(1) What is WPA?

WPA or WiFi Protected Access wireless security protocol was released in 2003 in an attempt to address many of WEP’s shortcomings. WPA2 was released in 2004. the technology included two improvements over WEP:

  • Improved data encryption through the temporal key integrity protocol (TKIP). TKIP scrambles the keys using a hashing algorithm and, by adding an integrity-checking feature, ensures that the keys haven’t been tampered with.
  • User authentication, which is generally missing in WEP, through the extensible authentication protocol (EAP). WEP regulates access to a wireless network based on a computer’s hardware-specific MAC address, which is relatively simple to be sniffed out and stolen. EAP is built on a more secure public-key encryption system to ensure that only authorized network users can access the network.
Currently the UNC-Secure wireless network uses WPA2-Enterprise with EAP-TTLS for authentication. Eventually, EAP-TTLS will be replaced with EAP-TLS, which will allow certificate-based authentication, valid for one year. At present, users can download UNC-Secure certificates at uncsecure.unc.edu. See the instructions below to connect to the UNC-Secure network based on your operating system:

(2) What are my options if my device can’t connect to UNC-Secure?

For devices that cannot be configured on the UNC-Secure wireless network, the PSK (Pre-Shared Key) is available. This is a WPA2-PSK wireless network which uses a WPA key phrase. All devices on UNC-PSK will first need to register for DHCP service. For further details about PSK, please click here.

(3) How do I secure wireless connections?

The University uses WPA2 (Wi-Fi Protected Access) in order to increase the security of wireless connections on campus.

Use of UNC Secure and WPA2 encryption offers a much more secure way to communicate and transfer data than the WEP protocol used in UNC-1. Although UNC-1 is now being phased out, it is still available in some areas on campus.

We encourage all faculty, staff and students to configure their devices for use with the UNC-Secure wireless network, but if UNC-Secure connections are not possible, to use the PSK (Pre-Shared Key).

(4) What extra precautions do I need to take when I am connected through a wireless network?

As a rule, you should never give out any personally identifying information on a web page that is not encrypted with at least 40-bit SSL encryption, and preferably the stronger 128-bit encryption, regardless of the way you are connecting to the Internet. This encryption is often indicated by a url beginning with “https” and a lock symbol in the address bar of your browser. Where you need to be careful is when viewing pages that aren’t encrypted. Don’t give out any personal information or do anything you wouldn’t want others to see. Rather than using programs like telnet which will broadcast your password over the wireless connection, use clients like Secure CRT or Secure Shell for Windows and Fetch for Mac OS-X instead.

Losing your password is a serious thing. If somebody steals your password then he or she can use UNC’s systems for their own purposes; system security will have been compromised, and you may find yourself responsible for the actions of a stranger.

(5) If I live on campus and need more than one ethernet port, what are my options?

There are several options available. The following are products that are allowed to be used on the UNC network. Wireless routers are not permitted since they pose security risks in addition to interfering with the UNC wireless network.

  • NetGear DS-104 4-Port 10/100 Ethernet Hub
  • NetGear DS-108 8-Port 10/100 Ethernet Hub
  • U.S. Robotics 7905 5-Port 10/100 Ethernet Switch
  • U.S. Robotics 7908 8-Port 10/100 Ethernet Switch

If you have any questions about internet connectivity or network policies, please contact the ITS Response Center at 962-HELP or email ITS Security.