Upload
networksguy
View
1.550
Download
2
Tags:
Embed Size (px)
DESCRIPTION
Citation preview
Wireless Networks in Libraries
Marshall BreedingVanderbilt University
http://staffweb.library.vanderbilt.edu/breeding
http://www.librarytechnology.org
Alaska Library Association Annual ConferenceSaturday Feb 25, 2006
Wireless Networks in LibrariesFebruary 25, 2006
Abstract
Wireless LANS have captivated much attention in the business environment, in the home, and in libraries. A fundamental challenge lies in determining how—or if– to make use of this technology. This workshop aims to provide attendees with the knowledge to make these decisions and to enable them to establish effective and secure wireless networks in their libraries.
Wireless Networks in LibrariesFebruary 25, 2006
Proposed Agenda
Network Basics
Wireless Basics
Security Concerns
Library applications: Wired vs Wireless
Examples and Case Studies
General Discussion
Wireless Networks in LibrariesFebruary 25, 2006
Preliminary Questions
What do you expect to get out of the workshop?Identify specific issues that you want to see addressed before the end of the dayTalk about issues of concern to your libraryIs there any one item that we can cover that will make you feel like the workshop was worthwhile?
Network Basics
A review of basic concepts and terminology
Wireless Networks in LibrariesFebruary 25, 2006
OSI Reference Model
Layer 1 – Physical (Electrical characteristics of cabling)Layer 2 – Data Link (Ethernet) Ethernet cards, hubs,switches; (802.11) Layer 3 – Network (IP) RoutersLayer 4 – Transport (TCP / UDP) Error recovery, transfer of dataLayer 5 -- SessionLayer 6 -- PresentationLayer 7 -- Application
Wireless Networks in LibrariesFebruary 25, 2006
Ethernet
IEEE 802.3
CSMA/CD Carrier Sense Multiple Access with
Collision Detection
Governs Media Access Rules
Wireless Networks in LibrariesFebruary 25, 2006
Ethernet segments
Dates back to original Ethernet cabling 10Base5 -- Thicknet coaxial cable Overall length of 2500 meters Minimum 2.5 meters between nodes Transceivers
Broadcast medium All nodes can intercept all traffic in
promiscuous mode
Wireless Networks in LibrariesFebruary 25, 2006
Network Components
Hubs
Switches
Routers
Wireless Networks in LibrariesFebruary 25, 2006
TCP/IP
Primary Network Protocol
Wireless Networks in LibrariesFebruary 25, 2006
TCP/IP Protocol Suite
Ethernet (802.3) WiFi (802.11)
IP
UDPTCP ICMP
Pinghttp ftp smtp LPR NFS DNS rtsp
PhysicalConnectivity
DatagramDelivery
ReliableTransport
UserPrograms
Wireless Networks in LibrariesFebruary 25, 2006
TCP/IP Configuration Details
IP Address
Subnet mask
Gateway/router
Wireless Networks in LibrariesFebruary 25, 2006
IP Addresses
129 59 150 5
10000001 00111011 10010110 00000101
129.59.150.5
IP Addresses are 32-bit numbers:
Wireless Networks in LibrariesFebruary 25, 2006
Class B Networks
1 0 14-bit Network ID 16-bit Host ID
10 00111011 10010110 00000101000001
129.59.150.5
2 or 65,536 Host Addresses per Network16
Wireless Networks in LibrariesFebruary 25, 2006
Class C Networks
1 1 22-bit Network ID 8-bit Host ID
11 01101111 01101110 00000101000000
192.111.110.5
2 or 256 Host Addresses per Network8
Wireless Networks in LibrariesFebruary 25, 2006
DHCP
Dynamic Host Configuration ProtocolAutomatically configures network client for TCP/IP communicationsDHCP servers provide only a temporary lease on a configuration setipconfig: /release, /renew, /all
Wireless Networks in LibrariesFebruary 25, 2006
Wireless basics
Uses radio frequency transmission over the air instead of network cabling
Stable and reliable technology
Increasing in popularity in business and home computing
Wireless Networks in LibrariesFebruary 25, 2006
802.11 Media Access Rules
CSMA/CA
Carrier Sense Multiple Access with Collision Avoidance
Request to Send (RTS) / Clear to Send (CTS)
Reduces or Eliminates collisions
Hidden Node Problem
Wireless Networks in LibrariesFebruary 25, 2006
Wireless architectures
Peer-to-peer (ad hoc mode) Wireless NICs talk to each other
Infrastructure Mode Uses Wireless Access Point
Wireless Networks in LibrariesFebruary 25, 2006
Ad hoc mode
Computers connect directly with each other
without additional equipment
Wireless Networks in LibrariesFebruary 25, 2006
Router
Access Point
Ethernet Switch
Infrastructure Mode
Wireless Networks in LibrariesFebruary 25, 2006
Wireless Hardware
Access point Functions just like an Ethernet hub Shared media Connects to an existing Ethernet connection
Receiver Network Interface Card PC Cards for Laptops PCI for Desktops PDA versions available
Wireless Networks in LibrariesFebruary 25, 2006
Transmission Details
RF transmitters and receivers, or radios, carry data packets as a payload.
