Wireless Networks in Libraries

1
Wireless Networks in Libraries

• Marshall Breeding
• Vanderbilt University
• http//staffweb.library.vanderbilt.edu/breeding
• Marshall.breeding_at_vanderbilt.edu
• http//www.librarytechnology.org

Alaska Library Association Annual
Conference Saturday Feb 25, 2006
2
Abstract

• Wireless LANS have captivated much attention in
  the business environment, in the home, and in
  libraries. A fundamental challenge lies in
  determining howor if to make use of this
  technology. This workshop aims to provide
  attendees with the knowledge to make these
  decisions and to enable them to establish
  effective and secure wireless networks in their
  libraries.

3
Proposed Agenda

• Network Basics
• Wireless Basics
• Security Concerns
• Library applications Wired vs Wireless
• Examples and Case Studies
• General Discussion

4
Preliminary Questions

• What do you expect to get out of the workshop?
• Identify specific issues that you want to see
  addressed before the end of the day
• Talk about issues of concern to your library
• Is there any one item that we can cover that will
  make you feel like the workshop was worthwhile?

5
Network Basics

• A review of basic concepts and terminology

6
OSI Reference Model

• Layer 1 Physical (Electrical characteristics of
  cabling)
• Layer 2 Data Link (Ethernet) Ethernet cards,
  hubs,switches (802.11)
• Layer 3 Network (IP) Routers
• Layer 4 Transport (TCP / UDP) Error recovery,
  transfer of data
• Layer 5 -- Session
• Layer 6 -- Presentation
• Layer 7 -- Application

7
Ethernet

• IEEE 802.3
• CSMA/CD
• Carrier Sense Multiple Access with Collision
  Detection
• Governs Media Access Rules

8
Ethernet segments

• Dates back to original Ethernet cabling
• 10Base5 -- Thicknet coaxial cable
• Overall length of 2500 meters
• Minimum 2.5 meters between nodes
• Transceivers
• Broadcast medium
• All nodes can intercept all traffic in
  promiscuous mode

9
Network Components

• Hubs
• Switches
• Routers

10
TCP/IP

• Primary Network Protocol

11
TCP/IP Protocol Suite
UserPrograms
http
ftp
smtp
Ping
LPR
NFS
DNS
rtsp
ReliableTransport
TCP
ICMP
UDP
DatagramDelivery
IP
PhysicalConnectivity
Ethernet (802.3) WiFi (802.11)
12
TCP/IP Configuration Details

• IP Address
• Subnet mask
• Gateway/router

13
IP Addresses
IP Addresses are 32-bit numbers
10000001
00111011
10010110
00000101
129
59
150
5
129.59.150.5
14
Class B Networks
1 0
14-bit Network ID
16-bit Host ID
129.59.150.5
10
00111011
00000101
000001
10010110
16
2 or 65,536 Host Addresses per Network
15
Class C Networks
22-bit Network ID
8-bit Host ID
1 1
192.111.110.5
11
000000
01101110
01101111
00000101
8
2 or 256 Host Addresses per Network
16
DHCP

• Dynamic Host Configuration Protocol
• Automatically configures network client for
  TCP/IP communications
• DHCP servers provide only a temporary lease on a
  configuration set
• ipconfig /release, /renew, /all

17
Wireless basics

• Uses radio frequency transmission over the air
  instead of network cabling
• Stable and reliable technology
• Increasing in popularity in business and home
  computing

18
802.11 Media Access Rules

• CSMA/CA
• Carrier Sense Multiple Access with Collision
  Avoidance
• Request to Send (RTS) / Clear to Send (CTS)
• Reduces or Eliminates collisions
• Hidden Node Problem

19
Wireless architectures

• Peer-to-peer (ad hoc mode)
• Wireless NICs talk to each other
• Infrastructure Mode
• Uses Wireless Access Point

20
Ad hoc mode
Computers connect directly with each
other without additional equipment
21
Infrastructure Mode
Ethernet Switch
Router
Access Point
22
Wireless Hardware

• Access point
• Functions just like an Ethernet hub
• Shared media
• Connects to an existing Ethernet connection
• Receiver Network Interface Card
• PC Cards for Laptops
• PCI for Desktops
• PDA versions available

23
Transmission Details

• RF transmitters and receivers, or radios, carry
  data packets as a payload.
• Multiple channels
• 802.11b 14 (FCC allows 11)
• 5 MHz per channel
• APs within range of each other should be on
  different channels

