Issues with Wireless Networking at CASE
Last Updated on 2/14/01
This document examines possible issues related to the use of
wireless data communications in the data communications
environment at Case Western Reserve University.
It focuses primarily on a wireless data communications
system involving the use of IEEE 802.11b standards, since
such a system is the likely choice for any deployment at
this point in time. Only potential problems and solutions
are examined. The potential benefits of wireless
communication are not examined under the assumption
that the reader is familiar with them.
This document is of primarily historical interest.
Overview
The hype of wireless data communications, similar to the
hype associated with other high technologies, creates
expectations about the capabilities of such a system, which
often exceed reality. The community, users and decision makers,
needs to understand some of the problems and practical
limitations associated with wireless data communications.
The community also needs to understand that there will be
non-trivial costs beyond the costs of the basic system in
order to implement wireless data communications on this
campus. The areas of wireless data communications with
potential issues include but are not necessarily
limited to: performance, security, obsolescence,
interference, and system administration and operations.
This document examines these issues in more detail.
Performance
Performance is an area of concern with respect to wireless
data communications. For systems using the IEEE 802.11b
standard, the operation of a wireless cell is similar to
a shared Ethernet hub in that the wireless cell operates
half-duplex (stations cannot transmit and received
simultaneously) and is shared (only one station can send
or receive at a time). Users on campus are already unhappy
with the performance of the shared Ethernet hubs and it
is likely that users will be unhappy with performance in
congested wireless cells. Other aspects of wireless data
communications, which negatively impact performance include:
- Since wireless communications uses a radio to communicate, the communications is subject to electromagnetic interference and electromagnetic obstacles (see the section on interference below), which can further degrade performance in comparison to a cabled network.
- Measures required to address security concerns (see the section on security below) may impact bandwidth in the wireless network because of the additional overhead involved.
- The quantity of information being communicated by users is continually increasing, which will put additional demands on available bandwidth.
- There is no method within the wireless cell to throttle a user who is being selfish and consuming the available bandwidth (see the security section below).
Wireless communications will always lag behind cabled
communications in its ability to deliver bandwidth.
The primary philosophy at CWRU should be that wireless
augments a cabled network and that wireless will not
represent the primary means of data communications on
campus. A cabled connection will always provide better
service than a wireless connection. Every effort should
be make cabled connections available where possible.
Congestion problems with wireless can be somewhat
ameliorated by covering a given area with more wireless
cells by adding base stations. This has the effect of
reducing the number of users sharing the available cell
bandwidth, but there is a limit to the ability to do this.
Security
Security represents an area of great concern with respect
to wireless data communications. Security problems include
unauthorized access, eavesdropping, unauthorized base
stations, and problem client systems.
Unlike a cabled network, wireless communications is
accessible to those who would not have physical access to
the cabled network (for example, from outside the building
or from a lobby or hallway of a building). This creates
two primary areas of concern: unauthorized access to the
network and eavesdropping on communications.
Unauthorized access is a problem because anyone with a
wireless data interface can gain access to the wireless
cell and, therefore, the network. There is no sure way
of preventing someone from gaining access to the wireless
cell. Gaining access is not an extremely difficult problem.
There are some simple measures taken by the product
designers to control access, but they are inadequate to
the task for a moderately determined intruder.
Access to the wireless cell is available anywhere within
the operating radius of the wireless base station (up to
several hundred feet). This is unlike a cabled network
environment where someone must obtain physical access to
a network outlet in order to gain access to the network.
So it will be possible for a wider range of people,
including those who may have no affiliation with the
University, to have access to the network compared to a
cabled system where some sort of physical access is
required. Without some additional protective measures
described below, unauthorized users would potentially
not only have access to CWRUnet but also to the Internet
in general (once they are on CWRUnet, they can get anywhere).
Hackers have already started publishing information about
how to gain access to networks via wireless communications
in locations around the world. One would expect tool sets
to be available to expedite access.
Eavesdropping on wireless communications is also a concern.
Wireless data communication is essentially shared Ethernet,
which means that every member of the wireless cell has
potential access to all the traffic being communicated
within the cell. This is similar to current situation
with shared Ethernet hubs currently in use within CWRUnet,
but dissimilar from the standpoint that it is easier for
an unauthorized person to gain access because no physical
access is required. Such an intruder may even be able to
gain access to the network from outside the building.
Encryption capabilities have been imbedded in wireless
equipment but this method has known problems which allow
hackers to learn the encryption key. Once one has the key,
other users key encrypted communications would be accessible.
A possible solution to the problems related unauthorized
access might be to make the wireless network external to
CWRUnet using technical means. This would provide
essentially the same access one would get to CWRUnet from
the Internet. A VPN (Virtual Private Network) could then
be used to authenticate the user in order to gain normal
CWRUnet access. The VPN system could also provide for
(public key) encryption for the user in order to prevent
eavesdropping. Preventing unauthorized users from
accessing sites off-campus via the wireless system would
also be possible using this mechanism. This additional
security would be obtained at the cost of bandwidth and
of the additional equipment and people resources required
to provide the VPN services. There is also increased
complexity for the end user in terms of installing and
configuring the VPN software.