Multiple channels 802.11b: 14 (FCC allows 11) 5 MHz per channel
AP’s within range of each other should be on different channels
Wireless Networks in LibrariesFebruary 25, 2006
802.11b Channels (U.S.)1
2
3
4
5
6
7
8
9
10
11
2.3995 2.404
5
2.409
5
2.414
5
2.419
5
2.424
5
2.429
5
2.434
5
2.439
5
2.444
5
2.449
5 2.474
5
Wireless Networks in LibrariesFebruary 25, 2006
Non-overlapping Channel Map
11
6
111
6
1
6
11
1
1111 6
11
6
Wireless Networks in LibrariesFebruary 25, 2006
Positioning Wireless Access Points
Conduct an RF site survey
Wireless Networks in LibrariesFebruary 25, 2006
Range per Access Point
75-150 feet indoors typical
500 feet in open areas
1000 feet outdoors
Performance degrades with devices located further from the AP
Wireless Networks in LibrariesFebruary 25, 2006
Wireless Devices
Wireless Networks in LibrariesFebruary 25, 2006
Types of Wireless Devices
Access point Bridge: wired network to wireless
Wireless Router or Gateway Bridge NAT: Network Address Translation, allows
multiple devices to share single IP address Router: Connects wireless network to Internet Usually connects directly to DSL or cable
modem connection
Wireless Networks in LibrariesFebruary 25, 2006
Wireless Network Interface Card
PCI
PC Card
Pocket PC, Palm Pilot
Almost always built into current mobile devices
Wireless Networks in LibrariesFebruary 25, 2006
Wireless Flavors
802.11
802.11b
802.11a
802.11g
802.11n (future)
Wireless Networks in LibrariesFebruary 25, 2006
802.11
IEEE 802.11 WLAN committee initially formed in 1997
Original specification
Now obsolete
1-2 mb/sec
Wireless Networks in LibrariesFebruary 25, 2006
802.11b offers 11 mb/sec
Original standard
11mb/sec
2.4GHz band
Still 90% of market
Wireless Networks in LibrariesFebruary 25, 2006
RF interference
2.4 GHz frequency used by other devices
802.11a, g
Microwave Ovens
Cordless telephones
Bluetooth (high-speed frequency hopping)
Rogue 802.11 equipment
Wireless Networks in LibrariesFebruary 25, 2006
DSSS modulation
Direct-sequence spread spectrum
Wireless Networks in LibrariesFebruary 25, 2006
802.11a delivers up to 54 mb/sec
54mb/sec
5GHz band
Higher performance
Higher cost
Shorter range (180 feet)
Wireless Networks in LibrariesFebruary 25, 2006
802.11g
54mb.sec
Alternate future standard
Backwards with 802.11b
Operates in same 2.4GHz band as 802.11b
Wireless Networks in LibrariesFebruary 25, 2006
802.11n
Proposed next generation of 802.11 technologies
Up to 100 mb/sec
No agreement yet. Competing proposals still being considered by IEEE 802.11 Task Group N
multiple in, multiple out (MIMO) technology
Wide channels: 20 – 40 MHz
Wireless Networks in LibrariesFebruary 25, 2006
Wired vs. Wireless bandwidth
Wired networks will always be faster
100 mb/sec Ethernet common for wired networks for desktop computers
Ethernet switching available for wired networks
1 GB/sec common for servers and high-performance workstations
10 GB/sec available for fiber networks
Wireless Networks in LibrariesFebruary 25, 2006
Wired networks offer higher performance
“Despite the steadily increasing speed of wireless technology, wired networks will always outperform it by long strides.”
