|
Though one of the busiest libraries in Montana, we are a small library by national standards located in western Montana.
Our main branch is two floors and about 15,000 sq ft per floor. Last year we wanted to deploy a wireless hotspot but I was extremely nervous about the security implications of putting an AP (access point) on one of our subnets. It would have been difficult and expensive to protect the subnet from wireless users.
To avoid all that headache, we simply ordered another broadband circuit from a different ISP (Internet Service Provider) in town, connected an AP to it, advertised it to the public, and opened it up for anyone to use. It has been very popular
with the public and it requires very little maintenance.
Thre is no connection between it and any of my other subnets, so I don't have to worry about securing those subnets from an additional potential internal threat.
One AP covers virtually our whole building. This is the access technique folks have learned to use in our meeting rooms too. It does extend outside the building walls and some folks have taken to spending all night camped out on our grounds with their
notebook. This has caused some consternation for our local police. We have just started turning off the AP when the library
is closed to assist the police by not attracting those users to our grounds after hours.
The AP is basically wide open. It advertises its SSID and does not use WEP security to encrypt traffic. It provides automatic addressing as well. We advertise that a wireless connection is inherently less
secure than a wired connection and that patrons are responsible for understanding the risks.
I am blocking only ports 135, 137, and 445, both ingress and egress, because of the vulnerabilities leaving these open presents
to our users. I am also blocking ingress from any traffic claiming to be from my own subnet. It is so easy to access that we get very few requests from the public for assistance. For liability reasons, we do not assist patrons in configuring
their PC's if they are having trouble.
We get a 640K DSL circuit from a local ISP for this service. We use a Cisco 827 router on this end to terminate the circuit.
We have connected a low-end Linksys AP to the router to provide the hotspot. The ISP can collect SNMP information from this router and give
us monthly statistics on our use of the circuit so we can see how much it is being used.
|
Documents
| Wireless Success: Missoula (MT) Public Library |
Using a "separate but equal" strategy, a Montana library provides free wireless access to patrons without compromising internal systems.
|
|
Contribute to this topic
Do you have an article, presentation, or other content to share on this topic?
You can post it on this topic page. Find out more about submitting documents in the Member Center.
Ratings You must be signed in to rate this item
|
Average (0 Votes)
|
Comments