ITS Wireless Networking Standards
The Information Technology Services (ITS) is committed to its leadership role in exploring and implementing emerging enterprise technology solutions for Penn State University. The rapid development of high-speed wireless networking technology has created network-access opportunities in classrooms and public gathering places.
As champions of new technology and in the spirit of its leadership role at the University, ITS recommends, as of early-2002, that those electing to deploy their own high-speed wireless local area networks (LANs):
- continue to pay close attention to authentication and other requirements of AD-20
- employ encryption with a level of security at least that of IPSec and to the maximum level of security offered by the vendor
- choose vendor equipment adhering to the well-known IEEE 802.11b specification
While Penn State's Wireless LAN service meets the requirements for a scalable, secure, and easy-to-use high-speed wireless service, it is recognized that some University offices may elect to implement their own wireless solutions. For those doing so, ITS offers the recommendations above, and encourages review of the considerations and recommendation expressed in March, 2001, by the University's Security Operations and Services unit. That information, electronically distributed to several hundred University personnel by Telecommunications and Networking Services, is reproduced here for your convenience:
"Some of you have taken initial steps toward installation and use of high-speed wireless technology in your areas. We understand that some of the systems installed also enable access to the University's Integrated Backbone services, and in turn to the global Internet, through your local network connections. We applaud such experimentation and assessment."
"Based upon Information Technology Services' (ITS) own endeavors toward development of a sufficiently secure, scalable, and easy-to-use high-speed wireless service, we have learned that meeting the requirements of AD-20, the University's policy on computer and network security, in a wireless environment presents special challenges. A key objective of the AD-20 policy is to enable identification of those who are using the University's network, should a security incident arise. For wired networks, this is often attained through the use of an authentication scheme that is relatively straightforward. Wireless networks, though, warrant special attention in terms of meeting this objective."
"Particular attention should be paid by those responsible for these wireless networks, and for the associated local networks to which the wireless networks might have access, to assure the objectives of AD20 continue to be met. Also, because of the nature and limitations of equipment that is currently available to support wireless networks, it is strongly recommended that encryption be employed to the maximum level of security offered by the equipment vendor, to further minimize the security risk inherent with the current use of this technology. Questions about how to best meet the security requirements of AD-20 in a wireless environment should be directed to Kathleen Kimball of the University's Security Operations and Services unit, at 863-9533, or krk5@psu.edu."
Considerations
Several considerations are also worth noting, and are offered here, for guidance of those electing to implement their own wireless solutions:
Generation Gap
Wireless technology currently uses 'shared network' technology. Many of the University's 'wired' Local Area Networks (LANs) now use 'switched' technology, which offers greater speed and privacy than wireless technology currently provides. There is currently a generation gap between wireless networking technology, and the University's wired network; that gap is likely to persist during the foreseeable future.
Performance Variables
Wireless technologies are based on the transmission of radio frequencies between a wireless network interface card (NIC) and a 'base station', often called an 'access point'. These radio signals are not immune to interference from other electrical devices and may not penetrate some substances well enough to deliver a usable signal. Because of these conditions, available bandwidth and reception distances will vary on even the best-designed systems.
Interference
Installers of wireless equipment should be aware that "802.11b" wireless equipment uses an unlicensed frequency band. This means that other devices that use the same frequencies may interfere with "802.11b" wireless communications. Examples of such devices are cordless telephones, microwave ovens, devices using Bluetooth technology, and amateur radio transmissions. ITS reserves the right to deploy wireless networking equipment, possibly requiring the removal or modification of previously installed departmental or individual user equipment. Any wireless or other networking equipment operated by an individual or department is subject to disconnection should it cause network problems. Should existence of devices cause service problems with a University-wide solution, or with the University's network services, modification or removal of such equipment may be necessary.
Funding Strategy
The introduction of wireless technologies has created the need for Penn State to underscore the manner in which such networks are funded. In the same manner as LANs, the cost of equipment and service support to develop, operate, and maintain a wireless network capability within an area, is dependent upon funding by the organization being served within that area. While a new funding model, for telecommunications and for computer and network security services, currently includes a modest level of funding for provision of wireless infrastructure starting in 2002/03, the extent of that infrastructure is limited to central, shared components needed to implement necessary levels of adequate security, and to services and components needed to enable some amount of coverage outside of buildings. But coverage of costs associated with design of building-specific networks, necessary components and installation costs, maintenance and operations costs, and eventual replacement of devices, is the responsibility of the organization requiring service.
Support
Individual departments that choose to purchase wireless technology are ultimately responsible for adhering to University standards being developed, and for supporting the electronic equipment that they have purchased.
