Campus Networking Best Practices Session 5: Wireless LAN Hervey Allen NSRC & University of Oregon Dale Smith University of Oregon & NSRC.

Slides:

Advertisements

Similar presentations

Designing for Pervasive Network Security. Designing for Security Our aim in this section will be to concentrate on how campus Networks can be designed.

Advertisements

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

Southampton Open Wireless Network The Topology Talk.

IP Masquerading Homes and Businesses: When you only have one IP but you have LOTS of machines.

CCNPv5 Minimizing Service Loss and Data Theft in a Campus Network 1 Minimizing Service Loss and Data Theft in a Switched BCMSN Module 8 – Sec 2.

How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.

Presented by Serge Kpan LTEC Network Systems Administration 1.

Providing secure open- access networks Oliver Gorwits Oxford University Computing Services.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Cisco NAC Guest Server Guest Access - Simplified Tim Wellborn SE Sangeeta.

Brandeis University Network Registration Joshua West 03/15/2011 LTS Staff Meeting.

1 Installing a Wireless Network for University Members Oliver Gorwits, Roger Treweek Oxford University Computing Services

Campus Networking Best Practices Session 2: Layer 3 Dale Smith University of Oregon & NSRC

Networking Components

Andrew Fuqua 3/4/2015 LTEC A network HUB is a device that is used to link multiple devices over a network. The HUB is not a great choice when shopping.

1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.

PKI Network Authentication Dartmouth Applications Robert Brentrup Educause/Dartmouth PKI Summit July 27, 2005.

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (

And how they are used. Hubs send data to all of the devices that are plugged into them. They have no ability to send packets to the correct ports. Cost~$35.

Networking Components Christopher Biles LTEC Assignment 3.

1 Network Admission Control to WLAN at WIT Presented by: Aidan McGrath B.Sc. M.A.

The Operator Neutral Access At KistaIP. KistaIP ? Is a student dorm with 144 apartments.

LTEC 4560 Summer 2012 Justin Kappel Networking Components.

Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.

Virtual LAN Design Switches also have enabled the creation of Virtual LANs (VLANs). VLANs provide greater opportunities to manage the flow of traffic on.

Altai Certification Training Backend Network Planning

Common Devices Used In Computer Networks

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

Wireless Network Authentication Regnauld / Büttrich, Edit: Sept 2011 Wireless Network Authentication Regnauld / Büttrich, Edit: Sept 2011.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Connecting to the Network Networking for Home and Small Businesses.

Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.

Networking Components Presented by Jaisson Mailloux LTEC 4550 Network Systems Administration.

Internet Engineering Course Network Design. Internet Engineering Course; Sharif University of Technology Contents Define and analyse an organization network.

Windows Security. Security Windows 2000/XP Professional security oriented Authentication Authorization Internet Connection Firewall.

Module 4: Planning, Optimizing, and Troubleshooting DHCP

HUB Connects multiple workstations, servers, and other devices to a network. Can be used to connect two or more computers to one network port. Handles.

1 Second ATLAS-South Caucasus Software / Computing Workshop & Tutorial October 24, 2012 Georgian Technical University PhD Zaza Tsiramua Head of computer.

SHAWN CROWE LTEC /026 ASSIGNMENT #3 Networking Components.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Introducing Network Design Concepts Designing and Supporting Computer Networks.

Campus Networking Best Practices Hervey Allen NSRC & University of Oregon Dale Smith University of Oregon & NSRC

The Next Generation Wireless Yuri Kolomiyets Network Services Information Systems and Technology.

Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.

A machine that acts as the central relay between computers on a network Low cost, low function machine usually operating at Layer 1 Ties together the.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Introducing Network Design Concepts Designing and Supporting Computer Networks.

Module 11: Designing Security for Network Perimeters.

Client/Server Model: A Business View The different Client/server implementations differ according to: 1.Where the processing for the presentation of information.

Networking Components Eric Sestak LTEC Network Hub Hubs are old devices which are rarely ever seen anymore these days. Before switches were commonplace.

Chapter 9: Implementing the Cisco Adaptive Security Appliance

Chapter 6: Securing the Local Area Network

Module 7: Implementing Security Using Group Policy.

Network Components By Kagan Strayer. Network Components This presentation will cover various network components and their functions. The components that.

Networking Components WILLIAM NELSON LTEC HUB  Device that operated on Layer 1 of the OSI stack.  All I/O flows out all other ports besides the.

Network HARDWARE What HARDWARE do you think you need to connect to a Local Area Network??

Networking Components Assignment 3 Corbin Watkins.

Module 8 Implementing Security Using Group Policy.

The GRIDS Center, part of the NSF Middleware Initiative Grid Security Overview presented by Von Welch National Center for Supercomputing.

