• NETWORK
  • Overview
  • Ethernet
  • Wireless
  • Using 802.1x
  • VPN
  • Handheld devices
  • Hubs and Device Reg
  • Peer-to-Peer and Copyright
  • International student guide
  • Active Directory
  • Modem
  • Outside ISP
  • Medical Campus
• E-MAIL
  • Get started
  • General e-mail topics
  • Away from BU?
  • After graduation
• SECURITY
  • Overview
  • Virus protection
  • Spyware detection
  • Firewalls
  • AutoUpdate
  • Virus removal
  • McAfee VirusScan help
  • Norton Security help
  • Alerts
  • Register notebooks
  • Facebook settings
• WIN/MAC
  • Overview
  • Supported software
  • Windows help
  • Mac OS help
  • Microsoft Office
  • FileMaker Pro
  • Adobe Acrobat
  • Web browsers
  • Web Login Help
  • Distributed software
  • Go green!
• ACS/UNIX
  • Overview
  • Get an account
  • Account quotas
  • Docs and software
  • Using Pine
  • X Win, Telnet, SSH
  • BU Linux
  • Using FTP
• TUTORIALS
  • Overview
  • Course descriptions
  • Tutorial handouts
  • Self-paced tutorials
• SALES/REPAIR
  • Overview
  • Personal
  • Departmental
  • Repair
  • Donate or recycle
  • BUPD Laptop Reg
• CONTACT
  • Contact us
  • Departmental support
  • Courseware support
  • Web development
  • Faculty resources
  • Web conferencing

Safeguard and limit connections to your wireless router

As people purchase and set up personal wireless networks, there are both dangers to personal data and questions of personal liability. An insecurely configured wireless network can allow third parties to intercept data or engage in activity that can be harmful to the network's rightful owner. This page outlines good practices for configuring a home wireless network, safely and securely.

These suggestions are an appropriate starting point for configuring a wireless network. But you should still read the documentation provided with your device(s) and familiarize yourself with your Internet Service Provider's terms of service and acceptable use policies.

Whenever you are on the Charles River Campus, you should always use the official Boston University wireless network. The official network is professionally maintained and provides a secure, encrypted connection, removing the need for you to know about the more technical aspects of the network.

Follow these Guidelines to secure your Wireless Connection

Most wireless access points, or routers, offer a similar set of fundamental features, and it is relatively easy to get started with most of the newer devices. The list of settings below should apply to any router, although the methods for enabling them will vary; your device's manual should help you find the settings if they are not readily apparent.

1. Always enable authentication or password protection. Wireless routers allow you to require a password to use the wireless signal. This means that only devices that belong to you (or that you choose to allow) will be able to use your network. Requiring a password for access to your wireless network is extremely important: if someone connects to the Internet through your wireless access point and uses it for illegal file sharing, sending spam, or other illicit purposes, you could be held legally liable for that activity.
2. Configure your wireless router to use WPA or WPA2 encryption. WEP is an older, weaker form of encryption -- use it only if WPA is not available. WPA adds a layer of security on top of requiring a password, as simply using a password without encryption still leaves your network traffic vulnerable to eavesdropping. While it is unlikely that someone is going to target you specifically for this sort of attack, there's no reason to expose yourself to risk when it's so easily mitigated.
3. Pick a sensible SSID. The SSID (Service Set Identifier) is the "name" by which your wireless network will advertise its availability. By default, the SSID is usually set to the manufacturer's name or a random string. Because the default SSID for many access points might be ambiguous (or even the same as someone else's) it's a good idea to pick something unique. You should not use personally identifying information, such as your street address or email address, nor should you use anything that might provoke curiosity, such as "secret" or "don't use".

 

Why does the University prohibit personal wireless access points in offices and residence halls?

Boston University prohibits personal wireless routers on campus for several reasons, including concerns for the security of data transmitted and the stability of the campus network.

1. Privacy: The University provides a mature, secure network infrastructure. Using this network helps to ensure that your passwords and the data you transmit will not be intercepted by others. Wireless coverage is not universally available on campus, but is increasing.
2. Easily identifiable security: Personal wireless access points offer no guarantee of security. By prohibiting such devices on campus, the University makes it easy to know when a network is an official, secure resource. Allowing the proliferation of personal networks would cause confusion and put passwords and data at risk. A wireless router which is not securely configured could be targeted by an attacker and lead to a compromise of personal information or passwords.
3. Personal liability: In many legal cases, the University is obligated to provide the identify of the person using our network resources for illicit purposes. In cases where access was through an insecurely configured personal wireless access point, only the name of the owner of the wireless router is known, and that person may be held legally liable for all activity utilizing that router. If the University receives a subpoena requesting the identity of the person using a network address assigned by a personal wireless router, the owner of record for the router will be provided. Running a personal wireless network may expose you to significant liability if someone abuses that network.
4. Stability of University network resources: Simple mistakes in the operation of wireless routers can have a disproportionately severe adverse effect on the rest of the network. Many wireless access points also support wired connections. As a result, there is often more than one Ethernet jack on the device: there is the jack intended to connect to your ISP, and one or more jacks intended for use with computers or other devices. The jack meant to connect to your ISP - often called "WAN", "Uplink", or "Internet" - is easiy confused with the other jacks on the device. If, instead of this correct jack, one of those other jacks is connected to the wall jack in an office or residence hall, the result is often an outage which affects an entire floor or building. Such a mistake can be a problem elsewhere, too, so it's always a good idea to double-check the device's documentation before trying to plug it in.
   

 

Finally

These guidelines are intended as a starting point, not as a replacement for your device's manual. You should always be sure to read the provided documentation carefully, as there can be variations in features and modes of use among different manufacturers and products. While Information Technology does not officially support any wireless routers, we'll still try to help with any questions you might have, even if it's simply trying to explain a concept from the manual.

 

IT Help Center   BU 

• © Boston University