The iPhone is Calling: Resolving Rogue Wi-Fi Access On Campus
- By Greg Murphy
- August 1st, 2007
Unlike mobile phones that connect exclusively to cellular networks, the iPhone constantly searches for a Wi-Fi connection to access the Internet. With students likely to bring thousands of iPhones back to campus with them this fall (not to mention numerous other Wi-Fi-enabled game systems and other gadgets), networks could be flooded with hundreds of additional access requests — and the Help Desk staff can expect numerous support calls from students trying to figure out how to connect their devices to the network. Fears about the impact of these gadgets on network performance and support costs are not unwarranted or alarmist, and clearly illustrate the need for more visibility into the wireless networks of colleges and universities.
Numerous experts and analysts have observed that the iPhone is not intended to be aneducational device, and that relatively few students will be able to afford the purchase of pricy iPhones for their cellular needs. According to some reports, though, hundreds of thousands of iPhones have already been sold, and colleges’ IT Help Desks know that a number of them are eventually going to be coming onto campuses, along with many other Wi-Fi devices.
In the long term, fighting to keep iPhones off the network is a losing battle for IT personnel. In the educational environment, IT cannot hope to exercise 100 percent control over the mobile devices that students, faculty, and staff bring into the school. On the other hand, IT can — and must — maintain tighter control over their network infrastructure and ensure visibility to every device on that network. As more iPhones and other smart phones appear, IT can use network-monitoring tools to troubleshoot problems, locate users, track network usage, and assess performance. Rather than fighting against their students, universities should rise to the challenge and be prepared to support them.
Throughout the last decade there have been many profound changes in IT. Ten years ago, it was virtually unheard of for students and staff to bring their own computers into the classroom. Now, it happens in every classroom, every day. In the next ten years, students will likely be bringing not just one, but multiple network devices to class with them. The iPhone is just the tip of the iceberg.
From the start, smart phones have been a source of IT headaches. More so than computers, mobile phones have becomelifestyle devices used for work, school, and personal activities. Students, faculty, and staff typically select their own phones — and make the decision about when they will be replaced and upgraded. Their priorities may be quite different than IT’s: What does the phone look like? What applications are available? How much music will it hold? Will it access the Internet? One question they rarely ask: How will my device affect IT on campus?
When students and faculty are making these decisions, IT inevitably loses control. To make matters worse, as these phones provide more and more of the functions of a PC (and store almost as much information), they become even more of a security threat, since tiny phones are infinitely easier to lose or steal than a PC. This is especially a concern for faculty that may have access to the university network and confidential documents via these devices.
IT’s first instinct may be to fight back and ban Wi-Fi phones from the school network. But implementing an outright ban is easier said than done. With experts estimating that Apple alone may sell 10 million units in a year, short of hiring a security guard to frisk faculty and students before entering each building, IT cannot stop Wi-Fi-enabled phones from entering.
With the proper network monitoring solution, however, IT Help Desks at colleges and universities can receive an alert every time a new device accesses their network, and also see where they are connected. This sort of reporting and alerts allow for administrators to see who is connecting, where, and with what, giving the school the opportunity to be more proactive.
No matter how proactive IT employees at colleges and universities are, no IT department can expect to control and manage every last device that connects to the campus network. With little hope of exercising total control over their institution, and the devices being brought into the classroom and residence halls, IT staff must control the network itself.
With this in mind, it is critical for every IT organization to establish a clear strategy for managing and monitoring its wireless infrastructure before the Wi-Fi smart phone flood builds in strength.
Establishing Controls Over Network Configuration
If IT’s policy is to entirely block all unknown and unmanaged devices from connecting to the network, every wireless access point and controller on the network must be configured to support that policy. Similarly, if IT wishes to restrict these student- and faculty-owned devices to a guest network with only limited Web access, the configuration of the infrastructure must comply with that policy as well. As educational wireless networks grow to encompass thousands of wireless access points, the only way to maintain tight configuration control is to automate the configuration and audit processes with a sophisticated network management tool.
Maintaining Visibility to Every User and Device
Once users become reliant on the school’s network, IT is likely to become the first to hear about any connectivity issues they may have. When a user calls to say that they cannot connect to the wireless network, the service desk needs tools that put all the necessary information at its fingertips: Where is the user located? Is strong wireless coverage available in that location? What kind of device is the user trying to connect to the network? Has the user successfully authenticated onto the network and are they receiving appropriate network access?
In the early days of wireless, with a small number of faculty and students using laptops to connect, the burden on the service desk was not overwhelming. But with thousands of users carrying laptops, handhelds, and Wi-Fi-enabled phones, the service desk needs fast access to this information and must be trained to diagnose common wireless problems. Again, this type of information can only be provided through network management and monitoring products designed specifically for wireless networks.
Maintaining an Accurate Inventory of Devices
While IT cannot always control what devices are brought onto their campus, it can — and must — maintain an accurate inventory of devices that connect to its wireless network. The wireless management system should maintain logs of every user session dating back years, indicating exactly when each device appeared on the network, how the device authenticated, etc. IT must have a system to generate reports showing every new device and to review those reports to ensure that any unknown, unmanaged devices are connecting only to a guest network with limited access.
Just The Beginning
The iPhone is just the beginning. In the next few years, we can all expect to see more and more student-owned, Wi-Fi-enabled devices on campus: phones, music players, PDAs, cameras, and other specialized equipment. Every higher-ed IT organization needs a strategy for dealing with these types of devices now and in the future — and the flexibility to adapt their support tactics and policies to the changing behaviors and needs of their users. Lacking Harry Potter-like magic to alert them to every threat, IT must instead develop a network management strategy that provides the control and visibility it needs to maintain a secure, supportable network in a rapidly changing environment.
Greg Murphy is founder and COO of AirWave Wireless.