Wireless Security Poses Challenges
What can you do to protect yourself from eavesdroppers?

If you're considering deploying a wireless Ethernet system, you'll need to take special security precautions.

Because it's much easier to surreptitiously monitor wireless networks, attackers can have a field day at your expense (for an eye-opening discussion of potential privacy violations, see http://www.theregister.co.uk/content/archive/18285.html).

Unfortunately, the Wired Equivalent Privacy algorithm (WEP), which was designed to encrypt 802.11 wireless transmissions, provides a false sense of security. Even with WEP protection, there have already been instances of both active and passive attacks to decrypt traffic, as well as a dictionary-building type of attack that can perform real-time automated decryption after several hours of analyzing network traffic.

Alternative Measures. Instead of relying on WEP, Microcomputer Services staff recommends using end-to-end encryption, such as UO Web email with SSL, POP or IMAP over SSL, or SSH (Secure Shell).

The email clients available from the Duckware 2000 CD already utilize SSH, and Windows users can also use the SFTP program included with the SSH.COM package. (To download SFTP, go to ftp://public.uoregon.edu/ and open the folders "Software," "Network Software," and "Secure," and select "SSH240.exe". Then double-click the downloaded program to activate it.)

Resources
For more details on WEP security issues, see http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html

To keep abreast of new network security applications in general, see http://security.uoregon.edu You might also want to check the Microcomputer Services security page at http://micro.uoregon.edu/security/ for updates.