WPA pilot for LAWN offers security, convenience

LAWN’s reluctance to admit us to the Internet is something that many students at Tech have tapped a toe at once or twice.

Whether your goal is to start up a night-long raid or just look up an assignment, up until now, LAWN (Local Area Wireless & Walkup Network) has required all its users to log in before showing them anything more than the now familiar white, green and yellow screen.

Recently, though, Tech’s Office of Information Technology (OIT) has been tinkering under the hood to see how this process could be improved.

Though many have already heard about the switch from WEP to WPA-backed wireless service, most of those are only the particularly tech-savvy, even by Tech standards.

In a nutshell, the switch from WEP (for Wired Equivalent Privacy) to WPA (Wi-Fi Protected Access) means two things. First, the new encryption scheme increases security on the network. Second, students who choose to access campus wireless services through the new method only have to provide their log in information once rather than at each log in.

“While we continue to make improvements to the web-based captive portal login, including a new cookie option that works for up to 15 days, WPA gives users the ability to enter login credentials [only] one time. A WPA supplicant can [provide] your login credentials every time you are required to authenticate,” said Matt Sanders, Wireless Services Manager at OIT.

The security provided with WPA marks an improvement over what was used in GTwireless (WEP).

“WPA users…get the benefit of better security over the wireless portion of their connections to services. However, we still encourage users to practice strong end-to-end and host-based security,” Sanders said.

Not only has WPA increased the security of the wireless the students use, but it has also allowed OIT to better identify and maintain the network.

“For OIT, WPA has additional benefits, the most important of which is the ability to authenticate users before they are placed on a network or given an IP address. This gives us some ability to scale the network and differentiate services and policies without having to introduce new wireless networks,” Sanders said.

The other benefit of changing to WPA is the ability to log onto the wireless without accessing the LAWN page in one’s browser each time.

“One of the most consistent requests we get for improvements to LAWN is to improve the login process so that users don’t have to type in their username and password as often,” Sanders said.

Something students should keep in mind, though, is that the ability to automatically log in could be dangerous on a shared device, and the LAWN website cautions against configuring any computer used by more than one person for WPA at this time.

“The main thing that users need to know is that what is changing with WPA is when and how you authenticate, not what network you are on. You are still on a LAWN network when you authenticate via WPA, but you’ve done a network-based authentication prior to being connected to an IP network, as opposed to a web-based authentication which requires you to have an IP address on a LAWN network,” Sanders said.

No platform is completely perfect, though, and WPA has a few kinks left to work out, mostly with compatibility issues. Though its more recent versions are much improved in this area, with most operating systems and devices perfectly capable of making the switch, there are still a few hard-to-handle cases. The LAWN website provides users with troubleshooting guides for hooking up a long list of devices to WPA.

Sanders also described how the lack of direct interaction from students with the system made debugging it more difficult.

“Another drawback is that if there are issues related to authentication with WPA, it can sometimes be hard to diagnose since you are not involved [with] its activity. In fact, the primary reason we held off implementing WPA, and the reason it’s still a pilot, is that some of the client issues are difficult to diagnose,” Sanders said.

A statement on the LAWN website said, “Our experience to date with WPA has been mostly favorable; however some problems do exist and can be very frustrating. By using this service you will help us to better evaluate and make improvements before the service goes into production.”

Sanders said that in addition to the switch to WPA, many of the wireless nodes across campus are currently being upgraded, meaning that Tech students who on Tech’s wireless networks could see a jump in their data rates.