24
802.11b Channels (U.S.)
1
2
3
4
5
6
7
8
9
10
11
2.3995
2.4045
2.4095
2.4145
2.4195
2.4245
2.4295
2.4345
2.4395
2.4445
2.4495
2.4745
25
Non-overlapping Channel Map
1
1
1
6
6
11
11
11
1
1
6
6
11
6
11
26
Positioning Wireless Access Points

• Conduct an RF site survey

27
Range per Access Point

• 75-150 feet indoors typical
• 500 feet in open areas
• 1000 feet outdoors
• Performance degrades with devices located further
  from the AP

28
Wireless Devices
29
Types of Wireless Devices

• Access point
• Bridge wired network to wireless
• Wireless Router or Gateway
• Bridge
• NAT Network Address Translation, allows multiple
  devices to share single IP address
• Router Connects wireless network to Internet
• Usually connects directly to DSL or cable modem
  connection

30
Wireless Network Interface Card

• PCI
• PC Card
• Pocket PC, Palm Pilot
• Almost always built into current mobile devices

31
Wireless Flavors

• 802.11
• 802.11b
• 802.11a
• 802.11g
• 802.11n (future)

32
802.11

• IEEE 802.11 WLAN committee initially formed in
  1997
• Original specification
• Now obsolete
• 1-2 mb/sec

33
802.11b offers 11 mb/sec

• Original standard
• 11mb/sec
• 2.4GHz band
• Still 90 of market

34
RF interference

• 2.4 GHz frequency used by other devices
• 802.11a, g
• Microwave Ovens
• Cordless telephones
• Bluetooth (high-speed frequency hopping)
• Rogue 802.11 equipment

35
DSSS modulation

• Direct-sequence spread spectrum

36
802.11a delivers up to 54 mb/sec

• 54mb/sec
• 5GHz band
• Higher performance
• Higher cost
• Shorter range (180 feet)

37
802.11g

• 54mb.sec
• Alternate future standard
• Backwards with 802.11b
• Operates in same 2.4GHz band as 802.11b

38
802.11n

• Proposed next generation of 802.11 technologies
• Up to 100 mb/sec
• No agreement yet. Competing proposals still
  being considered by IEEE 802.11 Task Group N
• multiple in, multiple out (MIMO) technology
• Wide channels 20 40 MHz

39
Wired vs. Wireless bandwidth

• Wired networks will always be faster
• 100 mb/sec Ethernet common for wired networks for
  desktop computers
• Ethernet switching available for wired networks
• 1 GB/sec common for servers and high-performance
  workstations
• 10 GB/sec available for fiber networks

40
Wired networks offer higher performance

• Despite the steadily increasing speed of
  wireless technology, wired networks will always
  outperform it by long strides.
• wireless applications will flourish in places
  where mobility takes precedence over performance
  or where physical cabling is especially
  problematic

41
Balanced perspective

• Wireless technologies have limitations
• Does not supplant need to install copper and
  fiber network cabling in new buildings

42
Wireless Coverage

• Varies according to building characteristics
• Works best in open areas
• Book stacks often too dense and can present
  barriers

43
Configuration issues

• Most use DHCP
• Dynamic Host Configuration Protocol
• Session initiation and configuration usually
  completely transparent

44
Session Set ID

• Unique name given to an access point
• Should all access points in the organizations
  WLAN have the same SSID?
• Should the SSID be broadcast?

45
Exercise

• Configure Linksys Access point

46
Linksys basic Settings
47
Web Security administration
48
Mac Address Filter
49
Windows XP Wireless LAN wizard
50
Windows XP WLAN properties
51
Cost Issues

• Wireless access points slightly more expensive
  than Ethernet Hubs
• Wireless NICs slightly more expensive then
  Ethernet cards (100)
• Cabling needed only to the Access point

52
Access Point Installation
Electrical Power
Electrical Power
Electrical Power
Electrical Power
Electrical Power
Ethernet Connection
Electrical Power
Electrical Power
Omni-directional Antenna
Access Point
53
Wireless Enterprise Infrastructure

• WLAN Switches
• WLAN Gateways
• 802.1x Authentication
• RADIUS
• LDAP

54
Wireless Security Issues

• Implementing a wireless LAN without compromising
  your network

55
Security concerns

• Eavesdropping a major concern
• Unprotected wireless access points are an easy of
  entry for mobile hackers
• Many rogue Wireless LANS were put up in corporate
  networks without IT support or adequate security
• War Driving / War Chalking
• Some war driving / freeloading happens in
  residential settings

