[WEB4LIB] RE: Wireless APs and Liability

[Andrew Mutch]

Karen,

As I noted on the "Top Tech Tips" post, you can implement a fairly robust
security scheme using PublicIP [http://www.publicip.net]. PublicIP is a modified
version of the NoCat wireless authentication program. It runs off a CD and
provides authentication, firewall and bandwidth throttling services all in one
package. All you need is a PC with a decent amount of RAM and two network cards
and a floppy drive. As far as configuration, it's pretty easy to set up. If you
are familiar with basic TCP/IP networking, you should be able to set this up.

One caveat is that when it runs in Closed Mode, the mode which provides a lot of
the control features, it needs to to talk to the server that's managed by the
guy who's developed PublicIP. Some people may not be comfortable with that
aspect of the service since it makes you dependent on his server and his
decisions on how to manage it. But that's the tradeoff for his development time
and goodwill in providing the service . As I noted, we run it in Open Mode,
which doesn't require our box to talk to his box.

Even in Open Mode, you can create a custom login page which requires everyone to
view and accept your AUP. In Closed Mode, you can implement individual logins,
block specific ports, throttle bandwith, filter usings DansGuardian, etc. So the
cost for PublicIP is zero dollars if you have an existing PC that can run the
service(of course, if you use it, you should make a donation to support it). The
PublicIP sits between your AP and your Internet connection to manage access by
users. We've also implemented additional security safeguards involving our
network and firewall but that's something anyone should be doing with their
wireless network. I wouldn't just throw an AP out on your network and let people
have at it.

Andrew Mutch
Library Systems Technician
Waterford Township Public Library
Waterford, MI


> These are good questions, and though they are web4lib-worthy, they could
> also justify attending the LITA Institute on wireless to be held just before
> ALA Midwinter. According to its description, the institute will address
> "Security issues in a wireless environment."
>
> I wonder if it isn't worth the extra effort to figure out how to present a
> page such as is used in hotels and so forth, where users "initial" an
> acknowledgment before they can sign on the network. It sounds like sensible
> CYA. (Note: I've been chewing over this since reading the "top tech tips"
> posted to http://www.walkingpaper.org/index.php?id=128 , and now making the
> rounds of the biblioblogosphere. I don't know that you could do security
> right with a $50 AP; has anyone done this? Even if you could implement
> aforesaid script yourself, that's staff time, as is deciding what your
> release form should say. N.b. I do appreciate wi-fi in libraries, and wish
> more libraries in NoCal offered it.)
>
> Karen G. Schneider
> kgs at bluehighways.com