“…wireless applications will flourish in places where mobility takes precedence over performance or where physical cabling is especially problematic”
Wireless Networks in LibrariesFebruary 25, 2006
Balanced perspective
Wireless technologies have limitations
Does not supplant need to install copper and fiber network cabling in new buildings
Wireless Networks in LibrariesFebruary 25, 2006
Wireless Coverage
Varies according to building characteristics
Works best in open areas
Book stacks often too dense and can present barriers
Wireless Networks in LibrariesFebruary 25, 2006
Configuration issues
Most use DHCP Dynamic Host Configuration Protocol
Session initiation and configuration usually completely transparent
Wireless Networks in LibrariesFebruary 25, 2006
Session Set ID
Unique name given to an access point
Should all access points in the organization’s WLAN have the same SSID?
Should the SSID be broadcast?
Wireless Networks in LibrariesFebruary 25, 2006
Exercise
Configure Linksys Access point
Wireless Networks in LibrariesFebruary 25, 2006
Linksys basic Settings
Wireless Networks in LibrariesFebruary 25, 2006
Web Security administration
Wireless Networks in LibrariesFebruary 25, 2006
Mac Address Filter
Wireless Networks in LibrariesFebruary 25, 2006
Windows XP Wireless LAN wizard
Wireless Networks in LibrariesFebruary 25, 2006
Windows XP WLAN properties
Wireless Networks in LibrariesFebruary 25, 2006
Cost Issues
Wireless access points slightly more expensive than Ethernet HubsWireless NICs slightly more expensive then Ethernet cards ($100+)Cabling needed only to the Access point
Wireless Networks in LibrariesFebruary 25, 2006
Electrical PowerAccess Point InstallationElectrical
Power
Electrical PowerElectrical PowerElectrical PowerElectrical PowerEthernet
ConnectionElectrical
Power
Access Point
Omni-directional Antenna
Wireless Networks in LibrariesFebruary 25, 2006
Wireless Enterprise Infrastructure
WLAN SwitchesWLAN Gateways802.1x Authentication RADIUS LDAP
Wireless Security Issues
Implementing a wireless LAN without compromising your
network
Wireless Networks in LibrariesFebruary 25, 2006
Security concerns
Eavesdropping a major concernUnprotected wireless access points are an easy of entry for mobile hackersMany rogue Wireless LANS were put up in corporate networks without IT support or adequate securityWar Driving / War ChalkingSome war driving / freeloading happens in residential settings
Wireless Networks in LibrariesFebruary 25, 2006
Positioning your wireless network
Wireless LANs generally exist on the network edge point
Wireless LANs should be considered untrusted
Positioned outside the organization’s firewall
Hardened core remains protected
Wireless Networks in LibrariesFebruary 25, 2006
Router
Ethernet Switch
Access Point
Public Access
Workstations
Library Staff W
orkstations
Ethernet Switch
Ethernet Switch
Router / Firewall
Library NetworkWith Public / Staff
Separation
Wireless Networks in LibrariesFebruary 25, 2006
Rogue Access Points
Wireless networks must fit within the overall network designUnofficial or Rogue access points can jeopardize the security of the rest of the networkEfforts must be taken to detect and remove rogue access points or bring them in to the official networksRogue Access Points usually a symptom of unresponsive IT departments.
