580 likes | 673 Views
Issues in Wire(lessing) Your Law Library. Dominick Grillo & Gary Moore Hofstra University School of Law. Background of Hofstra Law School. About 40 full time faculty. 843 students (full time, part time day, LLM). School is 30 years old.
E N D
Issues in Wire(lessing) Your Law Library Dominick Grillo & Gary Moore Hofstra University School of Law
Background of Hofstra Law School • About 40 full time faculty. • 843 students (full time, part time day, LLM). • School is 30 years old. • Two buildings, Koppelman Hall and Axinn Hall. Koppelman Hall built in stages. Axinn built in 1996. • School part of university.
Background of Hofstra WirelessNetwork • Project first started Fall 1999. • At the request of the Dean, Computer Users’ Committee looks at wiring the law school. Idea is to either wire every seat or potentially use wireless. • Idea for wireless first floated by faculty member and director of law library. • Committee to give recommendation to Dean.
Background of Hofstra WirelessNetwork (continued) • Had obstacles to wiring every seat • Old classrooms • Library Carrels – difficult to wire • A lot of concrete, cinder block and steel • Had done a project the year before – 120 public access wired ports in law library - $40,000 project.
Examples of current old classrooms(picture from 2000 before outlets added)
Background of Hofstra Law IT • Separate department from the Law Library • Assistant Dean of IS (Gary) reports to the Vice Dean & Dean. • 3 Full Time Staff (Law Library has Head of Electronic Services - Dom). • Also have 2 person copy room/media staff that reports to Assistant Dean of IS. • Work with University IT • University IT responsible for Network Server maintenance, wiring, & email account creation (staff, faculty, admin and students) • Any major computer projects must involve University IT
Traditional Law School Wiring • 10/100 Shared or Switched Port • Costs • Pulling /Terminating Port - $250 per port (outside contractor) • Pulling AC to port - $50- $100 per port (Internal Plant Dept) • Patch Panel - nominal • Blade for Network Switch – Cost per port on switch - $100 - $250 per port - For me its $246.00 - recent quote for an Enterasys Switch 112 ports – Cost may vary • Multiple Blades/Switches depending on # of ports. Large network switch can be $20,000 • Siben Courtroom – 200 seats wired – Cost $72,000 for data wiring and network switch
Traditional Wiring Continued • Benefits • Speed – Dedicated 10/100 Mbps depending on your configuration. • Throughput – No noticeable degradation of speed based on 30-50 users on their own ports in a given area. • Security – User can be identified by specific wired port location using conventional network security programs.
Traditional Wiring Continued • Drawbacks of Wiring Public Access Ports • Cost – Very Expensive to wire every seat in a law library and/or classroom. Cost of pulling ports, network blades, patch panels, switches and labor. About $300 - $500 per port. • Difficult to wire carrels in the middle of the room • Use – Wired Public Access Network Ports often not in use. Money being wasted.
Decided to look at Wireless Networks • Wireless Ethernet Networking – relatively new in 1999 • References - Nova Southeastern, SMU, UVA • The SMU “wireless prophets” – Greg Ivy and David Whelan – setup RadioLAN proprietary 10 mbps. • 802.11b wireless ethernet just starting out.
Wireless Networks • How do they work? • Access Point connected to Ethernet port on Network • Has transmitter card/antenna – broadcasts signal over 2.4 GHz (802.11b) or 5.8 GHz (802.11a) to PC laptop/desktop with wireless 802.11 card • 802.11b/802.11a are shared technology – meaning computers share the 11 mbps (802.11b) or 54 mbps (802.11a) bandwidth signal. • Wireless user automatically gets IP address through DHCP -Dynamic Host Configuration Protocol.
Wireless Networks – Reasons to Build • Older buildings – lots of concrete and steel. • Common areas such as lounges, patio areas, hallways. • Classrooms – especially older classrooms. • Access Point – generally always in use. • Supplement not replacement for wired network. • Access for students - eliminate need for additional labs. • In most situations, wireless costs much less than wired.
Types of Wireless • 802.11b, 802.11a, 802.11g Ethernet • Proprietary Wireless Ethernet – Proxim’s first wireless LAN, RADIOLAN proprietary LAN • PDA via wireless modem
Proprietary Wireless Ethernet Networks • Basically same configuration as 802.11b/802.11a • RadioLAN uses 5.8 GHz frequency • Access Point connected to Ethernet Port on Network, broadcasts signal to Wireless Card connected to desktop/laptop • Proprietary – Can only use their cards with their network, not 802.11 standard. You are tied into their equipment only.
PDA via Wireless Modem • Wireless Modem network setup in school/campus – not Ethernet network. • Restricted to Modem speeds (1mbps max?). • Examples Pepperdine/Stanford.
