Wireless Networks in Libraries

Wireless Networks in Libraries

Marshall BreedingVanderbilt University

http://staffweb.library.vanderbilt.edu/breeding

[email protected]

http://www.librarytechnology.org

Alaska Library Association Annual ConferenceSaturday Feb 25, 2006

Wireless Networks in LibrariesFebruary 25, 2006

Abstract

Wireless LANS have captivated much attention in the business environment, in the home, and in libraries. A fundamental challenge lies in determining how—or if– to make use of this technology. This workshop aims to provide attendees with the knowledge to make these decisions and to enable them to establish effective and secure wireless networks in their libraries.


Proposed Agenda

Network Basics

Wireless Basics

Security Concerns

Library applications: Wired vs Wireless

Examples and Case Studies

General Discussion


Preliminary Questions

What do you expect to get out of the workshop?Identify specific issues that you want to see addressed before the end of the dayTalk about issues of concern to your libraryIs there any one item that we can cover that will make you feel like the workshop was worthwhile?

Network Basics

A review of basic concepts and terminology


OSI Reference Model

Layer 1 – Physical (Electrical characteristics of cabling)Layer 2 – Data Link (Ethernet) Ethernet cards, hubs,switches; (802.11) Layer 3 – Network (IP) RoutersLayer 4 – Transport (TCP / UDP) Error recovery, transfer of dataLayer 5 -- SessionLayer 6 -- PresentationLayer 7 -- Application


Ethernet

IEEE 802.3

CSMA/CD Carrier Sense Multiple Access with

Collision Detection

Governs Media Access Rules


Ethernet segments

Dates back to original Ethernet cabling 10Base5 -- Thicknet coaxial cable Overall length of 2500 meters Minimum 2.5 meters between nodes Transceivers

Broadcast medium All nodes can intercept all traffic in

promiscuous mode


Network Components

Hubs

Switches

Routers


TCP/IP

Primary Network Protocol


TCP/IP Protocol Suite

Ethernet (802.3) WiFi (802.11)

IP

UDPTCP ICMP

Pinghttp ftp smtp LPR NFS DNS rtsp

PhysicalConnectivity

DatagramDelivery

ReliableTransport

UserPrograms


TCP/IP Configuration Details

IP Address

Subnet mask

Gateway/router


IP Addresses

129 59 150 5

10000001 00111011 10010110 00000101

129.59.150.5

IP Addresses are 32-bit numbers:


Class B Networks

1 0 14-bit Network ID 16-bit Host ID

10 00111011 10010110 00000101000001

129.59.150.5

2 or 65,536 Host Addresses per Network16


Class C Networks

1 1 22-bit Network ID 8-bit Host ID

11 01101111 01101110 00000101000000

192.111.110.5

2 or 256 Host Addresses per Network8


DHCP

Dynamic Host Configuration ProtocolAutomatically configures network client for TCP/IP communicationsDHCP servers provide only a temporary lease on a configuration setipconfig: /release, /renew, /all


Wireless basics

Uses radio frequency transmission over the air instead of network cabling

Stable and reliable technology

Increasing in popularity in business and home computing


802.11 Media Access Rules

CSMA/CA

Carrier Sense Multiple Access with Collision Avoidance

Request to Send (RTS) / Clear to Send (CTS)

Reduces or Eliminates collisions

Hidden Node Problem


Wireless architectures

Peer-to-peer (ad hoc mode) Wireless NICs talk to each other

Infrastructure Mode Uses Wireless Access Point


Ad hoc mode

Computers connect directly with each other

without additional equipment


Router

Access Point

Ethernet Switch

Infrastructure Mode


Wireless Hardware

Access point Functions just like an Ethernet hub Shared media Connects to an existing Ethernet connection

Receiver Network Interface Card PC Cards for Laptops PCI for Desktops PDA versions available


Transmission Details

RF transmitters and receivers, or radios, carry data packets as a payload.

