Staying on point with wireless
- By Nancy Ferris
- Jan 26, 2003
The U.S. Military Academy at West Point, N.Y., in a reversal of its own security policies, is installing a wireless local-area network (WLAN) that eventually will serve the entire academy.
Until last year, the academy prohibited general use of WLANs because of concerns about potential security breaches. The academy would be a tempting target for hackers or even more sinister network intruders, and the security deficiencies of most WLANs are well-documented.
However, after testing newly released WLAN security software with a high-bandwidth network, the academy last fall provided about 800 freshmen with wireless connectivity in classrooms, the library and student lounges. Academy officials plan to extend the WLAN to more areas of the campus and more students in coming months.
Col. Donald Welch, the academy's associate dean for information and educational technology, said the combination of a LAN meeting the 802.11a networking standard and the new release of the WirelessWall Software Suite from Cranite Systems Inc. of San Jose, Calif., met the academy's requirement for a secure wireless network.
Installing a wireless network is much less expensive than wiring the entire campus, and it allows for greater flexibility, Welch said. For example, an instructor can ask students to move their classroom desks and form small groups to work together on academic problems.
Experts at West Point's computer lab tested the Cranite-protected network for security flaws, and "we could not find a way to crack it," Welch said. WirelessWall has undergone testing for Federal Information Processing Standard (FIPS) 140-2, Security Level 1 certification.
WirelessWall access controllers regulate traffic between the network access points and the corporate servers. A WirelessWall Policy Server works with the corporate directory to determine who may access files and directories. For example, employees of a human resources division could be limited to working with personnel-related information and wouldn't have access to files created by financial management workers, regardless of their physical locations.
Other companies have recently introduced comparable solutions for wireless network security, but Cranite officials said their technology focuses on Layer 2 of the network stack, the link layer.
"We encrypt at a lower level in the network stack," said Scott Lucas, Cranite's vice president of marketing. That means Cranite hides more of the information that could be useful to network intruders, he said. Cranite uses the Advanced Encryption Standard, a new FIPS-based standard. The only exposed portions of the transmission are the source and destination addresses, Lucas said.
Meanwhile, he added, users see much the same log-in prompts they see with a conventional LAN. Welch said West Point cadets click on a Cranite icon to activate the wireless network while in class or the library. Their dorm rooms are wired, and each freshman has a docking station in his or her room for connectivity with the Microsoft Corp. Windows NT network.
West Point's wireless access points are made by SMC Networks Inc. of Irvine, Calif. Cadets have Network Interface Cards from several manufacturers, Welch said.
He said West Point waited for 802.11a, which supports five times the data rate of the previous 802.11b standard, to become commercially available because of the need for bandwidth. "A networked computer is a great platform for developing active learning activities," he said.
"Virtually every classroom is a computer lab now," he said.
West Point is spending about $810,000 for software, network access points and NICs for 1,000 students and 700 faculty members, he said. So far, only the Class of 2006 has gotten wireless networking, but the academy plans to make it the norm for incoming classes in future years. Students buy their own computers as specified by West Point.
Ferris is a freelance writer in Chevy Chase, Md. She can be reached at [email protected]
Solving problems The U.S. Military Academy at West Point, N.Y., encountered some unforeseen problems when installing a wireless local-area network (WLAN), according to Col. Donald Welch, the academy's associate dean for information and educational technology.
For instance, some students have downloaded drivers for games and other software that have interfered with their networking. Troubleshooting has become more difficult because the WLAN did not replace the academy's LAN but added complexity to it. However, he said, as network administrators have gained experience with the WLAN, they have learned to more quickly diagnose and resolve problems.