Transcript Setting up and securing a campus-wide WIFI network

Setting up and securing a
campus-wide WIFI network
Lessons Learned
@ Georgia Cumberland Academy
Ernest Staats [email protected]
MCSE, CNA, CWNA, CCNA, Security+, I-Net+, Network+,
Server+, A+ and all around Nerd
URL http://www.gcasda.org/tech/index.asp?id=118
Wifi : 802.11
• Apa yang diketahui ttg WiFi?
1.
2.
Julio : Koneksi Tanpa kabel
Aldo : Area Sebaran sinyal Tebatas/bisa dibatasi, Bisa kirim
data.
3. Ardi : Terdapat berbagai Standar WiFi a/b/g/n/
4. Anita : Kecepatan Berbeda-beda tgt Standarnya
5. Nobertus : Cakupan Area terbatas
6. M Nahak : Bisa untuk distribusi VLAN
7. Fitri : bisa berhubungan dg Internet
8. Ahmad I : Konek ke Wifi bisa bebas/security
9. IP bisa bisa dibuat Dinamic/Static tergantung pada Router yg
mengelola. Wifi bisa sebagai penerus (Switch/Router)
10. Bisa untuk Sharing data
Tentang WiFi
• Jenis Antena beragam Vertikal/Horisontal,
Onmi Directional, Sectoral, pengarah, Dish,dll.
• Wifi bisa Indoor/Outdoor.
• Misalnya : Software Wifi + Perangkat di
Mikrotik untuk manage User.
• Frekuensi (2,4 dan 5,7 Ghz) : Kanal Terbatas
• Software : WiFi dilengkapi dengan Firmware
bisa di Konfigurasi : IP, SSID, Kanal, Daya,
Security, Mode operasi, Standar.
Apa yang diketahui ttg WiFI
• Perangkat punya keterbatasan Kapasitas/
kemampuan yang bisa terhubung dalam
waktu bersamaan.
• Sebaran sinyal wifi bisa terserap /terpantul
/berkurang oleh berbagai halangan : Tembok,
Besi, Air, Gunung/bukit, dll
802.11 family
MIMO
Testing di WiFi Apa saja?
• Keamanan (security) : Security testing.
(Penetration tesing)
• Bandwidth Test : Throughput Test
• Survey / mapping : Coverage area/ WiFi
Mapping. Penentuan jumlah & lokasi
penempatan AP yang tepat.
• Simulasi untuk Hotmap WiFi : Design WiFi.
Testing / Software ??
•
•
•
•
•
•
•
Software/Alat apa saja?
Bagaimana menggunakan?
Hasil bagaimana?
Yang bagus seperti apa?
Manfaat dari Testing apa saja?
Siapa yang bisa melakukan testing?
Profesional testing bagaimana?
Define your WIFI needs:
•
•
•
•
Types of connections
Speed of connection
Acceptable uses
Cost and redundancy
Site Survey:
• What types of interference are you
going to contend with
• What distances do you need to
broadcast
• What types of data are you going to
support over WIFI (data/voice) Network access
• Setup worst-case scenario for testing
• Know what your signal to Noise ratio
• You should be expect an interview
before any testing is done (how many users,
roaming, location of wiring closets)
Site Survey: Report
• Describe survey’s basis, approach and
results.
• Define all requirements, and
assumptions
• Describe RF interference found
• Identify recommended installations
locations and channels for Access Points
• Give a map with listing of RF strength,
and list any dead spots
Adapted from: Certified Wireless Network Administrator certification Course available at:: http://www.cwnp.com/
Self-Installation:
• Do you have the skills/ time for selfinstallation
• Software for testing
• Equipment for testing—use the same
equipment you plan to deploy
Consultant Installation:
• How and what are they using for a site survey
• The Ping of Death True load testing S/N
• Ask for guarantee of results and be a part of
the testing process
Vendors :
• So many choices—which one is right for you?