Multiple channels 802.11b: 14 (FCC allows 11) 5 MHz per channel

AP’s within range of each other should be on different channels


802.11b Channels (U.S.)1

2

3

4

5

6

7

8

9

10

11

2.3995 2.404

5

2.409

5

2.414

5

2.419

5

2.424

5

2.429

5

2.434

5

2.439

5

2.444

5

2.449

5 2.474

5


Non-overlapping Channel Map

11

6

111

6

1

6

11

1

1111 6

11

6


Positioning Wireless Access Points

Conduct an RF site survey


Range per Access Point

75-150 feet indoors typical

500 feet in open areas

1000 feet outdoors

Performance degrades with devices located further from the AP


Wireless Devices


Types of Wireless Devices

Access point Bridge: wired network to wireless

Wireless Router or Gateway Bridge NAT: Network Address Translation, allows

multiple devices to share single IP address Router: Connects wireless network to Internet Usually connects directly to DSL or cable

modem connection


Wireless Network Interface Card

PCI

PC Card

Pocket PC, Palm Pilot

Almost always built into current mobile devices


Wireless Flavors

802.11

802.11b

802.11a

802.11g

802.11n (future)


802.11

IEEE 802.11 WLAN committee initially formed in 1997

Original specification

Now obsolete

1-2 mb/sec


802.11b offers 11 mb/sec

Original standard

11mb/sec

2.4GHz band

Still 90% of market


RF interference

2.4 GHz frequency used by other devices

802.11a, g

Microwave Ovens

Cordless telephones

Bluetooth (high-speed frequency hopping)

Rogue 802.11 equipment


DSSS modulation

Direct-sequence spread spectrum


802.11a delivers up to 54 mb/sec

54mb/sec

5GHz band

Higher performance

Higher cost

Shorter range (180 feet)


802.11g

54mb.sec

Alternate future standard

Backwards with 802.11b

Operates in same 2.4GHz band as 802.11b


802.11n

Proposed next generation of 802.11 technologies

Up to 100 mb/sec

No agreement yet. Competing proposals still being considered by IEEE 802.11 Task Group N

multiple in, multiple out (MIMO) technology

Wide channels: 20 – 40 MHz


Wired vs. Wireless bandwidth

Wired networks will always be faster

100 mb/sec Ethernet common for wired networks for desktop computers

Ethernet switching available for wired networks

1 GB/sec common for servers and high-performance workstations

10 GB/sec available for fiber networks


Wired networks offer higher performance

“Despite the steadily increasing speed of wireless technology, wired networks will always outperform it by long strides.”

“…wireless applications will flourish in places where mobility takes precedence over performance or where physical cabling is especially problematic”


Balanced perspective

Wireless technologies have limitations

Does not supplant need to install copper and fiber network cabling in new buildings


Wireless Coverage

Varies according to building characteristics

Works best in open areas

Book stacks often too dense and can present barriers


Configuration issues

Most use DHCP Dynamic Host Configuration Protocol

Session initiation and configuration usually completely transparent


Session Set ID

Unique name given to an access point

Should all access points in the organization’s WLAN have the same SSID?

Should the SSID be broadcast?


Exercise

Configure Linksys Access point


Linksys basic Settings


Web Security administration


Mac Address Filter


Windows XP Wireless LAN wizard


Windows XP WLAN properties


Cost Issues

Wireless access points slightly more expensive than Ethernet HubsWireless NICs slightly more expensive then Ethernet cards ($100+)Cabling needed only to the Access point


Electrical PowerAccess Point InstallationElectrical

Power

Electrical PowerElectrical PowerElectrical PowerElectrical PowerEthernet

ConnectionElectrical

Power

Access Point

Omni-directional Antenna


Wireless Enterprise Infrastructure

WLAN SwitchesWLAN Gateways802.1x Authentication RADIUS LDAP

Wireless Security Issues

Implementing a wireless LAN without compromising your

network


Security concerns

Eavesdropping a major concernUnprotected wireless access points are an easy of entry for mobile hackersMany rogue Wireless LANS were put up in corporate networks without IT support or adequate securityWar Driving / War ChalkingSome war driving / freeloading happens in residential settings


