1 / 18

UK WLAN Deployment Survey

UK WLAN Deployment Survey. Tim Chown Electronics and Computer Science Department University of Southampton (UK) tjc@ecs.soton.ac.uk TERENA TF-Mobility Meeting, Amsterdam 10 th February 2003. UK WLAN survey. Run jointly by UKERNA and University of Southampton

pattersonr
Download Presentation

UK WLAN Deployment Survey

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. UK WLAN Deployment Survey Tim Chown Electronics and Computer Science Department University of Southampton (UK) tjc@ecs.soton.ac.uk TERENA TF-Mobility Meeting, Amsterdam 10th February 2003

  2. UK WLAN survey • Run jointly by UKERNA and University of Southampton • UKERNA interested in general access for UK HE community – e.g. includes microwave point-to-point links • UoS has small JISC-funded WLAN project (MAWAA: Mobile Ad-Hoc Wireless Access for Academia) • Questionnaire on UKERNA web site • Results collated jointly and being analysed by UoS with a view to some follow-up visits.

  3. Preliminary survey results

  4. WLAN usage survey • First stage complete • 37 (+4) survey replies • Quite detailed questionnaire • Probably enough replies to gain some insight into trends, but over 200 universities and 300+ FE colleges use JANET network • Appears that most deployments are in early stages, thus timely to recommend best practice • Figures for UMTS/GPRS/etc not presented here • Site interviews and visits to follow • Six sites identified • Final survey report by end of February 2003

  5. Security/access control • (Intentional) Guest access – 2 sites • No one reported any wireless-related (known) security incidents

  6. Comments on the responses

  7. General concerns (1) • Security of the wireless medium • Access (MAC filtering acknowledged as weak) • Data snooping where no WEP/VPN • Publicised issues with WEP • Weak keys, need to see lots of traffic to break • 802.11b/802.11a interoperability • Fear of future changes making new deployment obsolete • Marginal connectivity issues • Users tend to gather near to APs, prefer wires • Many university buildings have very thick walls • Some hard-to-diagnose WLAN problems • Particularly where large numbers of devices

  8. General concerns (2) • Bandwidth in large deployment • Impact of multicast • Wireless to “time consuming” to deploy • Supporting client software where required • Rogue access points on internal VLANs • Breaks “wired security” of VLAN • Frequency/channel interference • Rogue access points on same ESSID • Potential man-in-the-middle attacks • 802.1x authentication to wrong AP? • Offering mobility in multi-subnet wireless network • Management of large (100+ AP) deployments

  9. Good points • Very few interoperability issues reported between wireless technologies • But a few reported between vendor equipment • Cheap commodity access points more problematic • Many universities want to deploy and support campus-wide mobile wireless services • Some plan SMS or GPRS integration • Very few plans for location-aware services yet • Many different VPN solutions available • But require client software and support • Common comment to treat WLAN like a “dial-up” (with associated VPN, firewall and other implications) • Can use wireless access controls on wired networks also

  10. Securing access: • Some FUD factors:- • WEP • Little confidence in the technology • VPN/BlueSocket • Perceived as complex • 802.1x • Perceived as complex • Not widely supported yet • Thus deployment is cautious

  11. RoamNode • Developed at Bristol • Freely available, open system • Integrated authentication, VPN, IDS • Uses NAT internally, Public IPs via VPN • Syslogging can be used • Web-based management • RADIUS back-end (e.g. FreeRadius) • Runs on commodity PC hardware • Requires client software • Already present on Windows XP • QoS and SNMP extensions being implemented

  12. WNap • A community wireless project • Offers initial connectivity to a local WLAN • Private IP address assigned by DHCP • Can then communicate in the local WLAN • Must authenticate to and join VPN to access external services • Established via RADIUS back-end • Similar in spirit to Open.Net • (a system available in Sweden/Stockholm)

  13. BlueSocket • Commercial solution • Deployment of a “black box” system • Offers VPN solution • One box can serve a /24 network • Cost seems high: £5,000 per box? • Do we want to go down proprietary paths? • Was presented at UK Networkshop 2002 • (will determine more from the Open University site visit)

  14. The MAWAA project

  15. MAWAA project goals • Embrace pervasive wireless network access • Vision of wireless campus • Rapidly growing staff + student use of laptops, PDAs • 802.11b now, 802.11a/g becoming available and UK open • PDAs now available with built-in Wireless LAN adaptors • Consistent access method in UK (+ EU) HE • Evaluate security and access mechanisms • Access control desirable for (civil) accountability • Encryption of Wireless LAN data desirable • Trial technologies

  16. MAWAA requirements • Consistent access control mechanism • Needs consistent authentication back-end • The detailed site mechanisms may vary • (Inter)national interoperability is highly desirable • Integration of cheap commodity equipment is desirable • Support at the IP layer • IPv6 emerging • May wish to apply IP layer security • Ideally usable at application level • Can we have single access control and resource access? • Ease of use (for users and administrators)

  17. MAWAA deliverables • WLAN deployment survey • Look at WLAN deployment barriers • Seek out best current practice in UK HE • Results and interviews (Feb ’03) • Technology review • Includes promising technology, e.g. 802.1X + RADIUS • Access technology report (Apr ’03) • Site deployment trials • Trying best concepts from technology review • Demonstrate interoperability with UK + EU sites • Final report (Jul ’03)

More Related