Transcript Wireless Networking On the St. Clair County ISD Network

Wireless Networking On the
St. Clair County ISD Network
Dennis Buckmaster
Network Engineer,
St. Clair County ISD
Why Consider
Implementation?





Expanded opportunities for technology use
within the Schools
Potential Cost Savings
Catalyst for Other Technologies
Demand from end users!
(if it is not there now it will be shortly)
Goal is to Plan for what the users need in a
secure way before the users start to add the
technology in an insecure way without our
knowledge.
h
Why Be Concerned?

Wireless Coverage Range
– Physical security is no longer a sufficient
– Wiretapping (WarDriving, WarChalking, and
WarPlugging)
– Internet Leach
– Traditional Security Issues Expanded due to
ease of access
– Additional Wireless issues to consider
Wiretapping Issues

Wiretapping
– Free tools such as NetStumbler, Kismet and
even Pocket Warrior
– Access to Clear text network traffic
including potentially confidential
information
– Vendors will claim this is addressed with
SSID, MAC authentication tables, and
WEP. Is it?
Netstumbler
Kismet
Traditional Security
Issues Magnified

Gaining access is one of the first tasks in any
“Hacking” attempt
 Tracking Origination is the first step in
Prosecution
 How do you determine where a wireless Attack
originates from
 Wireless Networks should be treated as an
insecure environment just as the Public Internet
and Dial Up RAS connections are
Additional Wireless Issues

Site Survey
–
–
–
–

Dead Spots
Coverage
Signal Leak
Rouge Access Points!!
Interference
– Mostly Unintentional


Blue Tooth
Cordless Phones
– Intentional
Technologies to Consider

802.11
 802.11b = 11mb 2.4 ghz
 802.11a = 54 mb 5 – 6 ghz
 802.11g = 54 mb 2.4 ghz
 802.11x = port level access control
 802.11i / WPA
 802.16 = WIMAX - Wireless Broadband
• WIMAX is not yet Ratified
Wireless Network
Access

What network access is needed?
– Internet
– Internal Networks

Who needs access?
– Staff
– Students
– Public

What type of data will be accessed?
 When Is Access Needed?
 What equipment is available?
 What Budget is available?
Steps to Secure Wireless
(Basic Settings)

Do not Broadcast SSID (This may exclude
some cheaper Access Points
 Change the default settings
– SSID
– Address Ranges
– Passwords

Choose SSID that does not easily associate
to the entity owning the access point
Steps to Secure Wireless
(Encryption)





Enable Wireless Encryption Protocol
Some vendors offer advanced Protocols such as
Cisco’s LEAP but this usually requires a single
vendor solution
Provides reasonable security for low risk
data such as public internet traffic
Does not provide adequate security for critical
systems (AIRSNORT)
WPA and 802.1x Can be used if supported
Steps to Secure Wireless
(Addresses)

MAC address filters
– Difficult to manage, Not Scaleable
– MAC Can easily be Spoofed

IP Address
– Not using DHCP assigned addresses
can be one more barrier
– Do Not use default Addresses for access points
Steps to Secure Wireless
(Firewall)





Provide only limited (VPN Encrypted)
connections to Internal network.
Treat Wireless machines as if they are public
internet machines. (Use Host based Firewall
Software for machines that are usually on)
Disable ALL unneeded services on Wireless
Machines and regularly apply security patches
Use rules that require authentication to validate
Network Access
Limit Bandwidth and usage times when possible
Network Diagram
h
Wireless Building Diagram