Loading in 2 Seconds...
Loading in 2 Seconds...
Wireless Networking On the St. Clair County ISD Network Dennis Buckmaster Network Engineer, St. Clair County ISD
Why Consider Implementation? • Expanded opportunities for technology use within the Schools • Potential Cost Savings • Catalyst for Other Technologies • Demand from end users! (if it is not there now it will be shortly) • Goal is to Plan for what the users need in a secure way before the users start to add the technology in an insecure way without our knowledge. http://www.vocera.com/products/vocera-new-graphics2.wmv
Why Be Concerned? • Wireless Coverage Range • Physical security is no longer a sufficient • Wiretapping (WarDriving, WarChalking, and WarPlugging) • Internet Leach • Traditional Security Issues Expanded due to ease of access • Additional Wireless issues to consider
Wiretapping Issues • Wiretapping • Free tools such as NetStumbler, Kismet and even Pocket Warrior • Access to Clear text network traffic including potentially confidential information • Vendors will claim this is addressed with SSID, MAC authentication tables, and WEP. Is it?
Traditional SecurityIssues Magnified • Gaining access is one of the first tasks in any “Hacking” attempt • Tracking Origination is the first step in Prosecution • How do you determine where a wireless Attack originates from • Wireless Networks should be treated as an insecure environment just as the Public Internet and Dial Up RAS connections are
Additional Wireless Issues • Site Survey • Dead Spots • Coverage • Signal Leak • Rouge Access Points!! • Interference • Mostly Unintentional • Blue Tooth • Cordless Phones • Intentional
Technologies to Consider • 802.11 • 802.11b = 11mb 2.4 ghz • 802.11a = 54 mb 5 – 6 ghz • 802.11g = 54 mb 2.4 ghz • 802.11x = port level access control • 802.11i / WPA • 802.16 = WIMAX - Wireless Broadband • WIMAX is not yet Ratified
Wireless NetworkAccess • What network access is needed? • Internet • Internal Networks • Who needs access? • Staff • Students • Public • What type of data will be accessed? • When Is Access Needed? • What equipment is available? • What Budget is available?
Steps to Secure Wireless (Basic Settings) • Do not Broadcast SSID (This may exclude some cheaper Access Points • Change the default settings • SSID • Address Ranges • Passwords • Choose SSID that does not easily associate to the entity owning the access point
Steps to Secure Wireless (Encryption) • Enable Wireless Encryption Protocol • Some vendors offer advanced Protocols such as Cisco’s LEAP but this usually requires a single vendor solution • Provides reasonable security for low riskdata such as public internet traffic • Does not provide adequate security for critical systems (AIRSNORT) • WPA and 802.1x Can be used if supported
Steps to Secure Wireless (Addresses) • MAC address filters • Difficult to manage, Not Scaleable • MAC Can easily be Spoofed • IP Address • Not using DHCP assigned addressescan be one more barrier • Do Not use default Addresses for access points
Steps to Secure Wireless (Firewall) • Provide only limited (VPN Encrypted) connections to Internal network. • Treat Wireless machines as if they are public internet machines. (Use Host based Firewall Software for machines that are usually on) • Disable ALL unneeded services on Wireless Machines and regularly apply security patches • Use rules that require authentication to validate Network Access • Limit Bandwidth and usage times when possible
Network Diagram http://www.vocera.com/products/vocera-new-graphics2.wmv