Wireless - Questions

Why the change from [Secure] and [Open]

There are two primary reasons why the SSIDs, or "names" of the wireless networks were changed:

  • WPA Encryption with a TKIP cypher was previously used.  This is pretty secure and is an older standard, so more devices worked with it.  However, using the TKIP cypher is incompatible with 802.11n technologies.  Without the change we would be stuck at 802.11G speeds indeffinitely.
  • It was also time to show that [Open] doesn't mean "inviting."  IT received a lot of feedback that students were being frequently "kicked off" the wireless, which was a behavior built in to the [Open] networks to encourage moving to a [Secure] network.  The incentivizing did not work as well as we had hoped.  We are hoping this name change, along with other factors, makes the "better" network more clear.

Why can't I log in to [Unencrypted] like I could on [Open]?

As per the explanation above, the message that [Open] was not for everyday use did not come across clearly.  For this reason we have removed the ability to log in and browse the internet from any [Unencrypted] network.


Please note - the ability to visit McKendree websites is not restricted and does not require a log-in.  Any person can still visit Blackboard, Webadvisory, or any McKendree-owned website.  Just in case a device doesn't support the newer types of encryption we wanted to make sure a student can fulfill their academic requirements on the wireless networks. 


Why do we need this security, anyways?  It makes it too hard.

We agree - things are a bit harder to set up and connect.  This is a necessary change, though, given the increasing ubiquity of wireless devices and the security concerns that come along with large wireless networks.  Here are a few reasons as to why we require high levels of security on wireless networks.

  • Wireless sniffing - A user on an unencrypted network could easily "sniff" packets and collect a lot of information.  This can include things like usernames and passwords for any site you visit.  With modern use of SSL on most webpages this is limited, but with the creation of easy-to-use tools that transparently remove SSL encryption it became necessary to increase our standards to safeguard both our users and McKendree's network resources
  • Single username/password - Each user is uniquely protected by the use of their own username and password.  This means that, not only is each session unique and thus harder to hijack, but we have the ability to prevent unauthorized users.
  • Increased Security Response - Using certain security techniques we are also able to pinpoint a trouble machine that may be infected with malware, without the owner even knowing, and e-mail them to make them aware of the issues.
  • Less frequent logins - We know you don't want to log in every time.  By using these more advanced security features you will not have to log in repeatedly.  You will only need to reauthenticate when your McKendree password is changed.  This means very infrequent logins. 

What is going on at McKendree West?

McKendree West is a demo location for a new wireless design that we hope to eventually deploy to the main campus.  The basic design was prototyped on the Main Campus in IT before the large-scale demo was done at McKendree West.


We have made several redesigns and tweaks to the systems at McKendree West as time moved on and we gathered more information about how students use wireless networks.  The design is very stable now compared to its original setup.  We have also added new features like the McK [Gaming] network to allow wireless use of game consoles which do not support advanced encryption in use on the primary networks.


I have more quesitons!

Stop by IT and see us.  Seriously.  We love to talk about how we design services for our students.  We also take suggestions or advice from anyone that has it.  This is how the McKWest [Gaming] network was created and we will continue to adjust our services based on feedback.


What else is I.T. planning?

IT has several ideas in the works and we need to test them for viability first.  Nothing is ever set in stone, even after deploying a design for normal use.  However - some things we are testing include:

  • Testing viability of Dyanmic Pre-Shared Keys bound to MAC addresses that are automatically registered.  The PSK and connection info is integrated into an "runnable" application on the fly.  The overall goal being to never have to log in a device more than once, even if a user's password changes.
  • Different Gateway/Unifed Threat Management software.  The current design uses a combination of Untangle UTM and pfSense to provide routing, security, and captive portal functionality.  However we are always looking at new ways to provide more efficienct services.  Most recently we demoed Microsoft TMG as a possible solution and found it wasn't a good fit for the behaviors in student networks.
  • Hardware upgrades - We hope to see a design similar to McKendree West become standard across the main campus and eventually all of McKendree's campuses.  Our current hardware is provided by Cisco and Ruckus Wireless and, though we always try to explore new options, they have provided excellent service, quality, and value so far.
  • Web-Caching - We have always been torn on this topic.  On one hand web-caching can provide slightly faster access to various sites under certain circumstances.  On the other hand this also means that data sent to the gateways that is private might be cached and we would see a dramatically decreased lifespan on the hard disks.  So far we have leaned towards privacy and stability, but we are always evaluating new ways to provide faster service.