Hi all,
I've combined comments raised in the latest digest into a single e-mail
response.
From: "Ruiz, Mike" <[EMAIL PROTECTED]>
While it's a little off topic I would question whether the logic of=20
"If a University allows users to plug into their network, probably
they'll have to allow whatever devices are connected to these computers"
would then require that we don't restrict or require those computers to
meet certain security requirements or be at certain determined
specifications. =20 Many schools "require" student computers to be
patched and enforce it through trusted end point systems such as
Perfigo(Cisco Clean Access), or Campus Manager. =20
My guess and hope is that there must be difference between the example
of an "owned network" which offers fee-based services to consumers and a
private network. =20
Actually, the Hush-a-Phone and Carterphone decisions (in 1956 & 1968
respectively) set a fairly good precedent that foreign attachements must
be allowed so long as they don't harm the network as a whole. Obviously,
computers with viruses and other problems, would harm the network;
however, you're right to point out that this is a legal grey area (in that
no standards have been set for determining device requirements). In the
end, it would probably fall upon the network administrators to demonstrate
that harm is caused by specific classes of devices. But I'm not a lawyer,
so you may want to check with a professional about this.
Additionally I would suggest thought around the extension of the logic
of the inverse or open network. Open source, open standards should not
suggest a free-for-all but an inverse or open network does in some way.
A network that is a free-for-all makes quality assurance, reliability,
security and support difficult and arguably more costly than making
security and access control a concept spread across all layers of IT.
I would agree -- what's really needed is some sort of "basic standards"
for networks; however this can be done in one of several ways (e.g.,
security standards on end-user devices, "intelligent" bandwidth-shaping
that can automatically isolate problem devices, etc.). I was really
excited to hear about some of the trustable network work that various
EDUCAUSE members are working on -- I think the solutions they are working
on are going to be vital as we move more towards a multi-layered wireless
environment. But I suspect this will be an ongoing tension for the
foreseeable future.
From: Frank Bulk <[EMAIL PROTECTED]>
Sascha:
On what basis are you saying that "some EDUCAUSE member institutions are
already having problems with Meru-type equipment and the FCC." Unless
my email feed is dropping messages, I don't remember reading anything on
this listserv about Meru-type equipment causing problems.
I'm inferring that based upon recent FCC clarifications on the illegality
of jamming devices in unlicensed spectrum and the concerns raised by
several folks to me, that this may be an issue. I actually _really_ like
what Meru is doing -- but during our discussions in Tempe, it became
fairly clear that the boosted throughput speeds of Meru-type networks come
at the cost of tolerance of other WiFi sources.
Mike did say that Meru system can perform rogue suppression, but I
believe that enforcing a security policy in a physically isolated
environment, such as a college campus, is very likely able to sustain
regulatory and legal scrutiny.
I looked through the literature on Meru's site; my reading of their
technical documents is that "rogue suppression" is a euphemism for
jamming. What's important for folks to remember is that unlicensed
spectrum means that _no one_ has precedent -- it doesn't matter whether
you're using it on your own property -- everyone has equal access to it,
and it's illegal to prevent other devices from accessing it. Geographical
property rights don't give one any rights to spectrum use.
Date: Tue, 8 Mar 2005 12:30:15 -0800
From: Frank Bulk <[EMAIL PROTECTED]>
Subject: Re: 802 Jamming & the FCC: jamming vs. network control
Sascha:
I don't consider the use of de-auths and other mechanisms as jamming if it
relates to enforcing network access control. All the major wireless IDS
vendors are placing a major emphasis on their ability to identify rogues as
being a threat (AP on the organization's network), neighbor (AP close to
their physical location, but not on it), or safe (the organization's own
AP). Via their various 'patented' technologies they claim 100% certainly
before performing rogue mitigation on those threats. While performing the
rogue mitigation will inject more packets into the air than if nothing was
done, there is no reason an organization shouldn't be allowed to enforce
it's network access policy.
Cisco prefers to execute wire-side port disabling, if at all possible, and
that seems the most prudent, if at all possible.
So, while schools can't ban the unregulated wireless devices themselves, at
the minimum they can restrict the use of these devices when they connect to
their network in the dormitories that the school rents to the students.
Please refer to my previous posting from Saturday for more details.
There's two distinct issues here that need to be disentangled. The first
is network administration, and here I pretty much agree with everything
that Frank's brought up. The second issue is utilizing unlicensed
spectrum -- which has completely separate criteria. Because many wireless
(institutional) networks use unlicensed spectrum, it would be nice to
assert control over those frequencies. However, if an institution wants
that sort of end-to-end control, they're going to need to spring for their
own licensed frequency. It is not the case that because one chooses to
integrate unlicensed frequencies into the network architecture that you
can then assert control over this medium. You can do whatever you want on
the devices/hardware you own and control -- but purposefully (adversely)
affecting _other_ unlicensed devices is probably illegal.
From: 802.11 wireless issues listserv
[mailto:[EMAIL PROTECTED] On Behalf Of Jonn Martell
Sent: Friday, March 04, 2005 6:38 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Wireless lan equipment for instruction
It seems to me that imposing something outside the institution would
be difficult but land owners tend to have a higher ability to be more
restrictive.
Wish us luck, we have such a policy in front of our legal council.
... Jonn Martell, UBC Wireless, [EMAIL PROTECTED]
I suspect that your legal council will tell you that you'll run into
trouble if you attempt to stop unlicensed access point use on campus.
But I'd be interested to hear what they recommend (either on list or off).
Date: Tue, 8 Mar 2005 14:12:53 -0800
From: Frank Bulk <[EMAIL PROTECTED]>
Subject: Re: 802 Jamming & the FCC - non-networked attached equipment
Sascha:
You're right -- people performing 802.11 ad-hoc in the hallways or in the
classrooms is not something that can be legally restricted, even if it
interferes with other wireless equipment. But it's not a bad idea for a
school to encourage wireless practices in their 'student expectations'
handbook. I don't know how enforceable a signed agreement would be, but I
would strongly encourage the school's technology departments educate the
students.
Yeah, here we wholeheartedly agree. Teaching "best practices" for
wireless use, security, etc. is definitely a good idea. In many ways it's
the functional equivalent of teaching students to turn off their cell
phones during class -- we certainly will always have some offenders, but
_most_ folks will change their habits if provided with the information.
In the end, I worry about the legal rammifications for folks utilizing
networking solutions in unlicensed bands that jam other devices on these
frequencies. And, again, I'm not a lawyer, but I would recommend
proceeding _extremely_ carefully with this issue -- the FCC has been
fairly clear (well, at least semiopaque) about this.
--Sascha
--
Sascha Meinrath
President * Project Coordinator * Policy Analyst
Acorn Worker Collective *** CU Wireless Network *** Free Press
www.acorncollective.com * www.cuwireless.net * www.freepress.net
**********
Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.
