University students are said to be the future of the nation. But like corporate employees they can also be imaginative, playful and mischievous when taking advantage of free Wi-Fi.
That’s what Nipissing University, a young central Ontario institution found out when it updated its wireless network four years ago. It took the adoption of a wireless intrusion detection system and analyzer to tame things down.
According to Greg Seamen, manager of network infrastructure support, the university encompasses buildings in the cities of North Bay, Brantford and Bracebridge serving 4,500 students and 300 faculty and staff.
Around 2000 the institution began installing an 802.11 network in the buildings and residences. However, Seamen said, without a sophisticated management system it was hard to keep track of the routers. IT staff used “whatever was available” for wireless mapping, but had to be used on site – not ideal for creating a wide picture of what was doing on the network.
In 2006 the university began upgrading its access points and controllers from Hewlett-Packard, including in-wall AP’s that fit in electrical outlets in residences.
“We try to provide the kids in residence with the same (online) experience the have at home,” Seamen said, “so we try not to limit what they can do – within reason.”
For application control the university has Fortinet Inc.’s FortiGate 3810 security appliances on the wired network.
However, more protection was needed. About 18 months ago the university started looking for a wireless management system and chose Fluke Networks’ AirMagnet Enterprise.
Although the institution was heavily invested in HP wireless infrastructure, Seamen said it decided against a solution from that company so it wouldn’t be tied to one vendor.
AirMagnet Enterprise is a wireless intrusion prevention system with sensors that can be mounted either in wiring closets, on ceilings or on walls. Nipissing has about 50 of them.
Run by sever-based software, the units scan 2.4 GHz and 5 GHz Wi-Fi channels and can detect rouge access points, verify WLAN connectivity and issue alerts for traffic congestion and other problems. It also acts as a spectrum analyzer.
“The beauty is that with the remote sensors in the buildings we can read them with the enterprise console and have visibility as if you were there with a standalone scanner,” said Seamen.
Careful planning of Wi-Fi networks and location of access points is vital for wireless to be effective in enterprises, says Zeus Kerravala, principal analyst at ZK Research, because for many organizations wireless is their primary network.
Wireless network security is better today than it was five years ago, he said, but a big problem is network density needed to handle the increasingly large number of consumer devices with Wi-Fi like Apple iPhones. They don’t have radios as good as those in laptops.
“I often hear stories from workers that their laptops work fine (in their companies) but their iPhone can’t connect to the WiFI. So having a denser network with better coverage for consumer devices is one of the biggest challenges right now” for organizations.
Seamen said AirMagnet has been used to solve problems some university departments had been having. For example, one class that needs Apple iPads for a peer-to-peer app was having connectivity trouble. The spectrum analyzer helped deduce that Apple’s Bonjour protocol needed to be tweaked for multicasting.
With better wireless network visibility, Seamen said, Nipissing has been able to hone its network and fine unauthorized access points students bring in. Although the system can shut down rogue APs, a knock on the door and a request to pull the plug is usually obeyed, Seamen said.