How 802.11b works • Access point connected to ethernet port on network. • Access point transmits 802.11b signal to transmitter on wireless LAN card. • Works on 2.8 GHz frequency. • Direct Sequence Spread Spectrum (DSSS). • Shared medium – meaning users accessing one access point share the 11 mbps connection. • Speed is really 5-7 mbps due to radio frequency overhead. • Access points provide overlap coverage – user never loses signal, similar to cell phone coverage. • Can be peer to peer, adhoc or infrastructure.
802.11B Wireless Access Point Configuration Diagram (courtesy of WLANA.COM)
802.11b Continued • Range up to 500 feet. • Speed depends on distance – farther = slower. • Signal will drop to 5.5 mbps 2 mbps, 1 mbps depending on distance. • Access Points can be configured via Serial Cable or remotely through access point config software. • Firmware upgrades – software that upgrades Access points. • Many PDAs have 802.11b adapters for use with 802.11b network • WiFi standard - (WECA www.wirelessethernet.com)
How 802.11a works • Similar to 802.11b – in configuration. • Speed up to 54Mbps shared. • Uses 5.8 GHz, higher frequency. • Range much smaller – 150 feet. • As with 802.11b – farther away from signal, slower speed. In 802.11a, much more drastic drop in speed. • Higher Frequency more vulnerable to interference.
Wireless Security • The concerns with wireless networks: • 1) Non authorized users accessing the network • 2) Users being able to see or “sniff” the data on the network. • Types of Wireless Security • Authentication. • Encryption. • VPNs (Virtual Private Networks). • Third Party Proprietary Systems.
Wireless Security – Authentication • Authentication – users gaining proper access to the wireless network • Types of Authentication • SSID or Network Name • MAC Address • Radius • EAP/802.1X
Wireless Security Authentication • SSID/Network Name • Simplest form of restriction. Requires user to know network name for use of network. • Access points can be setup to broadcast or not broadcast SSID/Network Name. • Recommend No Broadcast. • MAC Address • Only registered wireless Ethernet card addresses can access network. • Very unwieldy to setup and maintain with current access point software. Need to register MAC addresses for each Access Point.
Wireless Security Authentication - Radius Server • Radius – Stands for Remote Access Dial Up Server. • A database server that stores authorized usernames and passwords. Users trying to access the network must authenticate to the server. • Can pull information in from a directory – easier to maintain. • Radius is a supported standard of authentication – most wireless products support Radius (Cisco, Agere, Enterasys etc).
Wireless Security Authentication - EAP • Stands for Extensible Authentication Protocol. • 802.1x IEEE standard Authentication • Passes messages to a Kerberos or Radius Server. • Cisco uses proprietary version called LEAP.
Wireless Security – Encryption • Encryption – Encoding data that you are sending across the wireless network. • Different from Authentication – You have the rights to use the network, you now want to encode the data to keep it secure. • Based around the use of keys to encode and un-encode data.
Types of Encryption • WEP • TKIP • IPSEC • SSL
WEP • Stands for Wireless Equivalent Privacy. • IEEE Standard. • 64 and 128 bit encryption. • Requires users to use keys. Standard WEP must be setup on each access point AND on each wireless network user’s laptop. • Response time diminishes due to encryption • Major flaws found in WEP – length of encryption in key and how key is created. Keys can be reversed. • Encryption is only from wireless client to access point.
Wireless Encryption –TKIP • IEEE 802.11 task force setting up new standard, TKIP to replace WEP. • Stands for Temporal Key Integrity Protocol (yes, that sounds very Star Trek like). • Three part solution - key-hashing, message integrity check to prevent forgery and dynamic key management (rekeying). • Has backing of WECA and most major 802.11 vendors. • Same issue – encryption only from wireless client to access point.
IPSEC • Short for Internet Protocol Security. • Framework of open standards for ensuring secure private communications over IP networks. • Used in VPNs. • 168 bit key encryption. • Open Standard supported by many vendors. • Requires IPSec client software.
SSL • Stands for Secure Socket Layer. • SSL works by using a key to encrypt data that's transferred over the SSL connection. • Creates a secure connection between client and server. All data between client and server is encrypted. • Supported by Netscape and Microsoft IE. • By convention, URLs that require an SSL connection start with https. • All legitimate credit card and bank web sites use SSL or secure http (which works in conjunction with SSL).
Wireless Encryption • Why should I pay for an additional option when it comes standard with the car? (In other words, do I need encryption when the application is already providing it!). • Many applications already have 128 bit encryption – Email, IE, Netscape, proprietary bank software. • If not using a VPN, then encryption should be application based.
