Morgan County Schools And Extreme Networks Wireless Security Changes October 11, 2016

Over the past few years we have added great technologies to our infrastructure: better routers better switches better network access control security cameras and door access better content filters better data cabling better wireless infrastructure and more wireless devices

All these things allowed us to add more devices to our network and provided for better user and classroom experiences. BUT… Tell the story of lawn chair guy

We had very little visibility and control in the area of wireless devices on our network.

We needed to find a way to monitor and control what was really happening in our network. We had to get a handle on who, what, when and where.

Personal devices were appearing all over the place and we had little visibility and control. Right now we are using several wireless security models: Pre-Shared Key - Wi-Fi Protected Access  (WPA-PSK). Requires a pass phrase (password) to be entered. Of course, everyone has this password. 802.1x authentication has provided a method to protect the network behind the access point from intruders as well as provide for dynamic keys and strengthen WLAN encryption. MAC-based authentication (Guest Registration): Forces all traffic through a authentication and multi-level authorization portal.

Pre-Shared Key: Wi-Fi Protected Access  (WPA-PSK) will be phased out over the next three months. The other two authentications will remain with Guest Registration being our focus. There will no longer be a need for passwords. Staff can register with their computer account credentials.

The Problem With Pre-Shared Key Identity and Access The Problem With Pre-Shared Key We could see the device and the location but we could not see who held the device.

The Benefit of Better Security Models Identity and Access The Benefit of Better Security Models Now we can see the device, the location, and the registered user/owner of the device.

Identity and Access

Port View