56
Positioning your wireless network

• Wireless LANs generally exist on the network edge
  point
• Wireless LANs should be considered untrusted
• Positioned outside the organizations firewall
• Hardened core remains protected

57
Library Network With Public / Staff Separation
Router
Router / Firewall
Ethernet Switch
Ethernet Switch
Ethernet Switch
Library Staff Workstations
Access Point
Public Access Workstations
58
Rogue Access Points

• Wireless networks must fit within the overall
  network design
• Unofficial or Rogue access points can jeopardize
  the security of the rest of the network
• Efforts must be taken to detect and remove rogue
  access points or bring them in to the official
  networks
• Rogue Access Points usually a symptom of
  unresponsive IT departments.

59
Encryption necessary to ensure security

• Sensitive data must be encrypted when transmitted
  across any untrusted network
• Most Encryption algorithms uses a secure key to
  encode the data and decode it after transmission
• The longer the key, the more difficult it is to
  use brute force to decrypt the message
• WEP uses 40, 64, or 128 (WEP2) bit keys

60
Wired Equivalency Privacy

• Optional Encryption scheme part of the 802.11b
  specification
• RC4 encryption
• Single key encrypts all traffic
• No system for key management
• Hackers can easily recover the key
• WEP often not enabled
• WEP can be defeated by sophisticated hackers
• Provides a barrier to most potential intruders

61
Wireless Hacking tools

• At least two open source tools are available for
  recovering 802.11 WEP keys
• WEPCrack
• http//wepcrack.sourceforge.net/
• AirSnort
• http//airsnort.shmoo.com/

62
802.11i

• Security Standard for the 802.11 arena
• Includes WPA and RSN (Robust Security Network)
• Relies on 802.1x specification for port-based
  user and device authentication
• Ratified June 2004
• Marketed as WPA2

63
WPA

• Wi-Fi Protected Access
• Enhanced security over WEP
• TKIP
• Available now
• Backwardly compatible with WEP requires only a
  firmware upgrade.

64
Temporal Key Integrity Protocol (TKIP)

• 128 bit encryption keys
• Each packet encrypted with a different key based
  on a 48-bit serial number, incremented with each
  use.
• Avoids replay attacks
• Relies on a base key with is generated when a
  device associates with the base station
• Ideally unique base keys transmitted during
  802.1x authentication
• Pre-shared keys used otherwise

65
WPA2

• WPA AES WPA2
• Advanced Encryption Standard instead of TKIP
• Stronger encryption algorithm
• Not guaranteed to be backwardly compatible with
  existing WEP equipment
• Personal version uses pre-shared key
• Enterprise version uses 802.1X authentication
  through RADIUS server.

66
WPA/802.1x Diagram

• See
• http//www.infoworld.com/infoworld/img/20FEwifi_in
  -x.gif

67
Wi-Fi Security Services

• SecureMyWiFi (http//www.witopia.net/)
• RADIUS authentication and security key
  distribution service
• Operates with APs that support WPA-Enterprise or
  WPA2-Enterprise
• 29 annual fee

68
Virtual Private Networks (VPN)

• A technology that offers strong security
• Common approach for remote users that rely on
  accessing organizational resources through the
  Internet
• Applicable to wireless users on premises
• Enhances security / adds inconvenience.

69
Encrypted Tunnel provided by a Virtual Private
Network
Router
Router
Ethernet Switch
Access Point
Remote Host with VPN Server Component
Traffic is encrypted along the entire path from
client to host
Remote Laptop with VPN Client
70
Scope of Encryption Provided by WLAN Security
Router
Router
Ethernet Switch
Access Point
Remote Host
Traffic is encrypted only between the Wireless
NIC and the Access Point
Wireless LAN with WEP or WPA
71
Avoid wireless technologies for sensitive networks

• Not appropriate for networks that carry
  confidential or sensitive information
• Protect core network services with internal
  firewalls

72
Library Applications

• Using wireless technology in libraries

73
Library vs Commercial Wi-Fi service

• Fee-based or Free?

74
Wireless Access Policies

• Open unauthenticated access?
• Display appropriate use click-through page?
• Filter?
• Require authentication by library card number?