Positioning your wireless network

Wireless LANs generally exist on the network edge point

Wireless LANs should be considered untrusted

Positioned outside the organization’s firewall

Hardened core remains protected


Router

Ethernet Switch

Access Point

Public Access

Workstations

Library Staff W

orkstations

Ethernet Switch

Ethernet Switch

Router / Firewall

Library NetworkWith Public / Staff

Separation


Rogue Access Points

Wireless networks must fit within the overall network designUnofficial or Rogue access points can jeopardize the security of the rest of the networkEfforts must be taken to detect and remove rogue access points or bring them in to the official networksRogue Access Points usually a symptom of unresponsive IT departments.


Encryption necessary to ensure security

Sensitive data must be encrypted when transmitted across any untrusted network

Most Encryption algorithms uses a secure key to encode the data and decode it after transmission

The longer the key, the more difficult it is to use brute force to decrypt the message

WEP uses 40, 64, or 128 (WEP2) bit keys


Wired Equivalency Privacy

Optional Encryption scheme part of the 802.11b specificationRC4 encryptionSingle key encrypts all trafficNo system for key managementHackers can easily recover the key WEP often not enabledWEP can be defeated by sophisticated hackersProvides a barrier to most potential intruders


Wireless Hacking tools

At least two open source tools are available for recovering 802.11 WEP keys:WEPCrackhttp://wepcrack.sourceforge.net/

AirSnorthttp://airsnort.shmoo.com/


802.11i

Security Standard for the 802.11 arena

Includes WPA and RSN (Robust Security Network)

Relies on 802.1x specification for port-based user and device authenticationRatified June 2004Marketed as WPA2


WPA

Wi-Fi Protected Access

Enhanced security over WEP

TKIP

Available now Backwardly compatible with WEP – requires only a firmware upgrade.


Temporal Key Integrity Protocol (TKIP)

128 bit encryption keysEach packet encrypted with a different key based on a 48-bit serial number, incremented with each use.Avoids replay attacksRelies on a base key with is generated when a device associates with the base stationIdeally unique base keys transmitted during 802.1x authenticationPre-shared keys used otherwise


WPA2

WPA + AES = WPA2Advanced Encryption Standard instead of TKIPStronger encryption algorithm Not guaranteed to be backwardly compatible with existing WEP equipmentPersonal version uses pre-shared keyEnterprise version uses 802.1X authentication through RADIUS server.


WPA/802.1x Diagram

See:http://www.infoworld.com/infoworld/img/20FEwifi_in-x.gif


Wi-Fi Security Services

SecureMyWiFi (http://www.witopia.net/)

RADIUS authentication and security key distribution service

Operates with AP’s that support WPA-Enterprise or WPA2-Enterprise

$29 annual fee


Virtual Private Networks (VPN)

A technology that offers strong security

Common approach for remote users that rely on accessing organizational resources through the Internet

Applicable to wireless users on premises

Enhances security / adds inconvenience.


Ethernet Switch

Remote Host with VPN Server Component

Encrypted Tunnel provided by a Virtual Private Network

Access Point

Router Router

Remote Laptop with VPN Client

Traffic is encrypted along the entire path from client to host


Ethernet Switch

Remote Host

Scope of Encryption Provided by WLAN Security

Access Point

Router Router

Wireless LAN with WEP or

WPA

Traffic is encrypted only between the Wireless NIC and the Access Point


Avoid wireless technologies for sensitive networks

Not appropriate for networks that carry confidential or sensitive information

Protect core network services with internal firewalls

Library Applications

Using wireless technology in libraries


Library vs Commercial Wi-Fi service

Fee-based or Free?


Wireless Access Policies

Open unauthenticated access?

Display appropriate use click-through page?

Filter?

Require authentication by library card number?


