Wi-Fi in K12 schools
Last Post: April 2, 2006:
-
I too love the forums and recommend them to students, coworkers and people interested in Wi-Fi alike. I learn a lot here.
I have been teaching various IT classes for the network administrators for the largest school system in Georgia for the last 6 years. Unfortunately school politics have prevented a functional wireless policy beyond allowed or not allowed to be developed. Not every school has wireless and the ones that do are being deployed by well intended yet under trained administrators. One school thought they were safe using WEP. Another had 6 APs deployed thinking they had good coverage, until I pointed out that they were all on channel 6 and the default SSID and Admin passwords were still in place. A few are well done. I also have worked with another school system that appears to be doing it correctly. They use wireless distribution to extend the network to the trailer based classrooms to avoid running cables across the parking lot. They also use a group of carts with two APs and 12 laptops each so that computers can move from room to room as needed rather than adding another room dedicated as a computer based training class. The point being, schools, no matter the size, are just like businesses. They want the freedom of wireless but are not sure how to implement it. I will answer your questions in order.
1. The deployments I have seen are varied. One provides access from the lecture halls for students and staff and uses WPA2 with AES. The admin that set it up also runs his own consulting business on the side and is quite sharp. It also covers the office area. Selected areas of the building are also covered. A small private school uses a bridge to provide coverage to an outdoor nature trail area which enables students to research the things they see without going back into the school. Above I had mentioned the distribution used to extend networking to trailers. This also allows them to move the trailers as needed without cable issues. When the schools are closed, equipment can easily be secured in the building.
2. I have seen a wide range of equipment in use, from SOHO to Enterprise qualities. If the schools are under contract or grant with a large company they use Enterprise devices, Cisco, Aruba, Colubris etc. If they are not, I?¡é?€??ve seen Linksys, DLink and others.
3. As for security, I have seen everything from the ever popular NONE to very secure integrations with RADIUS and LEAP. The security measures SHOULD take into consideration the type of personal information one may find in a school and lock the network down accordingly. It may not just be the kids trying to get into your network.
4. Best practices dictate a good survey prior to implementation, adherence to any written security guidelines, understanding the intended use of the network, and common sense networking. Balance security with needed throughput. If you make an error, too much security can be backed off, but not enough will lead to intrusions.
5. For VoIP, make sure you use devices that support QoS. Verify with the manufacture of the VoIP systems the devices to use. Do not forget security for voice is just as important as that of data. You may need to co-locate more APs for the demand of VoIP combined with the demand of data.
In a school or business, you must educate the users as best as you can. The users will always be the weakest link in your plan. Add endpoint security to your implementation.
Should you have specific questions, post again or send a PM.
Good Luck,
- 1