Wireless Networks in LibrariesFebruary 25, 2006
Encryption necessary to ensure security
Sensitive data must be encrypted when transmitted across any untrusted network
Most Encryption algorithms uses a secure key to encode the data and decode it after transmission
The longer the key, the more difficult it is to use brute force to decrypt the message
WEP uses 40, 64, or 128 (WEP2) bit keys
Wireless Networks in LibrariesFebruary 25, 2006
Wired Equivalency Privacy
Optional Encryption scheme part of the 802.11b specificationRC4 encryptionSingle key encrypts all trafficNo system for key managementHackers can easily recover the key WEP often not enabledWEP can be defeated by sophisticated hackersProvides a barrier to most potential intruders
Wireless Networks in LibrariesFebruary 25, 2006
Wireless Hacking tools
At least two open source tools are available for recovering 802.11 WEP keys:WEPCrackhttp://wepcrack.sourceforge.net/
AirSnorthttp://airsnort.shmoo.com/
Wireless Networks in LibrariesFebruary 25, 2006
802.11i
Security Standard for the 802.11 arena
Includes WPA and RSN (Robust Security Network)
Relies on 802.1x specification for port-based user and device authenticationRatified June 2004Marketed as WPA2
Wireless Networks in LibrariesFebruary 25, 2006
WPA
Wi-Fi Protected Access
Enhanced security over WEP
TKIP
Available now Backwardly compatible with WEP – requires only a firmware upgrade.
Wireless Networks in LibrariesFebruary 25, 2006
Temporal Key Integrity Protocol (TKIP)
128 bit encryption keysEach packet encrypted with a different key based on a 48-bit serial number, incremented with each use.Avoids replay attacksRelies on a base key with is generated when a device associates with the base stationIdeally unique base keys transmitted during 802.1x authenticationPre-shared keys used otherwise
Wireless Networks in LibrariesFebruary 25, 2006
WPA2
WPA + AES = WPA2Advanced Encryption Standard instead of TKIPStronger encryption algorithm Not guaranteed to be backwardly compatible with existing WEP equipmentPersonal version uses pre-shared keyEnterprise version uses 802.1X authentication through RADIUS server.
Wireless Networks in LibrariesFebruary 25, 2006
WPA/802.1x Diagram
See:http://www.infoworld.com/infoworld/img/20FEwifi_in-x.gif
Wireless Networks in LibrariesFebruary 25, 2006
Wi-Fi Security Services
SecureMyWiFi (http://www.witopia.net/)
RADIUS authentication and security key distribution service
Operates with AP’s that support WPA-Enterprise or WPA2-Enterprise
$29 annual fee
Wireless Networks in LibrariesFebruary 25, 2006
Virtual Private Networks (VPN)
A technology that offers strong security
Common approach for remote users that rely on accessing organizational resources through the Internet
Applicable to wireless users on premises
Enhances security / adds inconvenience.
Wireless Networks in LibrariesFebruary 25, 2006
Ethernet Switch
Remote Host with VPN Server Component
Encrypted Tunnel provided by a Virtual Private Network
Access Point
Router Router
Remote Laptop with VPN Client
Traffic is encrypted along the entire path from client to host
Wireless Networks in LibrariesFebruary 25, 2006
Ethernet Switch
Remote Host
Scope of Encryption Provided by WLAN Security
Access Point
Router Router
Wireless LAN with WEP or
WPA
Traffic is encrypted only between the Wireless NIC and the Access Point
Wireless Networks in LibrariesFebruary 25, 2006
Avoid wireless technologies for sensitive networks
Not appropriate for networks that carry confidential or sensitive information
Protect core network services with internal firewalls
Library Applications
Using wireless technology in libraries
Wireless Networks in LibrariesFebruary 25, 2006
Library vs Commercial Wi-Fi service
Fee-based or Free?
Wireless Networks in LibrariesFebruary 25, 2006
Wireless Access Policies
Open unauthenticated access?
Display appropriate use click-through page?
Filter?
Require authentication by library card number?
Wireless Networks in LibrariesFebruary 25, 2006
Part of campus wireless infrastructure
It is becoming increasingly expected that students will have wireless access to their laptop computers throughout the campus. Dorms, Classrooms, Labs, Libraries.
Wireless Networks in LibrariesFebruary 25, 2006
Classrooms
Vision of fully connected classroom can be fully realized inexpensively Expensive to provide wired
connectivity in classroom setting
Mixed blessing (Cliff Lynch observations)
Wireless Networks in LibrariesFebruary 25, 2006
Wireless laptops
Provide access to library resources to laptops brought into the library by patrons
Library supplied laptops can supplement public access workstations
Offer library users more flexibility and convenience in access resources throughout the library
Wireless Networks in LibrariesFebruary 25, 2006
Computer labs
Mobile labs can be used for training an outreach sessions outside the library
Training labs in the library that can be set up and dismantled on demand.
