|
Wireless LAN standard and configuration
Supported Protocols, Platforms, Wireless Cards
- For the pilot implementation, we plan to support PC and Macintosh
laptops, under different OS's. Support for PDAs and other hand-held
wireless lan devices will be evaluated for future implementation.
- The wireless network will provide IP-only services. IPX and
AppleTalk will not be supported.
- Any WiFi ('wireless fidelity') compliant card should work with AirBears.
Equipment that is WiFi- compliant is certified by the
WECA (Wireless
Ethernet Compatibility Alliance). See the
FAQ
for a list of cards that have we've tested with AirBears.
Technical Issues:
- Authentication - how to validate users authorized to use the service
Access to AirBears is restricted to members of the campus community who have
a valid CalNetID
and passphrase as well as sponsored visitors with a valid guest account.
AirBears uses a web-based authentication scheme to authenticate a wireless
session. Users open an SSL-enabled web browser to any page, and will be redirected
to the AirBears login page, where they need to enter either their
CalNetID and passphrase or guest account and password. If
authenticated, the user will be redirected to their original web
page. This method has the advantage of not requiring additional
client software or firmware upgrades (most everyone has a web
browser available), nor is it vendor-specific.
The AirBears guest account service
allows Faculty and Staff to create temporary accounts for campus
visitors.
- Encryption - how to protect wireless data streams from eavesdroppers
The 802.11 security standard, WEP (Wired Equivalent Privacy), has been
shown to have inherent flaws that render it largely useless, particularly
for large-scale deployment. WEP relies on a
shared key ('password') between the access point and the client for
encryption/decryption. Unfortunately, this is usually a single key which all prospective users must share, which means that the password is no longer
very private. A well-publicized
study
done by the ISAAC research group in the UC Berkeley
Computer Science department points out numerous flaws in the WEP
approach.
Some vendors (e.g., Cisco and Lucent)
have recently come out with 'dynamic' WEP algorithms that
dynamically allocate keys on a per-user, per-session basis. However,
these schemes are vendor-specific, so they won't interoperate with
other vendor's client cards.
At least for the pilot deployment, there will be no support for encryption
over the wireless network.
Instead, it is strongly recommended to use
application-layer
encryption. For example, to login to UNIX accounts, use ssh or kerberized-telnet,
not telnet; when providing personal or confidential data on the web, make sure
the page is https (not http) secure; for mail, use BearMail, not
Eudora or any mail program that uses unencrypted POP or IMAP.
System administrators should protect
their applications by allowing connections only from encrypted sessions.
- Roaming
Seamless roaming is the ability to move from one AP coverage area to
another without
losing connectivity.
The pilot coverage areas are
discontinguous, so connectivity will be lost if one moves from one coverage
area to another. Support for roaming is very limited at this time, but
experience gained during the pilot should
help determine whether full-scale roaming capability is critical.
Policy Issues
- Interference with other wireless equipment
The 2.4GHz spectrum is unlicensed and used by other wireless devices.
Known conflicts include 2.4GHz cordless phones (e.g. Panasonic), and some
older makes of microwave ovens. Furthermore, some laboratory equipment
operating within the same frequency range may also cause interference.
The campus must determine who 'owns' the airspace, and come up with
ways to regulate its use in the case of conflict.
Some departments or units may have already installed wireless lan equipment
(e.g., Apple Airport base stations).
If the campus extends wlan service to include a coverage area with existing
local wlan equipment, the campus will claim right of 'eminent domain' and
ask that the local equipment be removed. (Note: local wlan equipment that
is connected to a non-private, shared ethernet network, is already,
strictly speaking,
out of compliance with campus policy for user-installed network equipment.)
Other wireless technology, such as Bluetooth, also use the 2.4GHz
range, another potential source of conflict.
- User privacy
NTTMCL is interested in tracking usage patterns of wireless users;
as part of the pilot phase, user mobility patterns will be collected.
User identities will remain anonymous. No personal information will
collected as part of this data collection.
This monitoring activity will need the approval of the Committee on
Human Subjects.
Health and Safety Issues
We have been working closely with the Offices of Environmental Health & Safety,
and Radiation Safety
to ensure that the wireless equipment deployed and/or recommended will
be fully compliant with campus safety regulations and will pose no known
health hazards to the community at large.
There has been
extensive research done on the safety of exposure to radio frequencies.
Manufacturers of wireless LANs must meet stringent
government and industry regulations for safety.
The output power of wireless LAN systems is very low,
much less than that of a cellular phone.
Since radio waves fade rapidly over
distance, there is very little exposure to radio frequencies to
those in the area of a wireless LAN.
No adverse health affects have ever been attributed to wireless LANs.
For more information, visit the web site of the
Wireless LAN Association
Locations
The pilot testbed sites
represent a cross-section of campus areas that may benefit from
wireless access.
The different areas include library study areas, lecture halls,
cafe/restaurant space, offices, lounges, and outdoor space.
Other areas may include labs and conference rooms. The long-term plan
is to blanket an area with overlapping AP coverage so that users
can roam between AP 'cells' without losing connectivity.
Phase 1 sites:
- Haas Business school (selected locations)
- Doe Library carrels, study areas (selected)
- Northgate lecture hall
- Bechtel Library study area
- Free Speech Movement Cafe
- Cesar Chavez (selected locations)
- Foothill Residence Hall (selected locations)
Coverage will be extended to other parts of campus as appropriate.
Suggestions for future sites (preferably areas that serve a large number of users)
can be sent to the
airbears-wireless mailing list.
Support issues
- User Support
During the pilot phase, user support will be provided by the
airbears-wireless mailing list. To subscribe to the list, send email to
Majordomo@listlink.berkeley.edu and type the command "subscribe airbears-wireless"
in the body of the message.
For help with installing a wireless card, students can receive help after
November 1, 2001 at the Student
Computer Consulting Service. Faculty and staff should contact their
departmental IT staff or Dr. Micro
as appropriate.
- Vendor Support
Costs
The pilot service will be provided free of charge until at least the end
of fiscal year 2001. Participants will need to purchase a wireless network
card. Laptop 802.11b cards are available for under $100.
Send questions or comments to
airbears-wireless mailing list. To subscribe to the list, send email to
Majordomo@listlink.berkeley.edu and type the command "subscribe airbears-wireless"
in the body of the message.
|
