Gayle from the Sargent Township Library recently sent me the following questions. Since I thought that others would benefit from her questions and my answers she graciously gave me her permission to repost it all here.
Michael.
We use a wireless router at our library that is currently unsecured. I would like to be able to keep it that way so that anyone with a laptop can have access. The problem is that we have 3 desktop computers that are not wireless and attached to the wireless router with an Ethernet cable. I have always assumed that the desktops are secure because we are not using them wirelessly. Now I have learned that they are not secure. Is there a way to secure the desktops so that people can do their income taxes and internet banking? Could some hacker be able to control our router and obtain all of their passwords? Also, even my computer is attached to the same wireless router.
Gayle,
From the sounds of it you have nothing to worry about. However, there are points you do need to be aware of so please bare with me while I write this all out…
As I understand it you have the following setup:
- Some public access desktop computers connected to a router via Ethernet cables
- That router also accepts unsecured wireless connections from public laptops
- That router then connects all of these computers to your library’s internet connection
Assuming all this here are the three areas that need to be considered:
WiFi access:
The security issue here is the over-the-air signal between the laptop and the router. In a home situation you would want to secure that connection with a password which then encrypts (scrambles) the signal while it’s in the air. When it’s scrambled two things are prevented. The first is that no one can read the signal if they pick it out of the air. Second, it prevents your neighbors from using your internet connection since they don’t know the password. This is what you should do for “non public” WiFi connections. In your case you’re offering public WiFi access. In this case you do not want to secure the connection with a password. If you did you would have to give anyone who wanted to connect the password and once many people have it, it no longer provides security. (It would be like locking your house but then giving anyone who asked a key.) As a result, your WiFi policy should mention that this is an insecure connection. As to whether people should be doing things like banking and taxes over an insecure connection needs to be left up to the user. (If the URL of the site their on starts with “HTTPS” then the site is handling security and it generally be considered OK but some will still be uncomfortable.)
The desktops:
Since the connection to the Internet through the router is done over cable, there is no over-the-air signal to be intercepted and therefore the general concerns with WiFi do not exist. There are still some issues to be considered. For the users, they should still look for the “HTTPS” URLs when doing financial things on any computer. Also, computers and browsers tend to remember information input by the users. Your computers should have some sort of security software that will prevent this information from being kept. (I can address this in another e-mail if you’d like.) From the library’s point of view, all file-sharing should be turned off on public access computers unless you have a specific need. This will limit the ability of anyone on the outside being able to access these computers remotely.
The router:
Since all of the information from both the desktops and the WiFi go through this device, it is a central point where security also needs to be considered. All you can really do here is to make sure that the Router has a strong administrative password set on it which will prevent anyone from logging into the router and changing its settings.
