Eastern Illinois University Homepage

Quick Links

• Change Password
  
• Computer Labs
  
• Outlook Web Access
  
• PantherMail
• PAWS
• Software Downloads
• WebCT

Audience

• Students
• Employees

  Services & Solutions

  • Account/NetID
  • Application Services
  • Information Security
  • Internet/Network Services
  • Mail Services
  • Mobile Devices
  • Panther Card
  • Policies
  • Recommendations For Purchasing New Techology
  • Safe Connect
  • Technology Resources On Campus
  • Telecommunications
  • Web Publishing

Campus wireless users will have to sign on in order to use network

---

Submitted: Mon, Sep 14, 2009 09:21 AM

Wireless Internet access at Eastern is becoming more controlled. Starting late Fall/early 2010, laptop users who utilize campus Wi-Fi will be required to authenticate before they connect, just as university students and employees already do with their desktop computers that are hardwired to the network.

At present, although it is not directly connected to the EIU intranet, the university's wireless network has been publicly accessible without the need to sign on.

An exact date for the change has not been determined but will be announced on the Information Technology Services Web page.

The current unrestricted public access is a potential risk and the reason for the impending change.

"We want to preserve integrity and  to prevent abuse," said Eastern's Assistant Vice President for Information Technology Chat Chatterji.  "Because the wireless environment is changing — because of our concerns about things such as illegal filesharing and the bleeding of our signal off campus where it can be accessed by unauthorized users  —  we are going to have to start restricting our open wireless to those for whom it is intended — Eastern's faculty, staff and students."

To prevent unauthorized persons from gaining access to the wireless network, users will first have to authenticate when beginning an Internet session. When users open their computer's Web browser,  they will be directed to a pop-up page asking for their user name and password. This will be the same NetID and password used for other on-line services such as e-mail, PAWS, WebCT or to sign on to a desktop computer.

"You will log in, and that authentication process will grant you access to wireless," said Greg DeYoung, ITS associate director of campus infrastructure technology.

Users of EIU Wi-Fi should be aware that the pending changes will only control access to the network, which remains unencrypted, and they should never transmit sensitive data such as financial information or Social Security Numbers.

“People should be smart about how they utilize wireless,” said Chatterji. They should still use VPN when working on university business on a wireless laptop, for example.

Two developments have necessitated the reassessment of Wi-Fi access.

Because Eastern's wireless footprint has been expanding beyond campus, non-university users have been able to tap in to it. Currently, the signal extends into residential and commercial areas adjacent to the university. This occurs because the signal must be calibrated so that it is strong enough to saturate campus and because wireless transmitters have been installed on the higher floors of some residence halls, broadcasting the signal to greater distances. In tandem, these factors cause the coverage umbrella to extend beyond the perimeters of the university.

In addition, the recent Higher Education Reauthorization Act requires universities to put controls on their services that can be accessed via the Internet. "This is an effort to try to prevent unauthorized access to information and data," said DeYoung.  With open wireless, "if someone wants to engage in malicious activity, they could do what they wanted and we could not tie back to that person. Moving forward, (authentication) will provide an enhanced layer of security so that if we do detect malicious activity on our network, either on campus or directed to the outside Internet, we will be better able to tell who they are because their activity will be tied to their log-in."

Eastern's wireless network has functioned without significant incident since it was brought online in the mid-2000s. During that time, it was thought that open access was the best customer experience for campus end-users, and the university will work to provide the same level of experience moving forward while trying to comply with the new regulations.

Still undetermined is how the new authentication requirements will affect non-university personnel who occasionally use the wireless network, such as parents, media personnel covering athletics events, etc.

Visitors likely will have to register as guest users and be granted status to access the network. "We are still reviewing the details of how this will work'" said DeYoung.  "Potentially, we could ask for someone on campus to sponsor a user, or we might have a registration procedure on the Web. We are still looking at options."

For those users who have non-computer devices such as iPod Touches, iPhones, Nintendos and similar smart devices with Wi-Fi capability, the new process will automatically detect their hardware and grant them access.  "Systems without Web browsers will still work; the rule of thumb is that any device with a browser will need to authenticate," said DeYoung.

Authentication would bring wireless access control to the same level as that of desktop computers connected to the Internet.

"Because of the nature of wireless and the way it works, we can tell when computers are connected, how many there are and where they are on the network, but, in fringe areas, it's hard to tell if a user is on campus or an apartment across the street," said DeYoung. "We've done a lot of things to target and limit the power of the wireless signal in these fringe areas in order to cut back unauthorized users' ability to get access, but there is only so much that can be done before you degrade the coverage on campus, too."

Authentication will ensure that the people using Eastern's wireless are, in fact, authorized users such as registered students or faculty and staff. The scope of the problem of non-university users abusing the network came to the attention of ITS last spring when some commercial rental property owners advertised the availability of campus wireless in their buildings.

Another misuse of the wireless network has been for illegal music filesharing, said ITS's Assistant Director for Information Security Adam Dodge.

"One of the driving factors in all of this goes back to copyright infringement," said Dodge.
Toward the end of the 2009 Spring Semester, an increase was noted in the use of the wireless network for illegal filesharing. "Plus, several machines were compromised by viruses used to attack external computers on the Internet, the majority of them wireless, though not belonging to the university, but to individuals using the wireless network," said Dodge.
"So, by allowing people to log in, we will be better able to make sure the wireless network remains virus-free for university students, faculty and staff for educational purposes, and also identify people who use the network to break the law through copyright infringement or other illegal activities."