Another problem related to wireless is that of a problem
client. A problem client is one whose activity interferes
in some way with the normal operation of the wireless
cell. Suppose, for example, that a wireless client is
sending or receiving so much data that it prevents other
users in the cell from reasonably communicating. This
could happen as a deliberate action by an inconsiderate
user, for example, or as a non-deliberate action, say
from a virus-infected computer, for example. There
are likely to be other types of actions or failures
by a client system that would adversely affect
communications within the wireless cell. In such a
situation there is no mechanism to disable the
offending user as there is in the cabled situation.
Furthermore, there is no way to easily identify the
location of the offending user as there is in the
cabled situation.
One can imagine a situation where someone deliberately
tries to interfere with communications within a
wireless cell, just for the fun of it, or perhaps
because the person is disgruntled. This can be done in
ways to evade identification of the source. Imagine
the impact of such a perpetrator in a classroom or
in the library playing games with his fellow networkers.
It could be quite annoying and there isnt much that
can be done with current technology to prevent it.
Note that this type of situation generally does not
occur in the cabled network environment because
activity on each individual connection can be
monitored and controlled.
The creation of an external wireless network which
deals with unauthorized access and eavesdropping can
help the situation with problem users who consume
bandwidth (but does not completely eliminate the
issue) in that their traffic can be monitored at
the interconnect point between the external network
and CWRUnet. Assuming the person is using a
registered wireless interface card, an offending
user can be identified. In the case of an
unregistered card, dealing with a problem user
could be very difficult if not impossible.
Another problem is that of the use of unauthorized
wireless systems acquired by members of the campus
community and attached directly to CWRUnet. This is
possible because the cost of the equipment is well
within the reach of individuals and the equipment
is not difficult to configure. Even a laptop with
a wireless interface card can be configured to act
as an access point. This would make it possible
for people to connect to the network and bypass
the standard authentication and security mechanisms.
There is no cost effective way to detect the
existence of such devices.
One could use University policy to help control
unauthorized wireless systems. However, such a
policy will only have limited effectiveness
because there will be individuals who will choose
to ignore policy and implement wireless
networking on their own.
Obsolescence
Wireless data communications is an area where
there is rapid advancement of technology. The most
common type of wireless data communications today
is based on the IEEE 802.11b standard. Already,
another wireless technology called Bluetooth is
being introduced. Bluetooth is not intended to
provide networking over wide areas like 802.11,
but there will certainly be overlap in the
office environment. Within this year, wireless
data communications products based on the IEEE
802.11a standard will become available which
operate in the 5 Ghz frequency range and offer
data rates up to 22 mbps. Technologies offering
even higher data rates will become available
within a year after that. Expect quick
obsolescence of wireless data communications
products over the next few years.
Interference Issues
The IEEE 802.11b wireless LANs operate in the
2.4 Ghz frequency range that is also shared by
other consumer electronics communications devices
including portable telephones, microwave ovens,
and Bluetooth communications. Companies
developing wireless communications products
tested equipment in environments where both IEEE
802.11b and Bluetooth communications existed and
interference problems were discovered. With
regard to other sources of 2.4 Ghz interference,
we did find in actual experimentation that a
microwave oven will definitely interfere with
wireless communications, reducing signal grade
from excellent to poor at a distance of 30 feet
from the microwave oven through walls.
Another source of interference problems for IEEE
802.11b wireless data communications systems is
building structures such as metal floor pans,
structural metal, and heavy equipment, which
prevent the signal from passing through as well
as causing reflections of the signal. In some
areas, more base stations may be required to
provide adequate signal coverage for a given
area. In some cases, performance may be
severely degraded due to such interference.
We found in Crawford building, for example, that
a minimum of two base stations would be required
to cover each floor because of signal quality
(performance demands may require the placement
of additional base stations).
There is a limit to the number of wireless base
stations that can cover a given area because of
the number of radio frequencies available to the
base station. Base stations operating at the
same frequency interfere with one another.
Compatibility between Vendors
There are issues of compatibility between vendors.
For example, while the standards specify that
clients must be handed off when moving between
access points, the details of the mechanism were
left out so that moving between access points of
different vendors may not work. In order for
wireless to work with a minimum of difficulty
and problems, a single vendor's equipment should
be used.
Administration and Operations
At this time, the impact on network operations
with respect to troubleshooting problems and
operating the system is not known at this time.
Since wireless networking involves situations
different from the cabled network, resources
above existing levels for both equipment and
human resources will be required.
The impact on the Help Desk with respect to
procedures for properly configuring client
systems is not known at this time. Certainly
new documentation, training for both support
people and end users, and other additional
support resources will likely be required
to support such a system.
Comments and Feedback
We are always interested to hear your comments and feedback regarding
the University network and the Network Engineering and Security group.
Please send your comments and feedback to:
Chet Ramey, Assistant Director, TIS
