Back to the Weekly Home Page

Classifieds

Palo Alto Online

Are wireless networks worth the risk?

by Grace Rauh

Wireless networks pose real security concerns for schools and companies alike -- but schools face a double responsibility of protecting data and confidential student information.

Related Stories - Security breach - Are wireless networks worth the risk? - When student privacy becomes a federal case - What those computer terms mean...

Schools are required to protect student's records from public access under the Family Educational Rights and Privacy Act of 1974 (FERPA). A school has to record all individuals, agencies or organizationsthat request or view a students' file, and those must have legitimate educational or other interests as defined by the law.

Meeting FERPA requirements in a wireless-network school requires even more stringent attention to potential security pitfalls inherent to the system, according to security experts.

Many companies with wireless systems safeguard data with password protection, said Philip Vahey, a research scientist in the Center for Technology and Learning with SRI International, an independent, not for profit research organization in Menlo Park.

"Other companies have hired consultants to make sure there are no computer holes and physical holes in security. They will literally hire consultants to drive around and see how close they can get to get on the network. It is as much about physical proximity as it is about a hacker breaking into your firewall," Vahey said.

Requiring user passwords on a wireless system is a simple but important way for schools to protect against unauthorized users, but may not protect against a persistent hacker, he said. Switching to a closed computer network will increase confidential data protection, but at the loss of a convenient wireless system.

Determining the right balance between security and convenience is a balancing act, Vahey said.

"It's convenience to the IT people and convenience to the users and the technological sophistication it requires to set up the system that meets all the different needs you have," he said.

A constant awareness of authorized-user policies and keeping all networks password protected is essential to maintaining security of student-related datain a wireless school.

"Once you get used to wireless it is just much more convenient. People don't want to live without that once they get it. Once you realize the students don't all have to be in that one computer lab that is wired for the Internet...it really opens up just more than before.

"You are really hesitant to take it out on the off chance that someone gets close enough to sniff (get on) the network," Vahey said.