At a Glance
Central Software
CityVoD - CSC Forum Archive
Software List on CSC Student LAN

Location and Floor Plan of the CSC Teaching Studio Areas
Opening Hours of the CSC
Systems Maintenance Schedule
List of Blocked Network Cards / IP Addresses
List of CSC Representatives
List of Departmental Network Administrators
Staff Computer Courses
CSC e-Forms
Submit CSC Work Req.
Req. for Printing
Req. for Dump / Restore
Teaching Studio Booking / Cancellation
Email Alias Application
Apply for a New Domain Name
Remove an Existing Domain Name
Modify the Hosting of an Existing Domain Name
Useful Links
IT Information for Students
IT Information for Staff
IT Information for Alumni
Got any questions, comments or suggestions? Contact the editors at
Issue 51 - March 2007
Broadband Internet Access at Wi-Fi Hotspots
By C. Y. Kwok

The term Wi-Fi is now commonly used to describe the underlying technology of wireless local area network (WLAN) based on the IEEE 802.11 specifications. Wi-Fi hotspots are venues (often public locations) that offer broadband Internet access using the WLAN technology. In Hong Kong, most hotspots for wireless Internet access are operated on a commercial basis, though some hotspots in the Passenger Terminal Building of the Hong Kong International Airport are providing service free of charge.

CityU, as well as the other local universities in Hong Kong, has been invited by at least one Wi-Fi broadband service providers to take part in a collaborative effort with the aim to transform Hong Kong into a Wi-Fi city. The universities are chosen mainly because most of them have a large user population and a well established WLAN infrastructure in place. In essence, the collaborative effort will provide mutual benefits for the 2 parties (the university and the service provider) involved, whereby:

University members (staff members and students of the university) will be given free Internet access at all the hotspots operated by the service provider.

The university will open up part of its WLAN for Internet access to the subscribers of the service provider. The service provider will provide the Internet bandwidth and IP addresses to its subscribers through a peering telecommunication link set up by the service provider.

Most service providers adopt a technique called captive portal for user authentication. Whenever a subscriber starts up a web browser on his wireless device, the first web page the user is trying to access will be redirected to a special web page (usually a login screen) at which he/she will be asked for a username and password pair. Upon successful authentication, the user will be able to continue the Internet access. Although SSL (Secure Socket Layer) encryption is used for the captive portal to protect the username and password from being sniffed (captured) in the air, all the data traffic thereafter is carried over the wireless connection unencrypted. As such, the wireless connection is extremely insecure. However, there are a few advantages in using captive portal:

Most wireless devices, especially mobile devices such as PDA or smart phones, come with a web browser, therefore there is no need to install additional software for user authentication. No user configuration is required on the system software and the web browser. Therefore, almost all wireless devices can be supported, as long as a web browser can be run on these devices.

First time subscribers may create a new user account and provide payment details through the captive portal. This is very convenient for those people on-the-go who need immediate and temporary Internet access at the hotspots.

Service providers also prefer this kind of access control as they can take advantage of the login web page for customer communications.

CityU considers using captive portal for user authentication at the hotspots insecure and therefore unacceptable for the university members. When a university member reads his email messages at a hotspot using an email client software which is configured with either POP3 or IMAP protocols for accessing his mailbox, his email account and password will be passed to the email server for user authentication in clear-text format. The latter can easily be captured by some malicious person using a packet sniffer such as AirSnort, Kismet, and NetStumbler, etc.

In this respect, CityU and some other local universities will use 802.1X (IEEE 802.1X is an IEEE standard for port-based network access control) instead of captive portal for user authentication, because 802.1X is increasingly the authentication protocol of choice on WLANs. 802.1X is a framework protocol which supports various EAP (Extensible Authentication Protocol) methods, subprotocols that perform authentication transactions. For a university member of CityU, there is no need to install a digital certificate on his wireless device, but he will be authenticated using his existing Windows account and password. The data transmission over the wireless connection will be encrypted using WPA (Wi-Fi Protected Access), which uses a different encryption key for each data frame and includes a mechanism to prevent man-in-the-middle attacks. Windows XP, Windows Vista, and the latest service pack of Windows 2000 support 802.1X for all network connections by default.

CityU will join Eduroam ( as a member in the near future so that university members will be able to enjoy free Internet access when visiting other member institutions in Europe, the Asia Pacific region as well as those that have joined the Eduroam in other parts of the world.


  1. Educational Roaming Infrastructure (Eduroam)


  2. Eduroam Turns Academics into Guests

  3. 802.1X from Wikipedia

  4. What is 802.1X from Network World Fusion


  5. Hotspot (Wi-Fi) from Wikipedia

Also in this issue...
Latest Developments on the e-Learning Project
Windows Vista at CityU
Current Email Spam and Anti-spam Situation on Campus
Fast Printing Service Support to Better Serve the Campus Community


Current & Back Issues
Search Articles
Microsoft Windows10
Microsoft Windows 7
Office 365 ProPlus
Microsoft Office 2013
Microsoft Office 2010
Internet Explorer 11
Internet Explorer 9
Email Services
Confidential Email
Wireless LAN
Virtual Desktop Service (VDS)
USB Flash Drive
CityU SMS (for Department)
CityU SMS (for Staff & Student)
iPad (iOS 5.x)
Wiping a Mobile Device
Wiping Mass Storage Device
Handling Handheld Smart Devices for Service Maintenance, Recycling Use, and Disposal
Staff Account Renewal
Changing Local Administrator Password
McAfee Endpoint Security
Full Scan of Your Computer for Concealed Computer Virus
Computer Warranty Scheme Software Copyright Declaration and Compliance Observation
Technical Guides
AV Facilities User Guide
Connecting to Wireless LAN (WiFi)
VPN Connection Setup Guide BitLocker To Go User Guide
Copyright© Computing Services Centre, City University of Hong Kong. Best viewed in 1024x768 with IE. Javascript enabled. Last modified on Friday December 28 2018 .