Wireless Networking Guidelines

Introduction
The need for a centrally managed wireless infrastructure
Security concerns
What Georgetown University Information Services (UIS) will do
Guidelines on use of personal networking products at Georgetown University

Introduction

An increasing number of departments at Georgetown University have expressed interest in deploying wireless networking to enhance and provide more flexibility to the teaching, learning, and research environment. Much like other Universities, students, faculty and staff at GU increasingly want wireless network access from classrooms, meeting rooms, auditoriums, and from indoor and outdoor common areas. There is also interest in utilizing mobile computing labs comprised of laptop computers equipped with wireless Ethernet cards.

Georgetown University Information Systems (UIS) has developed guidelines for the use of wireless networks, as well as wireless devices that operate in the same unlicensed spectrum, on the campus of the University. In order to realize the benefits of wireless networking and to make the wireless experience a highly functional and useful service, UIS has developed a centrally managed wireless network service, which provides roaming capability and enhanced security. In addition, UIS has outlined guidelines for the use of personal wireless products on campus, similar to what other leading Universities in the wireless networking field have established.

The need for a centrally managed wireless infrastructure

Independent deployment of wireless networks and products by groups and individuals will likely limit their accessibility and quality of service because of issues relating to interference and capacity. Georgetown University's wireless network will utilize products that conform to the IEEE 802.11a/b wireless LAN specification.

Deployment of any wireless infrastructure needs to be carefully planned and engineered. The design and deployment of a wireless network for a particular location is influenced primarily by interference and capacity planning factors. Each design must include careful and exhaustive signal strength measurements, which take into account the three-dimensional nature of wireless network devices, interference caused by other devices utilizing the same unlicensed spectrum and obstacles such as concrete walls and metal supports.

The design must also take into account the potential load on the wireless network. A large number of wireless users in one area such as a large classroom or lecture hall, for example, may require the use of two or more wireless access points configured to load balance. A less dense but more spread out coverage area, such as a lawn between two buildings may require a "coverage-oriented" as opposed to a "capacity-oriented" design with a different set of configuration options.

In addition, it is important to note that the bandwidth provided by the wired network far exceeds that provided by wireless LANs. Users attempting to substitute wireless LANs for wired LANs can expect degradation of performance and speed as well as potential loss of signal from time to time.

Security Concerns

The potential for unauthorized access to the Georgetown University network will increase as wireless networks expand beyond buildings and potentially beyond the campus. Security features defined by the IEEE 802.11 standard are vulnerable and are unable to prevent unauthorized access or to protect data traversing the wireless medium from determined attackers.

The inherent insecure nature of the wireless network medium makes it essential that users adhere to effective security practices. These may include, but are not limited to, the use of application level authentication and encryption technologies such as Secure Socket Layer (SSL) and Secure Shell (SSH).

UIS is currently developing guidelines for secure access to the Georgetown University wired and wireless network infrastructure. Our goal is to provide authenticated access to the converged network using the current Georgetown University directory infrastructure (NetID). We are currently evaluating technologies that will make this feasible and when they reach a level of maturity and stability, we intend to enable this service as the authentication method to the Georgetown University network infrastructure.

With current technologies the wireless network medium will continue to be insecure. In the interim, for departments that require enhanced security, UIS will offer Virtual Private Network (VPN) service. This will require additional end user configuration and/or the use of VPN client software.

What Georgetown University Information Services (UIS) will do

As managers of the University converged network, UIS will continue to evaluate and test new wireless technologies, and enhancements to the existing wired network as they emerge. For departments and groups who wish to deploy wireless networking, UIS will provide the following services:

  • Consult with the department to ascertain needs and intended use.
  • Conduct a site survey to evaluate potential issues, including security, radio signal interference and interoperability with the existing campus network.
  • Provide a cost estimate and proposal for the deployment of the wireless network.
  • Design, install, and manage the wireless networking infrastructure.

Other services provided by UIS may include training and links to resources for use of the wireless network infrastructure, including the installation and configuration of wireless adapters, as well as any required login and authentication procedures.

Guidelines on use of personal networking products at Georgetown University

A number of wireless products on the market utilize the same unlicensed 2.4 GHz band that the Georgetown University Wireless network infrastructure currently uses and the 5GHz band that Georgetown may use in the future. These include other 802.11 wireless access points (APs), certain models of cordless telephones, wireless speakers and Bluetooth devices.

The unmanaged use of these devices may potentially interfere with Georgetown University's wireless infrastructure and in extreme cases render a wireless LAN inoperable. The wireless airspace at Georgetown will be solely administered by UIS to ensure the integrity, reliability, and security of the Georgetown University wireless network.

Departments, faculty, staffs and students may not connect their own wireless network devices to the GU network. In cases where such devices are being used for a specific research or teaching application by faculty, UIS will work with the individual or department to engineer a solution that mitigates any potential interference.

Several wireless networking devices have proven to be problematic at Universities with mature wireless infrastructures. For this reason, certain devices have been banned from use on those campuses. UIS would like to benefit from the experiences of these Universities and follow their lead on this issue.

The following wireless networking devices are examples of devices that are excluded from use on the Georgetown University campus: