Texas State provides a robust array of information resources and services, including two wireless networks: a private, encrypted network named TexasStateWPA and a public, unencrypted network named TexasStateUniversity. You must login using your Texas State NetID and password to connect to TexasStateWPA. In doing so, you establish a kind of protective wrapper around the information you send and receive during your wireless session, shielding that information from others on the network, including eavesdroppers using Firesheep or similar tools. It takes only seconds to login, so choose TexasStateWPA for your on-campus wireless access. GOING WIRELESS? GO ENCRYPTED! GO TexasStateWPA.
The public network TexasStateUniversity is just like any Wi-Fi hotspot network. A login is not required, making it ideal for use by visiting officials, summer camp attendees, and other campus visitors who have no need for a Texas State NetID. When you choose to use that network, you accept certain risks, not unlike the risks you accept if you leave your apartment or vehicle unlocked. Chief among those risks is the possibility that your information will be seen by others. Public Wi-Fi networks pass traffic in clear text that is readable by other computers on that wireless network. This is not new - public Wi-Fi hotspots have always operated this way, whether located in a hotel, a coffee shop, an airport, or on a campus. Users are generally unaware of this risk or accept it in return for quick and convenient Internet access.
The recent arrival of the Firefox browser plug-in known as Firesheep has elevated the risk of using unencrypted wireless networks like TexasStateUniversity. Firesheep makes it easy for anyone to use the clear text transmissions of public wireless hotspots to exploit the lax default behavior of popular websites like Facebook and Twitter. Firesheep takes advantage of websites that do not shield your transmissions from eavesdroppers for the entire duration of your browser session, thus putting your information at risk.
Using Facebook as an example, let’s look more closely at what this means. Facebook protects your login credentials using the encrypted and secure hypertext transmission protocol, or HTTPS for short (https://www.facebook….). Once logged in, however, Facebook’s default behavior is to switch you to its unencrypted counterpart HTTP (http://www.facebook....) for the remainder of your Facebook session. Your session cookie, containing your trusted Facebook identity, passes between the Facebook website and your computer in clear text and is exposed to anyone watching traffic pass over that wireless network. A Firesheep user on that network can then use your cookie to take control of your browser session and your Facebook site.
The Firesheep threat is forcing Facebook and other social media sites to provide users the option to retain HTTPS for their entire session, an option we encourage you to always select when available. See how to enable HTTPS for Facebook, and how some Facebook apps don’t want to cooperate, at http://security.vpit.txstate.edu/awareness/social_networking.html.
Bottom Line: When you choose Texas State’s encrypted wireless network (TexasStateWPA), you protect your wireless session against eavesdropping, no matter what websites and web applications you use. You lock your car - you lock your apartment - why not lock your wireless access? Just remember: GOING WIRELESS? GO ENCRYPTED! GO TexasStateWPA.
See http://www.tr.txstate.edu/get-connected/computerservices/wireless.html for more about Texas State’s wireless networks.