75
Part of campus wireless infrastructure

• It is becoming increasingly expected that
  students will have wireless access to their
  laptop computers throughout the campus.
• Dorms, Classrooms, Labs, Libraries.

76
Classrooms

• Vision of fully connected classroom can be fully
  realized inexpensively
• Expensive to provide wired connectivity in
  classroom setting
• Mixed blessing (Cliff Lynch observations)

77
Wireless laptops

• Provide access to library resources to laptops
  brought into the library by patrons
• Library supplied laptops can supplement public
  access workstations
• Offer library users more flexibility and
  convenience in access resources throughout the
  library

78
Computer labs

• Mobile labs can be used for training an outreach
  sessions outside the library
• Training labs in the library that can be set up
  and dismantled on demand.

79
Staff applications

• Remote circulation tasks
• Tracking in-library use of materials without
  having to take them to a circulation desk
• Inventory
• PDAs can be used instead of PCs or Laptops

80
Cell Phones

• Many have Internet access
• Libraries may see future demand to make their
  services available to cell phone and other small
  wireless devices
• Current demand limited

81
Interfacing with Cell Phone services

• WAP Wireless Application Protocol
• WAP Gateways part of wireless providers
  infrastructure
• WML Language used for delivering web pages to
  wireless users.
• Ulta-light HTML

82
Library-Specific Wireless Products and Services
83
WAP access to Library Catalogs

• Some vendors offering support
• Examples
• Innovative Interfaces offers AirPAC

84
Polaris Wireless Access Manager

• Product from Polaris Library Systems to
  authenticate user access to the WLAN using the
  patron database using SIP2. Specifically
  supported for Polaris, but works with any other
  ILS that supports SIP2.
• Introduced January 2004.

85
TLC Wireless.Solution

• Wireless.Solution offers libraries a secure setup
  fire-walled from the library's network, with up
  to ten simultaneous VPN connections for staff
  functions.
• Wireless.Solution Pro offers the same security as
  Wireless.Solution, along with managed access to
  control bandwidth per user, the flexibility to
  provide access free or fee-based or a mixture of
  the two, and a personalized interface for the
  library.

86
Dynix Horizon Wireless Gateway

• Dynix offers Horizon Wireless Gateway, a
  comprehensive high-speed wireless networking
  solution for libraries that uses Bluesocket
  equipment and technology.
• Horizon Wireless Gateway comes with tools for
  patron authentication and encryption, bandwidth
  management, regulatory compliance, network
  scheduling, Web-based network management, and
  centralized status and usage reporting.

87
Sirsi Wireless services

• Sirsi offers two new network consulting services
  for libraries interested in installing wireless
  and IP telephony technologies.
• Technology partners for these services include
  Cisco Systems Global Solutions Group, providing
  information technology design and Bluesocket
  Inc., the leading vendor of open-systems wireless
  local area network (WLAN) systems to secure and
  manage wireless access to networks and the
  Internet.

88
Sirsi PocketCIRC

• PDA Circulation Client
• Wireless connectivity

89
Open Source options
90
ZoneCD from PublicIP

• Open source hotspot solution
• Features
• Redirect users to a splash page
• Optional or required authentication
• Content filtering
• Bootable Linux CD does not install on PC but
  runs from the CD
• See http//www.publicip.net
• Free software, but donations appreciated

91
Other Wireless Technologies
92
WiMax

• 802.16 standard
• Worldwide Interoperability for Microwave Access
• A WAN technology
• Last-mile alternative to DSL
• Recent strong support by Intel corporation which
  developed a chip supporting WiMax.

93
Bluetooth

• Wireless protocol for connecting PDAs and
  peripherals to PCs
• Not part of the 802.11 family
• 2.45 GHz spectrum
• Low bandwidth (1mb/sec)
• Short distance (10 meters)
• Recent security concerns

94
RFID

• Radio Frequency Identification
• 13.56 MHz band
• Manufacturers TAGSYS, Checkpoint Systems, Texas
  Instruments
• ISO 15693
• ISO 18000
• Mode 1 Backward compatible with ISO 15693
• Mode 2 Next Gen. High-speed communications with
  multiple tags.

95
Resources

• http//wirelesslibraries.blogspot.com/
• http//www.networkworld.com/topics/wireless.html
• http//www.wi-fi.org
• http//wi-fiplanet.com/

96
Summary

• Wireless networking offers network access to many
  new environments and applications
• An increasingly important supplement to existing
  network infrastructure
• Not a panacea for all network communications
  needs