Managing a Wireless Rollout in an Educational Environment - PowerPoint PPT Presentation

1 / 38
About This Presentation
Title:

Managing a Wireless Rollout in an Educational Environment

Description:

Managing a Wireless Rollout. in an Educational Environment. Graham Robinson ... Funk Software. Username & Password. Cisco, MS, RSA. IEEE. Authored By. PKI Certificate ... – PowerPoint PPT presentation

Number of Views:27
Avg rating:3.0/5.0
Slides: 39
Provided by: robinso1
Category:

less

Transcript and Presenter's Notes

Title: Managing a Wireless Rollout in an Educational Environment


1
Managing a Wireless Rollout in an Educational
Environment
  • Graham Robinson
  • grahamr_at_simplywireless.com.au

2
Agenda
  • Session 1
  • WLAN Requirements Analysis
  • Understanding a Site Survey
  • Hands-on Opportunity (Lab)
  • Session 2
  • WLAN Security
  • Demonstration

3
Who is Simply Wireless?
4
WLAN Requirements Analysis
5
WLAN Requirements
  • Technology Choice
  • RF Spectrum Management
  • Access Point Communications
  • Network Integration

6
WLAN Requirements (Contd)
  • Security
  • Management Architecture
  • Redundancy
  • Future Proofing

7
Technology Choice
802.11a
802.11b
802.11g
54 / 32 Mbps
11 / 7 Mbps
54 / 22 Mbps
Bandwidth
Frequency Band
5 GHz
2.4 GHz
2.4 GHz
Worldwide
US/AP
Worldwide
Availability
Future Usage
Yes
No
Maybe
8
RF Spectrum Management
  • Cell Sizes
  • Power Output
  • Managing User Density
  • External Antennae

9
Access Point Communication
  • Layer 2 Roaming (Hand-off)
  • No Roaming
  • Enterprise Roaming
  • Fast Roaming (802.11f)
  • Load Balancing
  • Variable Environments (Classrooms)
  • High Density Areas

10
Network Integration
  • Layer 3 (Network) Roaming
  • Virtual LAN / Network Design
  • IGMP / Multicast
  • Quality of Service (QoS)

11
Security
access point (AP)
client
Encryption Key
Encryption Key
Open?
WEP?
VPN?
WPA?
EAP?
802.11i?
RADIUS Server
access point (AP)
client
12
Management Architecture
  • Firmware Upgrades
  • Configuration Changes
  • Usage Statistics and Logging
  • Remote Administration
  • Existing Management Platform

13
Redundancy Support
  • Component Failure
  • Active Redundancy
  • Hot-Swap
  • Re-Integration Times

14
Future Proof
  • Software/Firmware Updates
  • Hardware Updates

15
Understanding a Site Survey
16
Indoor Environment
17
RF Design Documentation
  • RF Coverage
  • Signal Strengths
  • Layer 2 Roaming
  • Network Baseline
  • Troubleshooting

18
Channel Planning
  • RF Interference
  • Optimal Spectrum Usage
  • Legacy System Cohesion

19
Questions?
20
Hands-on Lab
  • Demonstration Access Points
  • No WEP, DHCP On
  • SSID tsunami
  • Cisco AP1100 (10.0.0.1)
  • Cisco AP1200 (10.0.0.2)
  • Web Access Cisco / graham
  • Telnet Cisco / Cisco ? graham (enabled)

21
WLAN Security
22
WLAN Security
Radio Link Security Network Security
23
Evolution of Security
access point (AP)
client
Encryption Key
Encryption Key
Open?
WEP?
VPN?
WPA?
EAP?
802.11i?
RADIUS Server
access point (AP)
client
24
First Generation Security
  • 802.11 (FHSS)
  • Security through Obscurity
  • 802.11b (HS/DSSS)
  • Shared Key Authentication
  • Wired Equivalent Privacy 40bit
  • Wired Equivalent Privacy 128bit

25
First Generation Security Problems
  • 802.11 (FHSS)
  • Security through Obscurity FLAWED
  • 802.11b (HS/DSSS)
  • Shared Key Authentication FLAWED
  • Wired Equivalent Privacy 40bit FLAWED
  • Wired Equivalent Privacy 128bit FLAWED

26
Security Objectives
User Authentication Data Encryption
27
User Authentication
  • 802.1X / Extensible Authentication Protocol (EAP)

RADIUS Server
Access Point (AP)
Client
RADIUS
802.1X
28
Secure EAP Flavours
EAP-TTLS
PEAP
EAP-TLS
Funk Software
Cisco, MS, RSA
IEEE
Authored By
PKI Certificate
PKI Certificate
PKI Certificate
Server Security
Username Password
Username Password
PKI Certificate
Client Security
Yes
Yes
Yes
Multi-OS Support
Poor
Great
Great
Scalability
Highest
High
High
Security
29
Security Objectives
User Authentication Data Encryption
30
Encryption with WEP
31
Encryption with WEP/TKIP
WEP Key Hashing
IV
BASE KEY
PLAINTEXT DATA
CIPHERTEXT DATA
XOR
HASH
IV
PACKET KEY
STREAM CIPHER
RC4
32
Message Integrity Check (MIC)
33
Virtual Private Network or EAP?
802.1X/EAP
VPN
No
Yes
Requires DMZ
No
Yes
VPN Concentrator
No
Yes
Double Login
20 - 30
2 - 7
Encryption Overhead
Fair
Excellent
Client Support
Scalability
Excellent / Costly
Excellent / Cheap
34
WLAN Security
Radio Link Security Network Security
35
Security Attempts
  • User and Device Management
  • MAC Address Filtering
  • Static DHCP Reservations
  • Manually Distributed WEP Keys
  • Implications
  • Overworked Technical Support Team

36
Secure Network Designs
  • Segregation Tactics
  • Logical Separation
  • Physical Separation
  • DMZ / Wireless VLAN with ACLs
  • Segregation Devices
  • Firewall (eg. IPTables)
  • Wireless Gateway

37
Wireless Gateway Devices
  • Network Management Device
  • Some security features
  • Firewall
  • VPN Endpoint
  • Examples
  • Bluesocket
  • Vernier Networks
  • Reef-Edge

38
Questions?Packet Analysis
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Managing a Wireless Rollout in an Educational Environment" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!