For years now, Navy Marine Corps Intranet (NMCI) users have jealously eyed the laptop-wielding, Wi-Fi-connected masses in coffee shops, hotels and airports as they turned idle time into productive time. Barred from full network access, NMCI users on the go had to settle for cellular phones, air cards and Outlook Web Access to provide mobile support. While these capabilities provide some fairly productive mobility tools, access to the information and resources on NMCI that would further support the mobile worker remained unavailable — until now.
With the release of Wireless Public Hotspots (WPH) service, NMCI users within the continental United States can now use free or for-fee public Wi-Fi hotspots to securely access NMCI. This capability provides mobile users with the same computing environment they would have when sitting at their wired computer. This enhanced capability will allow remote users to remain better connected and more productive outside of their wired environment, whether on travel, telecommuting from home, or in any location outside the office where Wi-Fi is available.
Private Network, Public Wi-Fi
Integrating any secure, private network, such as the NMCI, with public Wi-Fi access points outside the control of network administrators is not done lightly. Before delivering any enterprise mobility capability to the Department of the Navy workforce, a careful analysis of the delicate balance between the benefits and inherent risks of wireless technologies is conducted.
Opening up network access through publicly available Wi-Fi hotspots presents significant information assurance (IA) concerns about introducing threats that might potentially harm the network. The use of public Wi-Fi access points, which are normally unsecured and unencrypted by design to foster maximum sharing of the signal, brings a number of widely known vulnerabilities that may be exploited. For example, is that wireless network named "FREE STARBUX Wi-Fi" that shows up as available for connection really coming from the coffee shop you're in or from the van in the parking lot?
Setting up such imposter or "rogue" access points that can divert your laptop to a hacker-controlled destination and/or install malware is just one potential avenue for hackers. Another common attack is to take advantage of the lack of encryption on a public access point to intercept and read the traffic transmitted between the laptop and the network.
Of course, these threats are above and beyond the fact that you are conducting official business in the middle of a bustling coffee shop or airport terminal, and wearing a uniform or sporting a Defense Department badge that just might make you a more attractive target for hackers.
Locking It Down to Open It Up
The threat to the network from these vulnerabilities is real; the impact from a breach could not only affect the user that is being targeted, but the entire network. Clearly, before approval could be given by the Navy and Marine Corps Designated Accrediting Authorities (DAA), network engineers had to develop a solution that would minimize the risks of Wi-Fi access.
As a result of these efforts, connecting to NMCI via a public hotspot is done in a significantly different way than how you would normally use your laptop's internal Wi-Fi antenna to connect to a hotspot at home or in a public location.
The NMCI solution relies on two components that reside on the laptop; one is hardware, and the other is softwarebased. The hardware consists of an approved wireless network interface card which installs in the laptop's PCMCIA slot. (Laptops with an ExpressCard slot will require an adapter.) The necessary client software component is the Wireless Client Encryption, which is available only through NMCI. This allows you to securely connect to NMCI via an encrypted virtual private network. Additional security includes the enc