Technology Consultants
Related Service:
Infrastructure

08.13.07

iPhone Brings Down University Wireless Network

Well, maybe not. It turned out to be a problem with the wireless LAN controller software that was quickly patched, resolving the issue. However, the story isn’t about the iPhone, or even the wireless LAN software, it’s really about knowing who’s using what to access your wireless LAN. I’m talking about what we call wireless “guest access”.

Many of our clients are asking us to come and talk about providing wireless Internet access for their guests and visitors. Naturally, they don’t want to put these guests on their production network as that would be a huge security problem. There are typically two parts to the conversation.

First, we discuss the who, or how much do they know about the people that they are providing access to. The more they know, or the more they trust these users, the more access they can provide. Permanent guests or contractors that need access to some or all production systems may be allowed onto a DMZ network, while day visitors are only provided Internet access.

Next, we talk about the what, or what types of devices they are using to access the wireless LAN. Today there are several generations of wireless clients and not all of them support the latest security standards or protocols. Providing access to the broadest range of clients can sometimes limit the functionality of your wireless LAN. How open you want to be will drive many of the design decisions.

If you choose not to limit connectivity by device, you open yourself up to the same risks that Duke University took when several iPhones temporarily disabled their wireless LAN. There was no way for Duke to limit this risk since they didn’t have advanced access to the iPhone to conduct testing.

What Duke did have that allowed them to restore wireless service quickly is a wireless LAN controller-based system. This system is made up of thin access points and a centralized appliance that sends configuration information to all access points.   This allowed them to patch all of their APs from one console and restore service quickly.

At C/D/H we are passionate about wireless LAN design. We have helped many clients solve their wireless problems and have designed entire wireless LAN systems. Ask your C/D/H consultant today and find out how we can help you.