• Standardize on ONE vendor for a given
application
• The type of network may determine what
vendor you choose
Vendor Relations
• Establishing Constructive Relationships
• Types of Hardware Support
– Vendor
– 3rd-party
– Self
• Two-way Problem Resolution
Adapted from: MSIA Seminar 2 Week 2 M. E. Kabay, PhD, CISSP Program Director, MSIA Norwich University
Establishing Constructive Relationships
•
•
•
•
Avoid the bleeding edge
Price should not be the only factor
Evaluate sales contact from vendor
Specify who has what responsibility in
the contract
• Never buy under pressure (FUD)
• Write down details of meetings and
distribute to all participants
Adapted from: MSIA Seminar 2 Week 2 M. E. Kabay, PhD, CISSP Program Director, MSIA Norwich University
Securing the network:
• First, secure your wired network
• Then secure your wireless network
• Security methods for WIFI
– Radius
– Wi-Fi Protected Access (WPA)
– WEP (easier to crack) (Change your Keys)
• Airsnort, Airfart, AirCrack, and others
A Case study—GCA:
• GCA has two separate WIFI networks
one is secured and one is open.
• Providing wireless ISP services for
another school (secured)
• Giving access to all staff on campus
homes (secured)
• The campus WIFI network for student
access (not secure)
• What went wrong
• What was done to solve the issues
Campus Map External WIFI
Campus Map Internal WIFI
Hardware: Used @ GCA
•
•
•
•
Amplifier (now removed from system)
Bridges 3COM work
Access Points
Client cards
Photos Outside WIFI network
3com Building to
Building Bridge
3Com 11 Mbps Wireless
LAN Workgroup Bridge
3Com 13 dBi Directional Sector
Panel Antenna (Homes)
3Com 18 dBi Directional
Sector Panel Antenna (Ad
Building and Coble)
Outside WIFI network cont.
AMP244 500 mW
Outdoor Amplifier
Pigtail 3Com Workgroup
Bridge SMA Cable Adapter
3Com 20 foot Antenna
Cable
15 dBi Omni-Directional
Antenna
Used Radio Shack TV
Antenna mast
Inside WIFI
Meru AP100 Access Point
Installing Meru A P (what is wrong?)
Meru Controller 1100 Blade
Security: used @ GCA
• Building to building Networks
– Used non WIFI Compatible settings
– WEP
– MAC Address Filtering
• Campus in the buildings
– Separate from main school network
– Open system
– Radius ?
Tips
• Use at least four devices to test the AP at the same
time
• Use same equipment in test as will be used in real
life
• Understand what will cause issues Metal heat ducts,
placement of AP, 2.4 gig Phones, etc.
• Understand co-channel interference
Tugas NIM Mahasiswa GENAP
1. Terkait Software untuk Testing Coverage
(Cakupan)/Pemetaan area WiFi Hotspot. Berikan :
a) Contoh Software
b) Fitur yang disediakan Software
c) Lisensi Software
d) Tampilan (Screenshoot)
2. Jika kita menggunakan banyak WiFi Access Point,
bagaimana melihat Spektrum Frekuensi dari Wifi.
Apakah Kanal-kanal yang digunakan sudah tepat
atau belum?
Tugas NIM Mahasiswa GASAL
1. Terkait Software AirCheck™ Wi-Fi Tester Berikan :
a) Fitur yang disediakan Software
b) Digunakan untuk apa?
c) Lisensi Software
d) Tampilan (Screenshoot)
2. Bagaimana menguji /test Kapasitas WiFi apakah
sudah sesuai dengan yang diharapkan. Serta
Software apa yang bisa digunakan?
Pengumpulan
• Paling Lambat Jam 23.00 tanggal 8 November
2014.
• Email saja : [email protected]
• Subject : 21-TJ-NIM
• Bentuk File : doc / pdf
Resources: Software
• Air Magnet
http://www.airmagnet.com/products/demodownload.php
• DrWi-Fi
• Net Stumbler –Free
http://www.netstumbler.com/downloads/
• Mini Stumbler –Free
http://www.netstumbler.com/downloads/
• Aircrack-2.1 802.11 sniffer and WEP key cracker for
Windows and Linux. -Free
http://www.cr0.net:8040/code/network/
Resources: Links
• CWNP Learning Center has over 1000 free white
papers, case studies:
http://www.cwnp.com/learning_center/index.html
• free electronic site survey forms (excellent):
http://www.cwnp.com/mlist/subscribe.php
• GUIDE TO MASTERING NEGOTIATIONS:
http://common.ziffdavisinternet.com/download/0/
2537/whiteboardtoview.pdf
• List of Equipment used at GCA:
http://www.gcasda.org/uploadedFiles/
tech/gcaeq.pdf