Wireless Networks in LibrariesFebruary 25, 2006
Staff applications
Remote circulation tasks
Tracking in-library use of materials without having to take them to a circulation desk
Inventory
PDA’s can be used instead of PCs or Laptops
Wireless Networks in LibrariesFebruary 25, 2006
Cell Phones
Many have Internet access
Libraries may see future demand to make their services available to cell phone and other small wireless devices
Current demand limited
Wireless Networks in LibrariesFebruary 25, 2006
Interfacing with Cell Phone services
WAP – Wireless Application Protocol
WAP Gateways part of wireless provider’s infrastructure
WML: Language used for delivering web pages to wireless users. Ulta-light HTML
Library-Specific Wireless Products and Services
Wireless Networks in LibrariesFebruary 25, 2006
WAP access to Library Catalogs
Some vendors offering support
Examples: Innovative Interfaces offers AirPAC
Wireless Networks in LibrariesFebruary 25, 2006
Polaris Wireless Access Manager
Product from Polaris Library Systems to authenticate user access to the WLAN using the patron database using SIP2. Specifically supported for Polaris, but works with any other ILS that supports SIP2.
Introduced January 2004.
Wireless Networks in LibrariesFebruary 25, 2006
TLC Wireless.Solution
Wireless.Solution offers libraries a secure setup fire-walled from the library's network, with up to ten simultaneous VPN connections for staff functions. Wireless.Solution Pro offers the same security as Wireless.Solution, along with managed access to control bandwidth per user, the flexibility to provide access free or fee-based or a mixture of the two, and a personalized interface for the library.
Wireless Networks in LibrariesFebruary 25, 2006
Dynix Horizon Wireless Gateway
Dynix offers Horizon Wireless Gateway, a comprehensive high-speed wireless networking solution for libraries that uses Bluesocket equipment and technology. Horizon Wireless Gateway comes with tools for patron authentication and encryption, bandwidth management, regulatory compliance, network scheduling, Web-based network management, and centralized status and usage reporting.
Wireless Networks in LibrariesFebruary 25, 2006
Sirsi Wireless services
Sirsi offers two new network consulting services for libraries interested in installing wireless and IP telephony technologies. Technology partners for these services include Cisco Systems; Global Solutions Group, providing information technology design; and Bluesocket Inc., the leading vendor of open-systems wireless local area network (WLAN) systems to secure and manage wireless access to networks and the Internet.
Wireless Networks in LibrariesFebruary 25, 2006
Sirsi PocketCIRC
PDA Circulation Client
Wireless connectivity
Open Source options
Wireless Networks in LibrariesFebruary 25, 2006
ZoneCD from PublicIP
Open source hotspot solutionFeatures: Redirect users to a splash page Optional or required authentication Content filtering
Bootable Linux CD; does not install on PC but runs from the CDSee: http://www.publicip.netFree software, but donations appreciated
Wireless Networks in LibrariesFebruary 25, 2006
Other Wireless Technologies
Wireless Networks in LibrariesFebruary 25, 2006
WiMax
802.16 standard
Worldwide Interoperability for Microwave AccessA WAN technology
Last-mile alternative to DSL
Recent strong support by Intel corporation which developed a chip supporting WiMax.
Wireless Networks in LibrariesFebruary 25, 2006
Bluetooth
Wireless protocol for connecting PDAs and peripherals to PCs
Not part of the 802.11 family
2.45 GHz spectrum
Low bandwidth (~1mb/sec)
Short distance (10 meters)
Recent security concerns
Wireless Networks in LibrariesFebruary 25, 2006
RFID
Radio Frequency Identification13.56 MHz bandManufacturers: TAGSYS, Checkpoint Systems, Texas InstrumentsISO 15693ISO 18000 Mode 1: Backward compatible with ISO
15693 Mode 2: Next Gen. High-speed
communications with multiple tags.
Wireless Networks in LibrariesFebruary 25, 2006
Resources
http://wirelesslibraries.blogspot.com/
http://www.networkworld.com/topics/wireless.html
http://www.wi-fi.org
http://wi-fiplanet.com/
Wireless Networks in LibrariesFebruary 25, 2006
Summary
Wireless networking offers network access to many new environments and applicationsAn increasingly important supplement to existing network infrastructureNot a panacea for all network communications needs