1 / 27

A Journey into Wireless JD Chaves

A Journey into Wireless JD Chaves. Introduction. Wireless a. Types b. Which one to use c. Security Types Shelby County Implementation a. Our Current Implementation b. What Users Asked for c. What Solutions we came up with. Types of Wireless. 802.11b 802.11g 802.11a

keala
Télécharger la présentation

A Journey into Wireless JD Chaves

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Journey into Wireless JD Chaves

  2. Introduction • Wireless a.Types b. Which one to use c. Security Types • Shelby County Implementation a. Our Current Implementation b. What Users Asked for c. What Solutions we came up with

  3. Types of Wireless • 802.11b • 802.11g • 802.11a • 802.11n

  4. 802.11b • First form of WiFi intended for general consumers • Operates in the 2.4GHz RF band • Transfers data at a rate of 11 megabits per second (Mbps)

  5. 802.11g • WiFi 802.11g is a newer extension of the WiFi standard • Like the older 802.11b equipment, 802.11g equipment operates in the 2.4GHz band • Transfers data at a rate of 54 Mbps • Extreme G is different equipment. It achieves data transfer rates of 108 Mbps, equipment from one manufacturer may be incompatible with similar equipment from a different manufacturer

  6. 802.11a • Uses the less-crowded 5.0GHz RF band • Transfers data at 54 Mbps rates • Generally harder to find and may cost more

  7. 802.11n • Expected release in 2008. • Transfer rates between 200 Mbps and 600 Mbps. • Transmission is in the 2.4GHz band • Uses "multiple in, multiple out" (MIMO) antennas to provide a higher throughput as well as extended range

  8. Pre-n • Some manufacturers, such as Belkin and Linksys, are currently selling equipment that they call "pre n" or "draft-n." • This equipment does not adhere to the not yet-finalized 802.11n standard • Transfer rates are said to be at least twice as fast as existing 802.11g products • Eventual compatibility with true 802.11n products is not assured.

  9. So…..Which one is best? • Older equipment is most likely 802.11b, which is compatible with newer 802.11g equipment. • If you experience interference with other wireless devices, consider moving to 802.11a equipment. These products are just as fast as 802.11g products but operate in the 5.0GHz band for reduced interference, but usually harder to find. • Once the 802.11n standard gets finalized, you'll definitely want to consider upgrading to this newer equipment. True 802.11n products should be at least four times as fast as current equipment and have a longer range.

  10. Wireless Security Types • WEP • Wi-Fi Protected Access (WPA) and 802.11i (WPA2) • Protected Extensible Authentication Protocol (PEAP) • Remote Authentication Dial In User Service (RADIUS)

  11. Wired Equivalent Privacy (WEP) • 64 and 128 bit encryption with an IV (Initialization Vector) • Uses 13 – 26 hexadecimal characters in a shared key system • Uses Key + IV to encrypt each packet • Weakness is that the IV is sent in Plain text and can be stolen and used to decrypt the WEP key. • NIST.Org reports that WEP has been broken in under a minute, using a packet capture utility from the internet.

  12. WPA and WPA2 • Everyone uses a Pre-Shared Key • Improved over WEP by changing the key dynamically for each packet (“Packet Mixing”) • Also encrypts the IV, called Hashing, instead of Plain text like WEP • Common weakness: Short pass phrases can be broken with Dictionary attacks. Once the key is captured, the attacker can spend time off-line to break the key.

  13. RADIUS • Uses a Username and password through a challenge/response method • Uses Policies and restrictions based on user access needed. • Further Protection: Protected Extensible Authentication Protocol (PEAP) uses only server-side public key certificates to authenticate clients by creating an encrypted SSL/TLS tunnel between the client and the authentication server, which protects the ensuing exchange of authentication information from casual inspection.

  14. How we provide Wireless services currently • Site survey at location of request for wireless • Determine area of coverage using a test WAP • Determine equipment needed (WAP, cat5 cable, surge protection, etc.) for coverage area • Install WAP/s using pre-determined security standards (Authentication type, encryption, etc.)

  15. What Users Asked for • “We need Wireless Access for our entire School.” • “We don’t have enough class rooms to allocate to another lab.” • “What if a Guest user wants access to the internet?”

  16. “We need Wireless Access for our entire School.” • Problems: a.) Administration of Multiple WAP/s b.) Security administration per laptop for connectivity c.) Lack of monitoring for rogue access d.) Guest access fairly complicated, and exposes security

  17. “We need Wireless Access for our entire School.” • Solution: Cisco Wireless Controller and Cisco WAP/s a.) Central administration through web browser b.) Certificate authentication handled through group policy automatically c.) WAP/s monitor and report on rogue access points d.) Multiple policies for guest and employee access • Cons: a.) Expensive b.) Can be complicated to setup, based on your configuration

  18. “We don’t have enough class rooms to allocate to another lab.” • Problems: a.) Space issues in using another room b.) Wiring for network and electrical is time consuming and can be expensive c.) Wasted materials if the room ever changes from a lab back to a classroom

  19. “We don’t have enough class rooms to allocate to another lab.” • Solution: Laptop carts a.) Provides 20-30 laptops wireless connectivity b.) Self contained and Mobile; Plug in Network cables and power c.) 1-2 WAPs depending on number of laptops. (Generally 15 per WAP)

  20. “What if a Guest user wants access to the internet.” • Problems: a.) Security problems in leaving open Wireless access, as well as liability issues. b.) Configuration issues with guest users laptops, as well as time consuming. c.) Administration nightmare monitoring these guest laptops. d.) Security risk in exposing your network infrastructure.

  21. “What if a Guest user wants access to the internet.” • Solution: Proxy device that allows for guest web access a.) Devices give web access while keeping Internal network private. b.) Web site can give Acceptable Use policy as well as authentication if desired. c.) Some devices also allow for bandwidth throttling.

  22. Features Provides instant guest access to the public network HNP Technology protects the host network from guests IP Plug and Play for configuration-free client operation No configuration required; GUESTGATE automatically detects the network settings Additional setup functions can be performed by IT administrator using Web-based user interface Client isolation through Layer 3 VLAN technology Bandwidth control (upstream and downstream) Password option for Internet access Packet filter for IP addresses, domains and TCP/IP service ports Customizable welcome page (banner and text changeable) Firmware upgrade through Web-based user interface Plug and Play experience for your guests

  23. Questions / Comments

  24. Acknowledgements Thanks to the following Folks: Shawn Nutting and the Trussville City Schools crew Greg Knight, UAB Hospital Feel free to download a copy of this presentation from the following link: http://www.shelbyed.k12.al.us/tech/aetc.htm

More Related