RE: [WIRELESS-LAN] Open networks and the law
Here's the perennial paper on the issue: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=692881 Regards, Frank -Original Message- From: Brian Epstein [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 12, 2006 10:13 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Open networks and the law In talking about our wireless network at our weekly meeting, an idea of a public network was brought up. We have a lot of visitors that are on campus for a few days that need network access. We currently have a registration system that has been deemed too cumbersome to navigate, and an easier solution is needed. We came up with a plan that would allow a client 7 days of free Internet only access. Afterward, the client would have to go through the registration system. We know that people can change their MAC addresses and bypass the security of this system. I brought up the concern of liability. If someone were to use this system for nefarious deeds, would the Institution be responsible? How do other schools with open networks navigate the liability issues? I realize that by opening up the system like this that we would be subjected to CALEA, which is something else that I'm working on. Thanks for your help, Brian -- Brian Epstein [EMAIL PROTECTED]609-734-8179 Network and Security OfficerInstitute for Advanced Study Key fingerprint = 128A 38F4 4CFA 5EDB 99CE 4734 6117 4C25 0371 C12A ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] 802.11n thoughts?
We just had preliminary discussions with Aruba about this. Although it's true that we have very little or no need to support 11n through our infrastructure, the existence of rogues is a substantial concern. Since 11n uses different frequencies than 11[abg] it can't be detected directly by an 11[abg] sensor. You are left with four choices, as far as I can tell: 1) ignore 11n and maybe it will not be a problem until you can fund and roll out 11n yourself 2) try to detect 11n indirectly (making the assumption that 11n devices are 11[abg] compatible as well, and that they can be blocked by appealing to their 11[abg] side 3) deploy 11[abgn] monitors on your system, and use them to triangulate and locate the rogues. 4) deploy 11n wholesale. Options 3 and 4 are not even possibilities at this point, AFAIK, because the monitors/WAPs won't become available until about 3Q2007 . Option 4 is very expensive, not just for the cost of the waps, but because the 11n WAPs will exceed the POE available power by a significant margin, so alternate power must be provided. In addition, since the capacity of 11n is likely to exceed 100Mb/s by a wide margin, this means we must add 1G connections to the WAPs, and in turn, we will most likely need to upgrade from 1G to 10G between buildings. Our general approach is to start out with option 2 and move to 3 as it appears feasible about a year from now. option 4 would require a significant infrastructure replacement, which isn't in the cards for several years, minimum, on our campus. John Rodkey Associate director of I.T. Westmont Simon Kissler wrote: Lee, I don't know if it's an issue of not thinking about it. I for one keep my eye on it, but until a standard is ratified and we get some gear with that standard on campus to do some real assessment in our environment, I keep on coming back to the point that it's largely academic at the moment. We won't deploy or use any pre-n gear as it too often happens that things change in the late hours of anything new and making any investment just to throw it out seems a pretty big waste (or even worse contending with gear that sort of works, if wiggled and massaged the right way). So in short, we're thinking about it and keeping an eye on the ratification process as well as our preferred vendor's reactions, roadmaps, and predictions, but that is about as far as we'll go with it. That said we have the luxury that some of our infrastructure that likely would not be able to support it is being looked at separately under different cover and will hopefully be addressed by the time this becomes a topic to really wrestle with. Cheers, -Simon Lee Badman wrote: Looking forward, wondering how (and if) members of this group are contemplating the impact of 802.11n on your WLANs? I would wager many of us have rogue pre-standard 802.11n hardware on campus now. Also, I have heard some vendors poo-poo .11n as a non-starter for the enterprise, and others promising support as soon as it is a ratified standard. Then there's worries if even a fast ethernet cable is robust enough for the promised throughputs of 802.11n... a lot to the discussion, obviously, and since it's still in draft it's easy to not think about. But those who are pondering, I'd be curious to hear thoughts and opinions. Regards- Lee Badman ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Open networks and the law
With respect to CALEA per se, you might want to see http://www.educause.edu/calea and/or the archives of the CALEA-HE list http://listserv.educause.edu/cgi-bin/wa.exe?A0=CALEA-HE Steve -- Steven L. Worona Director of Policy and Networking Programs EDUCAUSE / 1150 18th St. NW suite 1010 / Washington, DC 20036 202-872-4200 x 5358 / 202-872-4318 fax / [EMAIL PROTECTED] - At 12:26 PM -0600 12/13/06, Peacocke, David wrote: For what it is worth, We informed, by our general council, that open wireless access would place us within scope of CALEA. David -Original Message- From: Frank Bulk [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 13, 2006 10:59 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Open networks and the law Here's the perennial paper on the issue: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=692881 Regards, Frank -Original Message- From: Brian Epstein [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 12, 2006 10:13 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Open networks and the law In talking about our wireless network at our weekly meeting, an idea of a public network was brought up. We have a lot of visitors that are on campus for a few days that need network access. We currently have a registration system that has been deemed too cumbersome to navigate, and an easier solution is needed. We came up with a plan that would allow a client 7 days of free Internet only access. Afterward, the client would have to go through the registration system. We know that people can change their MAC addresses and bypass the security of this system. I brought up the concern of liability. If someone were to use this system for nefarious deeds, would the Institution be responsible? How do other schools with open networks navigate the liability issues? I realize that by opening up the system like this that we would be subjected to CALEA, which is something else that I'm working on. Thanks for your help, Brian -- Brian Epstein [EMAIL PROTECTED]609-734-8179 Network and Security OfficerInstitute for Advanced Study Key fingerprint = 128A 38F4 4CFA 5EDB 99CE 4734 6117 4C25 0371 C12A ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] 802.11n thoughts?
Here's my two cents...I think the WLAN infrastructure vendors will suggest one or more of the following routes for customers wanting to upgrade to 802.11n: a) re-rate their controllers to new 802.11b/g levels, suggesting that it can handle 802.11n APs at the same quantities b) add more controllers, splitting the counts in half, third, etc. c) offer aggressive upgrade/competitive upgrade programs that encourage customers to replace their controller d) tell customers to do nothing until traffic volumes actually warrant more hardware support At least two the WIDPS systems can identify the existence of rogue pre-802.11n APs, and I expect that some of the better WLAN infrastructure vendors will be able to do the same. I'm not too worried about APs spitting out 100+ Mbps of traffic. I don't think many of you can find even a single AP that shows more than 15 Mbps over a 5-minute polling period. Users may benefit from some burst headroom, but that's about it. Regards, Frank -Original Message- From: Lee Badman [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 12, 2006 8:31 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] 802.11n thoughts? Looking forward, wondering how (and if) members of this group are contemplating the impact of 802.11n on your WLANs? I would wager many of us have rogue pre-standard 802.11n hardware on campus now. Also, I have heard some vendors poo-poo .11n as a non-starter for the enterprise, and others promising support as soon as it is a ratified standard. Then there's worries if even a fast ethernet cable is robust enough for the promised throughputs of 802.11n... a lot to the discussion, obviously, and since it's still in draft it's easy to not think about. But those who are pondering, I'd be curious to hear thoughts and opinions. Regards- Lee Badman ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.