Thanks Neil. I though this part was particularly insightful:
Wi-Fi access protocol changes will require physically changing door locks. Network Services continually optimizes the Wi-Fi network to best support our ever-changing students’ needs. Network Services no longer supports the 802.11b wireless protocol. It is expected that in the next 5 years we will drop support for 802.11a/g, and it is possible we will drop support for 2.4 GHz entirely within 10 years. This means that the access control system will need to be upgraded to follow the rapid pace of Wi-Fi technology. These upgrades should be factored into the long-term costs of the system. I pretty much assumed we’d have to support outdated wireless hardware and protocols in order to accommodate building systems with a 10 to 15 year upgrade cycle. I like this approach better. I wonder if we can sell it. Chuck Enfield Manager, Wireless Systems & Engineering Telecommunications & Networking Services The Pennsylvania State University 110H, USB2, UP, PA 16802 ph: 814.863.8715 fx: 814.865.3988 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Johnson, Neil M Sent: Tuesday, July 07, 2015 2:17 PM To: [email protected] Subject: Re: [WIRELESS-LAN] Wireless Door Locks Our housing folks are also looking into replacing keyed locks with wireless door locks in all of our dorms. They’ve put off a pilot for the fall in order to gather more information. Below are excerpts from a document we sent to all the parties involved with our concerns: While this should not be considered exhaustive list, here are the issues we have identified with using a Wi-Fi infrastructure for access control. Wi-Fi is susceptible to several sources of interference. While Network Services will do its best to provide a robust and reliable wireless service, there are many issues outside of Network Services’ control that could negatively affect the access control system. Wi-Fi uses unlicensed spectrum and can be subject to interference from other devices (Cordless phones, Microwaves, wireless printers, student-deployed access points, and wireless cameras are just a few examples). Wi-Fi access protocol changes will require physically changing door locks. Network Services continually optimizes the Wi-Fi network to best support our ever-changing students’ needs. Network Services no longer supports the 802.11b wireless protocol. It is expected that in the next 5 years we will drop support for 802.11a/g, and it is possible we will drop support for 2.4 GHz entirely within 10 years. This means that the access control system will need to be upgraded to follow the rapid pace of Wi-Fi technology. These upgrades should be factored into the long-term costs of the system. Maintaining the security of the Wi-Fi infrastructure for access control devices requires additional resources: While we are not familiar with the specific security mechanisms used by the Wi-Fi based access control system, we speculate the security of the Wi-Fi connection to access control devices will either be based on Pre-shared Keys or TLS Certificates. Pre-shared keys would need to be changed on a periodic basis to maintain adequate security of the system and even TLS certificates would also need to be updated regularly. This would most likely require that each access control device be “touched” on a regular basis (1 to 3 years). Network Services would not be responsible for updating individual access control devices. That would be the responsibility of Housing or Facilities. These updates need to be factored into the long-term costs of the system. Supporting wireless access control devices would require that Network Services recover certain extra costs: It is likely that Network Services will have to create, maintain, and support a dedicated custom wireless service for the access control system. This includes staff resources to maintain the pre-shared keys, TLS Certificates, or MAC address databases of the access control devices. Network Services would have to commit additional resources to monitor the availability and security of the Wi-Fi system. These costs would need to be recovered and should be factored into the cost of the system. Off hours support for troubleshooting Wi-Fi related issues is limited: Network Services does not currently have the staff resources to provide 24X7 support for the Wi-Fi service. While we do respond promptly after hours to issues involving the loss of service in an entire building or buildings, we are not staffed to respond after hours to isolated problems (such as an individual student not being able access their room). Running parallel Wi-Fi systems is not possible.It has been suggested that Housing might install their own parallel Wi-Fi service to support the access control system. Due to the shared nature of Wi-Fi spectrum it would be disruptive to both services to try to run them in parallel. It would cause disruption to the University’s service for students. This would also violate University of Iowa policy. The product is not tested to run in our environment To truly evaluate the feasibility of any system requires that devices and systems be tested on-site. Network Services has found out (often the hard way) that relying on vendor specifications and experiences of other institutions does not replace physical on-site testing of new technologies and systems. It is the only way to find out the true limitations of the technologies and products proposed for use. -- Neil Johnson Network Engineer The University of Iowa Phone: 319 384-0938 Fax: 319 335-2951 E-Mail: [email protected] <mailto:[email protected]> On Jul 6, 2015, at 7:31 AM, Lee H Badman <[email protected] <mailto:[email protected]> > wrote: Doing 2.4 GHz 11n currently, will 11ac expected “sometime”- sorry for typo. -Lee From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Osborne, Bruce W (Network Services) Sent: Monday, July 06, 2015 7:48 AM To: [email protected] <mailto:[email protected]> Subject: Re: [WIRELESS-LAN] Wireless Door Locks Lee, You have Assa Abloy locks doing 5GHz? What models? Ours are 2.4 only. BTWE, I assume you meant 11ac, not 11c hence my question. Bruce Osborne Wireless Engineer IT Infrastructure & Media Solutions (434) 592-4229 LIBERTY UNIVERSITY Training Champions for Christ since 1971 From: Lee H Badman [ <mailto:[email protected]> mailto:[email protected]] Sent: Thursday, July 2, 2015 2:03 PM Subject: Re: Wireless Door Locks We are doing wireless door locks on internal classroom doors (no external doors) with little fanfare so far (almost two years, slow rollout in a few buildings thus far). ASSA ABLOY locks, 802.11n with 11c expected (sometime) and 802.1X. I’m not thrilled, and laid out the risks clearly, yet still here we are. But they are working fine. -Lee Lee Badman Wireless/Network Architect ITS, Syracuse University 315.443.3003 (Blog: <http://wirednot.wordpress.com/> http://wirednot.wordpress.com) From: The EDUCAUSE Wireless Issues Constituent Group Listserv [ <mailto:[email protected]> mailto:[email protected]] On Behalf Of Derek Johnson Sent: Thursday, July 02, 2015 1:33 PM To: <mailto:[email protected]> [email protected] Subject: [WIRELESS-LAN] Wireless Door Locks Our campus planners are looking to standardize & modernize lock systems across campus, and they're drooling over my worst nightmare wireless door locks that connect to our existing wifi network. 2.4GHz only, of course. I'm against this idea for too many reasons to list (technical & security-based), but I'm curious to hear perspectives from the community. Has anyone deployed or had to support a wifi-based door lock system? What's been your experience? On the flip side, have you successfully fended off a push for wireless door locks? If so, do tell... :) Thinking back to Lee's recent drone discussion... perhaps I can get administration interested in drone surveillance instead of wifi door locks. That's an idea I could get behind... Derek Johnson | Data Communications Coordinator FORT HAYS STATE UNIVERSITY 415 Lyman Dr. TH 101, Hays, KS 67601 (785) 628 - 5688 | <mailto:[email protected]> [email protected] ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at <http://www.educause.edu/groups/> http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at <http://www.educause.edu/groups/> http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
