offer open, non-encrypted Wi-Fi. Such a service is much easier for library staff since they don't have to worry about issuing security credentials, and users like the ability to attach to the hotspot without the complication of entering encryption keys.
Offering open Wi-Fi in the library puts much of the onus for security on the user. But this scenario is no different than the Wi-Fi services available in hotels, coffee shops, or airports. Users of these networks need to be aware of the vulnerabilities and take necessary precautions. Up-to-date virus protection software is a must; personal firewalls are good advice; VPNs are ideal. Libraries that offer an open Wi-Fi network might want to have a Web page that lays out the potential risks of using such a service and then suggests safety measures for users to take.
When creating a Wi-Fi hotspot in a library, the foremost concern is to ensure that the security of the library's existing wired network isn't compromised. You don't want the wireless hotspot to become an entry point for hackers.
The prime rule when deploying Wi-Fi is segregation. It's important to have a clear separation between a public wireless network and the rest of the library's network. A number of devices can be used to achieve proper separation. While a firewall tends to be the most common approach, the VLAN (Virtual Local Area Network) capabilities available on enterprise-level Ethernet switches achieve even better results. With good network segregation, no matter what maliciousness breaks out on the wireless part of the network, the staff side remains impermeable.
This whirlwind tour of wireless security has only surveyed the rough features of the landscape. Many details underlie each of the concepts I mentioned. As your guide, I hope I've instilled both a sense of caution about the security issues involved with Wi-Fi as well as an understanding that these problems are not insurmountable. Wireless networking offers great benefits, and library users increasingly have the interest and the means to take advantage of this technology. Librarians shouldn't let security issues stand in the way of offering this popular service to patrons.