February 2008 — News
Print this article | Email this articleClick here to receive your FREE subscription to T.H.E. Journal
The 2 Mistakes Schools Make in Deploying Wireless Networks
Then you need a pole going up 10, 20 feet or so from the roof just so its signal can get down. Typically, where schools are commercial construction with rebar, steel, most often they get almost no signal from outside to in. Those access points almost always need to go inside. If it's bungalows made of conventional wood construction, you maybe able to get around some of that.
Schaffhauser: The signal can't penetrate certain building materials?
Keeney: Specifically metal. But any substance will reduce the signal strength as soon as you introduce metal and dense materials that may have any sort of moisture in them.
Schaffhauser: You said that security was the second type of mistake that people often make in putting their wireless plans together. What happens there?
Keeney: Sometimes people will get consumer-type devices and set them all up with a shared pass phrase. They give everybody who wants to use the network that password. But ideally, in a campus environment where there's going to be many, many, many people using the networks, you need to have some method of centrally controlling who has access. The consumer access points often don't support that. It's all about choosing a vendor that can not only do the wireless piece but also work with the IT staff to integrate the authentication mechanism into the system that's already in place.
Many of the Cisco [wireless products] and other brands have tools that allow you to tie it into LDAP or Active Directory and allow you to use the same system. Windows has the capability of showing itself as a [Remote Authentication Dial In User Service] (RADIUS) Server. There are plenty of tools out there to integrate them. It's just a matter of finding the right one.
I liked to get the whole security mechanism working first, and then we wouldn't deploy until we knew that we had everything secured.
Schaffhauser: How do you know that the security mechanism is actually operational?
Keeney: It's all about setting up the access points so it won't allow any connection without security. At the same time, many vendors will have what are called sniffers, which basically sniff the packets of data off the air. You could examine the packets to verify that any transmission is securely encrypted.
There are circumstances where they may want an area or some place where either visitors or the public can get onto the Internet, like a hotspot type of situation. Of course that's not going to be encrypted. Then the key is to verify that no one on that open network can actually get into the school network. You just have to write the rules in the hardware that only allow connection to the Internet, nothing to the internal network. Most of these firewalls and other access control devices have that capability. So, it's a matter of configuring them correctly and then, of course, testing to make sure that all the configurations are set up correctly.
