Wireless networking on the st clair county isd network
Sponsored Links
This presentation is the property of its rightful owner.
1 / 16

Wireless Networking On the St. Clair County ISD Network PowerPoint PPT Presentation

  • Uploaded on
  • Presentation posted in: General

Wireless Networking On the St. Clair County ISD Network. Dennis Buckmaster Network Engineer, St. Clair County ISD. Why Consider Implementation?. Expanded opportunities for technology use within the Schools Potential Cost Savings Catalyst for Other Technologies

Download Presentation

Wireless Networking On the St. Clair County ISD Network

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Wireless Networking On the St. Clair County ISD Network

Dennis Buckmaster

Network Engineer,

St. Clair County ISD

Why Consider Implementation?

  • Expanded opportunities for technology use within the Schools

  • Potential Cost Savings

  • Catalyst for Other Technologies

  • Demand from end users! (if it is not there now it will be shortly)

  • Goal is to Plan for what the users need in a secure way before the users start to add the technology in an insecure way without our knowledge.


Why Be Concerned?

  • Wireless Coverage Range

    • Physical security is no longer a sufficient

    • Wiretapping (WarDriving, WarChalking, and WarPlugging)

    • Internet Leach

    • Traditional Security Issues Expanded due to ease of access

    • Additional Wireless issues to consider

Wiretapping Issues

  • Wiretapping

    • Free tools such as NetStumbler, Kismet and even Pocket Warrior

    • Access to Clear text network traffic including potentially confidential information

    • Vendors will claim this is addressed with SSID, MAC authentication tables, and WEP. Is it?



Traditional SecurityIssues Magnified

  • Gaining access is one of the first tasks in any “Hacking” attempt

  • Tracking Origination is the first step in Prosecution

  • How do you determine where a wireless Attack originates from

  • Wireless Networks should be treated as an insecure environment just as the Public Internet and Dial Up RAS connections are

Additional Wireless Issues

  • Site Survey

    • Dead Spots

    • Coverage

    • Signal Leak

    • Rouge Access Points!!

  • Interference

    • Mostly Unintentional

      • Blue Tooth

      • Cordless Phones

    • Intentional

Technologies to Consider

  • 802.11

  • 802.11b = 11mb 2.4 ghz

  • 802.11a = 54 mb 5 – 6 ghz

  • 802.11g = 54 mb 2.4 ghz

  • 802.11x = port level access control

  • 802.11i / WPA

  • 802.16 = WIMAX - Wireless Broadband

    • WIMAX is not yet Ratified

Wireless NetworkAccess

  • What network access is needed?

    • Internet

    • Internal Networks

  • Who needs access?

    • Staff

    • Students

    • Public

  • What type of data will be accessed?

  • When Is Access Needed?

  • What equipment is available?

  • What Budget is available?

Steps to Secure Wireless (Basic Settings)

  • Do not Broadcast SSID (This may exclude some cheaper Access Points

  • Change the default settings

    • SSID

    • Address Ranges

    • Passwords

  • Choose SSID that does not easily associate to the entity owning the access point

Steps to Secure Wireless (Encryption)

  • Enable Wireless Encryption Protocol

  • Some vendors offer advanced Protocols such as Cisco’s LEAP but this usually requires a single vendor solution

  • Provides reasonable security for low riskdata such as public internet traffic

  • Does not provide adequate security for critical systems (AIRSNORT)

  • WPA and 802.1x Can be used if supported

Steps to Secure Wireless (Addresses)

  • MAC address filters

    • Difficult to manage, Not Scaleable

    • MAC Can easily be Spoofed

  • IP Address

    • Not using DHCP assigned addressescan be one more barrier

    • Do Not use default Addresses for access points

Steps to Secure Wireless (Firewall)

  • Provide only limited (VPN Encrypted) connections to Internal network.

  • Treat Wireless machines as if they are public internet machines. (Use Host based Firewall Software for machines that are usually on)

  • Disable ALL unneeded services on Wireless Machines and regularly apply security patches

  • Use rules that require authentication to validate Network Access

  • Limit Bandwidth and usage times when possible

Network Diagram


Wireless Building Diagram

  • Login