160 likes | 294 Views
Wireless Networking On the St. Clair County ISD Network. Dennis Buckmaster Network Engineer, St. Clair County ISD. Why Consider Implementation?. Expanded opportunities for technology use within the Schools Potential Cost Savings Catalyst for Other Technologies
E N D
Wireless Networking On the St. Clair County ISD Network Dennis Buckmaster Network Engineer, St. Clair County ISD
Why Consider Implementation? • Expanded opportunities for technology use within the Schools • Potential Cost Savings • Catalyst for Other Technologies • Demand from end users! (if it is not there now it will be shortly) • Goal is to Plan for what the users need in a secure way before the users start to add the technology in an insecure way without our knowledge. http://www.vocera.com/products/vocera-new-graphics2.wmv
Why Be Concerned? • Wireless Coverage Range • Physical security is no longer a sufficient • Wiretapping (WarDriving, WarChalking, and WarPlugging) • Internet Leach • Traditional Security Issues Expanded due to ease of access • Additional Wireless issues to consider
Wiretapping Issues • Wiretapping • Free tools such as NetStumbler, Kismet and even Pocket Warrior • Access to Clear text network traffic including potentially confidential information • Vendors will claim this is addressed with SSID, MAC authentication tables, and WEP. Is it?
Traditional SecurityIssues Magnified • Gaining access is one of the first tasks in any “Hacking” attempt • Tracking Origination is the first step in Prosecution • How do you determine where a wireless Attack originates from • Wireless Networks should be treated as an insecure environment just as the Public Internet and Dial Up RAS connections are
Additional Wireless Issues • Site Survey • Dead Spots • Coverage • Signal Leak • Rouge Access Points!! • Interference • Mostly Unintentional • Blue Tooth • Cordless Phones • Intentional
Technologies to Consider • 802.11 • 802.11b = 11mb 2.4 ghz • 802.11a = 54 mb 5 – 6 ghz • 802.11g = 54 mb 2.4 ghz • 802.11x = port level access control • 802.11i / WPA • 802.16 = WIMAX - Wireless Broadband • WIMAX is not yet Ratified
Wireless NetworkAccess • What network access is needed? • Internet • Internal Networks • Who needs access? • Staff • Students • Public • What type of data will be accessed? • When Is Access Needed? • What equipment is available? • What Budget is available?
Steps to Secure Wireless (Basic Settings) • Do not Broadcast SSID (This may exclude some cheaper Access Points • Change the default settings • SSID • Address Ranges • Passwords • Choose SSID that does not easily associate to the entity owning the access point
Steps to Secure Wireless (Encryption) • Enable Wireless Encryption Protocol • Some vendors offer advanced Protocols such as Cisco’s LEAP but this usually requires a single vendor solution • Provides reasonable security for low riskdata such as public internet traffic • Does not provide adequate security for critical systems (AIRSNORT) • WPA and 802.1x Can be used if supported
Steps to Secure Wireless (Addresses) • MAC address filters • Difficult to manage, Not Scaleable • MAC Can easily be Spoofed • IP Address • Not using DHCP assigned addressescan be one more barrier • Do Not use default Addresses for access points
Steps to Secure Wireless (Firewall) • Provide only limited (VPN Encrypted) connections to Internal network. • Treat Wireless machines as if they are public internet machines. (Use Host based Firewall Software for machines that are usually on) • Disable ALL unneeded services on Wireless Machines and regularly apply security patches • Use rules that require authentication to validate Network Access • Limit Bandwidth and usage times when possible
Network Diagram http://www.vocera.com/products/vocera-new-graphics2.wmv