Assignment # 3 Networking Components By: Jeff Long.

Model: DS-600 5x 10/100/1000Mbps Ethernet Port Centralized WLAN management and Access Point Discovery Manages up to 50 APs with access setting control.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Creating the Network Design Designing and Supporting Computer Networks – Chapter.

© 2003, Cisco Systems, Inc. All rights reserved. 2-1 Campus Network Design.

By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.

Wireless Security - Encryption Joel Jaeggli For AIT Wireless and Security Workshop.

Operating Systems FreeBSD and Monowall Joel Jaeggli For AIT Wireless and Security Workshop.

WHAT’S A WIRELESS AP? AND WHY DO I NEED ONE? Network Components & How They Work.

أمن المعلومات لـ أ. عبدالرحمن محجوب حمد mtc.edu.sd أمن المعلومات Information Security أمن المعلومات Information Security  أ. عبدالرحمن محجوب  Lec (5)

Chapter 10: Advanced Cisco Adaptive Security Appliance

Intel Active Management Technology

Presentation transcript:

Campus Networking Best Practices Session 5: Wireless LAN Hervey Allen NSRC & University of Oregon Dale Smith University of Oregon & NSRC

Wireless LAN Provide wireless network across your campus that has the following characteristics: –Authentication – only allow your users –Roaming – allow users to start up in one section of your network, then move to another location –Runs on your campus network

Border Router Core Router REN switch Firewall/ Traffic Shaper Core Servers Wireless Authentication Gateway

Network Access Control (NAC)‏

Enterprise Identity Management Processes and Documentation of users. –Now you must deal with this. –What to use as the back-end user store? LDAP Active Directory Kerberos Other? –Will this play nice with future use? , student/staff information, resource access,...

Identity Management Cont. An example of such a project can be seen here: – This is a retrofit on to an already retrofitted system. Learn from others and try to avoid this situation if possible.

A Wireless Captive Portal

The Wireless Captive Portal Previous example was very simple. A Captive Portal is your chance to: –Explain your Acceptable Use Policies –Decide if you must authenticate, or –Allow users on your network and monitor for problems instead (alternate solution). –Anything else? Branding?

What's Happening? remember our initial network diagrams...? Do you think our hotel built their own solution? Probably not...

Commercial Solutions Aruba Bradford Networks – Cisco NAC Appliance (Clean Access)‏ – Cisco Wireless LAN Controllers – Enterasys Vernier

Open Source Solutions CoovaChilli (morphed from Chillispot)‏ – –Uses RADIUS for access and accounting. –CoovaAP openWRT-based firmware.

Open Source Solutions cont. m0n0wall – –Embedded firewall appliance solution built on FreeBSD. –Entire configuration is stored in an xml file. –Sample Captive Portal Configuration Screen: –Supported on low-end PC hardware, such as Soekris and ALIX platforms.

A Home-grown Solution University of Oregon Captive Portal –NoCat for Captive Portal –Access control mechanism: IP+Mac Address –IPTables+IPSets IPSets are a high-speed matching module extension for IPTables.

A Home-grown Solution cont. Why this solution? –Partially historical and timing related. –Access control with IP+Mac Address allows for hashing on the IP address vs. a linear search on Mac addresses. At 4,000 addresses this became a problem. –Some sample IPTables+IPSets rules are available with the tutorial materials on-line.

Other Considerations Access Control Technology Possibilities –DHCP control ==> NetReg –MAC Address Filtering ==> Switches/Routers/Firewalls –IP Address Filtering ==> Routers/Firewalls –IP+Mac Address ==> software-based w/ IPTables+IPSets –Cookie ==> CAS, OpenID/LDAP –IP+Mac+Username(cookie) ==> some commercial solutions –Port VLAN Assigment

Terminology/Projects CAS –Central Authentication System – NetReg –Automated DHCP Registration System – OpenID –Single digital identity across multiple networks –

What to Do? Review the options presented here, both commercial and Open Source. Review the various projects associated to understand how this all ties together. Devise a plan for your user identities, their storage and the processes around them. For sites under 3-4,000 users you might consider CoovaChilli or m0n0wall.

How it Ties Together Wireless Captive Portals bring together a number of issues: –Network design (VLANs to direct traffic to a single point – the captive portal solution). –Longer-term user identity considerations. –Costs, such as commercial software, hardware, Open Source solutions or even your own solution. –AUPs, Acceptable Use Policies – you might need to decide what they are to present them to your users on your captive portal.

Resources Excellent Presentation on Network Access Control: – wireless/kemp/network-security-nac-html.html Wireless Security Workshop at AIT: – –Includes lots of presentations and exercises.

Questions?