Wireless Access at REAL Program Libraries
Wireless access is a highly sought service by the public, but it poses certain challenges to the library community and to compliance efforts.
Policy Issues as a result of providing wireless access services
I. E-rate: Libraries must insure that deployed wireless services do not include signal which extends beyond the property line of their organizations. The Schools and Library Division (SLD) has indicated that open wireless network RF signal beyond the property line of a library violates E-rate rules.
- Test the range of all access points by site survey. Use a laptop or PDA and walk around the building and property perimeter to observe signal strength and availability. Frequently, building materials, especially in older buildings, can adequately block or restrict signal strength. It is also important to note that open access points may be available at perimeter points but virtually inaccessible due to low signal strength.
- Power down access points during non-business hours.
- Place access points in a central location to limit the extension of signal beyond property lines.
- Purchase a wireless access point that provides various power levels to limit and shape the range of RF signal to suit your organization.
Some examples are:
- Cisco 521 Wireless Access Point
- Nortel 2330 Access Point
- Proxim Orinoco AP-4000
- DLink DWL-G700AP
* Require authentication for all users. This results in more library control over who is accessing the library's wireless network. Authentication will also insure that network usage is restricted to library staff and patrons. This enables the library to more easily trace problem users if accountability becomes necessary.
II. Authentication of all users on the library wireless network
- MOREnet Acceptable Use Policy (AUP): The MOREnet AUP addresses the need for each MOREnet member organization to make reasonable efforts to ensure compliance of those organizations connected to the MOREnet network. This requirement is to ensure that all users of the network are legally authorized and to protect the quality and integrity of the network.
- Appropriate use of state-funded Internet access: The REAL program is funded with state appropriations. Authenticating users will ensure that the connection is being accessed by library patrons for library purposes.
At a minimum, authentication allows the library to control access to the access points deployed within the library. Many library networks do not separate wireless network traffic or other wired patron traffic from the business or production traffic on their networks. Allowing patron devices onto the library network in such a configuration can lead to some fairly significant security issues. There are various levels of authentication provided by wireless equipment vendors with a wide array of security and administration features.
- Minimal Solution: Prevent access outside the library building. Requiring patrons to physically enter the library in order to access the wireless network will insure that access is not extended beyond the property line. This is most effectively done by site survey as described above or by using an access point with variable power controls to adjust the range of wireless RF signal. It is important to note that this solution guarantees little security and gives no recourse for tracking the activities of users.
- Basic Solutions: Most access points contain basic security features including Wired Equivalent Privacy (WEP) or Media Access Control (MAC) filtering. These options allow library administrators to set a password for the wireless network or to require that patrons register their laptop's unique MAC address with the library network in order to track patron usage. These are relatively inexpensive options in the form of equipment, but may require more staff time to maintain. These options are most appropriate for smaller libraries with a limited number of wireless users.
- Best Solution: Subscriber Gateway Access Points. This option is generally more expensive than some of the basic security options but allows administrators to easily authenticate any new or existing users who wish to access the wireless network. The Wireless Subscriber Gateway creates an account for each user on the network and provides them with a user ID and password for network access. These accounts can be temporary or semi-permanent and require little administration by the library.
Some examples are:
- Zyxel G-4100 v2
- SMC WHSG44-G
- EnGenius WSR-3800
There are more expensive solutions that will integrate these accounts with library card systems.
To determine which solution best fits your library's needs, please contact MOREnet Technical Support at [email protected] or (800) 509-6673.