Part of campus wireless infrastructure

It is becoming increasingly expected that students will have wireless access to their laptop computers throughout the campus. Dorms, Classrooms, Labs, Libraries.


Classrooms

Vision of fully connected classroom can be fully realized inexpensively Expensive to provide wired

connectivity in classroom setting

Mixed blessing (Cliff Lynch observations)


Wireless laptops

Provide access to library resources to laptops brought into the library by patrons

Library supplied laptops can supplement public access workstations

Offer library users more flexibility and convenience in access resources throughout the library


Computer labs

Mobile labs can be used for training an outreach sessions outside the library

Training labs in the library that can be set up and dismantled on demand.


Staff applications

Remote circulation tasks

Tracking in-library use of materials without having to take them to a circulation desk

Inventory

PDA’s can be used instead of PCs or Laptops


Cell Phones

Many have Internet access

Libraries may see future demand to make their services available to cell phone and other small wireless devices

Current demand limited


Interfacing with Cell Phone services

WAP – Wireless Application Protocol

WAP Gateways part of wireless provider’s infrastructure

WML: Language used for delivering web pages to wireless users. Ulta-light HTML

Library-Specific Wireless Products and Services


WAP access to Library Catalogs

Some vendors offering support

Examples: Innovative Interfaces offers AirPAC


Polaris Wireless Access Manager

Product from Polaris Library Systems to authenticate user access to the WLAN using the patron database using SIP2. Specifically supported for Polaris, but works with any other ILS that supports SIP2.

Introduced January 2004.


TLC Wireless.Solution

Wireless.Solution offers libraries a secure setup fire-walled from the library's network, with up to ten simultaneous VPN connections for staff functions. Wireless.Solution Pro offers the same security as Wireless.Solution, along with managed access to control bandwidth per user, the flexibility to provide access free or fee-based or a mixture of the two, and a personalized interface for the library.


Dynix Horizon Wireless Gateway

Dynix offers Horizon Wireless Gateway, a comprehensive high-speed wireless networking solution for libraries that uses Bluesocket equipment and technology. Horizon Wireless Gateway comes with tools for patron authentication and encryption, bandwidth management, regulatory compliance, network scheduling, Web-based network management, and centralized status and usage reporting.


Sirsi Wireless services

Sirsi offers two new network consulting services for libraries interested in installing wireless and IP telephony technologies. Technology partners for these services include Cisco Systems; Global Solutions Group, providing information technology design; and Bluesocket Inc., the leading vendor of open-systems wireless local area network (WLAN) systems to secure and manage wireless access to networks and the Internet.


Sirsi PocketCIRC

PDA Circulation Client

Wireless connectivity

Open Source options


ZoneCD from PublicIP

Open source hotspot solutionFeatures: Redirect users to a splash page Optional or required authentication Content filtering

Bootable Linux CD; does not install on PC but runs from the CDSee: http://www.publicip.netFree software, but donations appreciated


Other Wireless Technologies


WiMax

802.16 standard

Worldwide Interoperability for Microwave AccessA WAN technology

Last-mile alternative to DSL

Recent strong support by Intel corporation which developed a chip supporting WiMax.


Bluetooth

Wireless protocol for connecting PDAs and peripherals to PCs

Not part of the 802.11 family

2.45 GHz spectrum

Low bandwidth (~1mb/sec)

Short distance (10 meters)

Recent security concerns


RFID

Radio Frequency Identification13.56 MHz bandManufacturers: TAGSYS, Checkpoint Systems, Texas InstrumentsISO 15693ISO 18000 Mode 1: Backward compatible with ISO

15693 Mode 2: Next Gen. High-speed

communications with multiple tags.


Resources

http://wirelesslibraries.blogspot.com/

http://www.networkworld.com/topics/wireless.html

http://www.wi-fi.org

http://wi-fiplanet.com/


Summary

Wireless networking offers network access to many new environments and applicationsAn increasingly important supplement to existing network infrastructureNot a panacea for all network communications needs

Documents

Wireless Networks in Libraries