Setting New Standards

• 03/01/08

##AUTHORSPLIT##<--->

Changes are coming to the world of WiFi, where safer and speedier wins the race.

WHILE WIRELESS SYSTEMS of all types (cellular,Bluetooth, WiFi) have inveigled their way into many facetsof everyone's life, WiFi in particular is still sometimes viewedaskance by K-12 districts. Many technology officers worrythat wireless signals are insecure and could afford thosewith malicious intent a way to gather private information. Asecond set of skeptics sees potential value inwidespread wireless, but is cautious about the throughputspeed when large numbers of users are active on thenetwork at one time. Recent and upcoming changes to WiFimay reassure both groups.

More Muscular Security

With more than 300 commercial members, the Wi-Fi Alliance is an industry-driven group that develops standards to permit WiFi systems to interoperate and provide new functionality. It's in the group's best interest to ensure users are satisfied, with the underlying goal that its members will then sell more WiFi products. One of the alliance's more recent standards is Wi-Fi Protected Access 2, or WPA2. According to the Wi-Fi Alliance, "WPA2 provides network administrators with a high level of assurance that only authorized users can access the network." This process is known as authentication.

WPA2 is based on the Institute of Electrical and Electronics Engineers' 802.11i wireless security standard, finalized in June 2004. The IEEE is a standards-setting body that also developed Ethernet network standards. This standard is specific to WiFi (802.11) and enhances security of these networks; 802.11i itself is built on the foundation of previous standards and protocols.

The key takeaways related to 802.11i for K-12 technology folks are: 1) that an authentication server is necessary, and 2) that encryption is applied to the wireless traffic.

The authentication server checks the identity of a user requesting wireless connectivity. If the identity information is invalid, that user is not allowed beyond the authentication server and therefore obtains no access to network resources. Think of it as looking through a peephole and, if you see something amiss, simply not opening the door. If you have a remote authentication dial-in user service (RADIUS) server on your wired network, it may be used for the wireless network as well. If not, you will need to add one. Many wireless equipment manufacturers provide RADIUS software with their solutions, and some provide hardware, too. Be sure to ask about this when evaluating options.

Encryption adds another layer of security. If someone is able to hack through or around the authentication process, encrypted data prevents that intruder from understanding the content. Rest assured that the method of encryption used in 802.11i (Advanced Encryption Standard, or AES) is much more difficult to break than earlier wireless versions and is the federal government's current standard for network encryption.

New WiFi equipment comes with WPA2 on board, but it is not the default mode; it must be turned on by those installing the system. WPA2 is backward compatible with earlier encryption standards, so older WiFi equipment will continue to function in a mixed environment. However, be aware that if you intend to continue using older WiFi access points (APs), you will not be able to take advantage of the new security features in WPA2. If you are concerned about security, it would be wise to consider replacing or upgrading your access points, since the older ones remain vulnerable.

A Need for Speed

One of the principal complaints about WiFi networks is that they are slow-especially in comparison to wired networks. (Of course, keep in mind that the wireless local area network is just one component of an overall network connection that may have other chokepoints, such as a too-busy web server.) Physics partly dictates this in that signals dissipate more quickly when sent "over the air" compared to when sent via cable. The other factor is that WiFi is, by default, a shared medium. All users who are connected to a single access point share the bandwidth available through that AP. This is unlike switched wired networks, in which every user has a dedicated amount of bandwidth.

Since there is, as yet, no way to provide a 1-to-1 connection for every wireless user, WiFi systems designers have developed alternate methods to increase the raw data rate. The IEEE 802.11n Draft 2.0-the final standard is expected in late 2008-introduces several techniques that make significant headway in this area.

One of the 802.11n techniques is the use of multiple-input/ multiple-output antennas. Today's laptops do not yet contain built-in MIMO antennas, but those appearing in the next year or so will begin to. Plug-in PC cards and USB devices will be available to add this feature to existing computers. MIMO antennas create the equivalent of a multilane road for wireless signaling, allowing up to four times the network traffic to move at once. Beamforming, space-division multiplexing, and diversity are all techniques employed to increase throughput. There is a tradeoff in power consumption, however. MIMO antennas built into laptops will draw much more power, shortening battery life. Chip makers such as Broadcom and Intel are developing power-save features in laptops to help mitigate this potential drawback.

While the 802.11n draft standard describes several techniques to increase bandwidth, it does not make all of them mandatory. In fact, there are 576 possible data rates. We can infer from this that not all manufacturers will implement the same set of options, thus interoperability may be limited. This does not affect end-user laptops, etc., but could well have an impact on wireless access points and controller equipment-not quite what everyone hopes for in a standard. The result is that, for the foreseeable future, you should consider sticking with just one manufacturer for that back-end wireless equipment.

Current Draft 2.0-compliant 802.11n devices have been tested at 130 to 200 megabits per second real-life (not theoretical) throughput. Compared to roughly 25 Mbps for previous forms of WiFi (802.11g and 802.11a), the difference is truly noticeable. In a classroom of 30 computers, a single 802.11n access point would allow for approximately 5 or 6 Mbps per user. While this doesn't sound like much compared to 100 Mbps wired Ethernet, it's a whole lot better than the less than 1 Mbps per user we've experienced so far. And, of course, wireless is significantly easier to deploy in a classroom environment, where safely cabling every desk is a thorny task.

It still makes sense to cable rooms you are certain will be used as computer labs, but regular classrooms will soon need network connectivity for more than just a few devices. The infusion of many more network-enabled devices in the classroom- whether as a result of 1-to-1 initiatives or because students bring in their own laptops-will drive technology offi- cers' decisions about when to implement 802.11n.

Make a Plan

To take full advantage of the benefits of WPA2 and 802.11n, school CTOs should plan out a strategic implementation. Consider each building as a whole rather than attempting to provide spot coverage. The latter can create intense headaches due to channel interference. A badly designed wireless network can even take down the wired network to which it connects, so take time to properly develop the design, or seek help in doing so.

You should also question WiFi manufacturers' representatives. Ask them about management capabilities. Does their system let you update software on all APs through a single command? Will the system alert you if someone tries to connect to an unauthorized access point, and can it tell you where that device is located? Can the access points configure themselves to take into account the proximity of neighboring APs? These features streamline wireless network management into something, well, manageable.

The upshot: Secure, faster WiFi is in your district's future, so plan for it.

Wendy Chretien is a consultant with Elert & Associates, an independent technology consulting firm.

This article originally appeared in the 03/01/2008 issue of THE Journal.