1 / 16

Wireless Networking On the St. Clair County ISD Network

Wireless Networking On the St. Clair County ISD Network. Dennis Buckmaster Network Engineer, St. Clair County ISD. Why Consider Implementation?. Expanded opportunities for technology use within the Schools Potential Cost Savings Catalyst for Other Technologies

yitro
Download Presentation

Wireless Networking On the St. Clair County ISD Network

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Wireless Networking On the St. Clair County ISD Network Dennis Buckmaster Network Engineer, St. Clair County ISD

  2. Why Consider Implementation? • Expanded opportunities for technology use within the Schools • Potential Cost Savings • Catalyst for Other Technologies • Demand from end users! (if it is not there now it will be shortly) • Goal is to Plan for what the users need in a secure way before the users start to add the technology in an insecure way without our knowledge. http://www.vocera.com/products/vocera-new-graphics2.wmv

  3. Why Be Concerned? • Wireless Coverage Range • Physical security is no longer a sufficient • Wiretapping (WarDriving, WarChalking, and WarPlugging) • Internet Leach • Traditional Security Issues Expanded due to ease of access • Additional Wireless issues to consider

  4. Wiretapping Issues • Wiretapping • Free tools such as NetStumbler, Kismet and even Pocket Warrior • Access to Clear text network traffic including potentially confidential information • Vendors will claim this is addressed with SSID, MAC authentication tables, and WEP. Is it?

  5. Netstumbler

  6. Kismet

  7. Traditional SecurityIssues Magnified • Gaining access is one of the first tasks in any “Hacking” attempt • Tracking Origination is the first step in Prosecution • How do you determine where a wireless Attack originates from • Wireless Networks should be treated as an insecure environment just as the Public Internet and Dial Up RAS connections are

  8. Additional Wireless Issues • Site Survey • Dead Spots • Coverage • Signal Leak • Rouge Access Points!! • Interference • Mostly Unintentional • Blue Tooth • Cordless Phones • Intentional

  9. Technologies to Consider • 802.11 • 802.11b = 11mb 2.4 ghz • 802.11a = 54 mb 5 – 6 ghz • 802.11g = 54 mb 2.4 ghz • 802.11x = port level access control • 802.11i / WPA • 802.16 = WIMAX - Wireless Broadband • WIMAX is not yet Ratified

  10. Wireless NetworkAccess • What network access is needed? • Internet • Internal Networks • Who needs access? • Staff • Students • Public • What type of data will be accessed? • When Is Access Needed? • What equipment is available? • What Budget is available?

  11. Steps to Secure Wireless (Basic Settings) • Do not Broadcast SSID (This may exclude some cheaper Access Points • Change the default settings • SSID • Address Ranges • Passwords • Choose SSID that does not easily associate to the entity owning the access point

  12. Steps to Secure Wireless (Encryption) • Enable Wireless Encryption Protocol • Some vendors offer advanced Protocols such as Cisco’s LEAP but this usually requires a single vendor solution • Provides reasonable security for low riskdata such as public internet traffic • Does not provide adequate security for critical systems (AIRSNORT) • WPA and 802.1x Can be used if supported

  13. Steps to Secure Wireless (Addresses) • MAC address filters • Difficult to manage, Not Scaleable • MAC Can easily be Spoofed • IP Address • Not using DHCP assigned addressescan be one more barrier • Do Not use default Addresses for access points

  14. Steps to Secure Wireless (Firewall) • Provide only limited (VPN Encrypted) connections to Internal network. • Treat Wireless machines as if they are public internet machines. (Use Host based Firewall Software for machines that are usually on) • Disable ALL unneeded services on Wireless Machines and regularly apply security patches • Use rules that require authentication to validate Network Access • Limit Bandwidth and usage times when possible

  15. Network Diagram http://www.vocera.com/products/vocera-new-graphics2.wmv

  16. Wireless Building Diagram

More Related