VPN/Firewall • Virtual Private Network. • Isolates traffic by using a dedicated network using Point to Point Tunneling or Layer 2 Tunneling Protocol. • Standards based - broad vendor support. • Uses IPSec. • Firewall – a guard at the gate – only allows traffic you want to come in and out.
Third Party Security Systems • Trying to fit the niche of providing security to wireless networks, several companies have come up with proprietary security systems. • Some systems allow for time restrictions, network policy restrictions, advanced reporting features.
Third Party Security/Proprietary Systems (continued) • Some are based on custom proprietary authentication/encryption standards such as Cisco’s LEAP. • Others are based on hardware/software solution. Companies such as Reefedge and Vernier use an authentication system using a connection bridge that access points connect to and an authentication server that checks users authorization. • Supports LDAP (lightweight directory access protocol), Radius, and NTLM. • Administrative/Monitoring/Report Capabilities. • Systems can restrict user’s bandwidth.
Web-Based Systems Management • Web-based tool for managing • the wireless network. • Monitor: • Users • Status • Privileges • IP and MAC addresses • Controllers • Access Points thru port • forwarding • Users • Connect Server • System profiles • QoS • Meter bandwidth based on user • class
Hardware/Software Solutions(Continued) • Other solutions such as Funk Software’s Odyssey uses EAP authentication so that user must connect to access points via password credentials. • Server/client software. • Supports multiple Windows Platforms and most standard Access Points.
802.11a vs. 802.11b - Which to Go with? • 802.11b provides more coverage. • 802.11a more speed but in a much shorter distance…. • As a result, depending on configuration, you will need many more access points with 802.11a, hence greater cost.
802.11a vs. 802.11b - Recommendation • 802.11b is here now and is a much more mature product than 802.11a. • However, strive to choose access points that will support both 802.11a and 802.11b. • Note – Both 802.11 protocols supported by Windows and Mac based machines. • 802.11g too far off to consider for now.
Designing/Implementing Wireless LAN • Do you want to cover just the law library or the law school? • Recent Survey done by David Whelan, Director, ABA Legal Technology Resource Center states that 33 out of 52 law schools responding had wireless either in the law school or law library. 28 of the 52 (85%) of those have it in both places, compared to only 63% last year. Last year 8 law schools had wireless only in the library; this year that number is down to 5. Alternatively, 5 law schools responded that only the law school had wireless last year, where the number is down to 3 this year.
Designing/Implementing Wireless LAN (Continued) • Access Points should be installed as high as possible to provide the maximum amount of signal reach and to avoid obstacles. • Also recommend putting them on high walls in open areas and in ceilings (above drop ceilings) to cut down on potential vandalism. • Concrete, steel, and cinder block cut down on wireless radio signal. In older buildings, classrooms may need 1 access point each.
Designing/Implementing Wireless LAN (Continued) • If you are building a new building, should you go completely wireless, including faculty/staff/admin offices? • No!!!!!! • Wireless should be a supplement to wired. • 10/100 dedicated wire will be faster than wireless for the foreseeable future.
Designing/ImplementingWireless LAN (Continued) • Should I hire an outside consultant to design the network? Thoughts: • Vendor RFP – Make it a point that vendor must include in the proposal the design of network. • See what other similar sized law schools/law libraries did. Post a message on Teknoids!!! • Vendor Bidding – always get at least 3 bids! • In our case, three vendors (Aironet, Enterasys, RadioLAN). • Include Maintenance Contracts – A must!!! • If part of a university, work with the university!
Designing/Implementing Wireless LAN (Continued) • Costs • 802.11b access points - $200 - $1000. • 802.11a access points -$1000. • Wireless Cards - 802.11- $70 -$200. • Possible cost - additional blade and/or switches. • Third party systems - depends on configuration - anywhere from $25 -$50,000 for one building.
Wireless Technical Support • Should the Library be in the business of loaning out cards? • Should the Library be in the business of supporting cards? • Standards for students purchasing wireless cards. • Laptop Requirements/PC Vendor configurations. • Documentation/Installation Instructions and tech support for students.
How did it turn out for us? • Wireless network in place since July 2000. • Has worked way beyond our expectations. • Students love the wireless network. • Basic student access is the Internet only. To access printers and student network drives, students needs to install network client to logon. • Lab use has dropped significantly. • Tech support spikes up at the beginning of the semester then falls off. • A perspective each from the library and the IT department on daily wireless use.
What we decided to do • Went with Enterasys access points. • 28 access points in Koppelman Hall. 1 in Axinn Hall. • Wireless network was implemented in two months between final walkthrough and installation of wireless access points. Configured access points ahead of time before installation.