UK WLAN Deployment Survey Tim Chown Electronics and Computer Science Department University of Southampton (UK) TERENA TF-Mobility Meeting,

Slides:

Advertisements

Similar presentations

AARP Tax-Aide Sonoma/Napa District Bill Dornbush, TC Guide to Printer Sharing.

Advertisements

Terena Mobility Taskforce update Klaas Wierenga SURFnet.

1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.

TF Mobility Group 22nd September A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Chapter 15 Radio Frequency Site Survey Fundamentals

Presentation viewer : _ Mahmoud matter. Ahmed alasy Dr: Rasha Atallah.

Wireless Networking TGIF, April 18th, 2003 Alvin Chew Kent Reuber

Wireless and Switch Security NETS David Mitchell.

Network Access and 802.1X Klaas Wierenga SURFnet

TNC 2003 Wireless Campus project Coletta Elisa Marchioro -

Simple ways to secure Wireless Computers Jay Ferron, ADMT, CISM, CISSP, MCSE, MCSBA, MCT, NSA-IAM, TCI.

Emerging Technologies in Wireless LANs. Replacement for traditional Ethernet LANs Several Municipalities Portland, OR Philadelphia, PA San Francisco,

Deliverable H: the interoperability testbed design Klaas Wierenga SURFnet.

Northern Arizona University Wi-Fi 2005 Flagstaff Campus Wireless Plan 4/11/2005.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Wireless networking Roger Treweek Oxford University Computing Services.

Security Awareness: Applying Practical Security in Your World

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

Wireless Network Selo TE UGM. Wireless Networking Wireless Networking (Wi-Fi) Wireless Networking (Wi-Fi) Introduction and Benefits Introduction and Benefits.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE

Wi-Fi Structures.

1 Installing a Wireless Network for University Members Oliver Gorwits, Roger Treweek Oxford University Computing Services

Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.

Flexible Network Access Overview. Flexible Access an Integral part of Universal Access Policy Universal Access to Campus IT Resources Managed LAN portsFlexible.

Chudi IgboemekaITSS, Stanford University 04/2002 Campus Wireless Update Chudi Igboemeka Academic Technology, Pilots & Projects ITSS.

Mesh Network Technical Guide for the Mesh AP Topic 2 Installation Knowledge / Network Design Copyright © PLANET Technology.

Demonstration of Wireless Insecurities Presented by: Jason Wylie, CISM, CISSP.

1 Wireless LAN Security Kim W. Tracy NEIU, University Computing

Securing a Wireless Network

EduRoam Australia Project Experience in location independent wireless networking with international collaboration with TERENA EduRoam Project 19 th APAN.

Gary Zavitz Wireless LAN Site Surveys and Security Considerations Site Surveys and Security Considerations eLearning…Wired and Wirelessly!

Internet Addressing. When your computer is on the Internet, anything you do requires data to be transmitted and received. For example, when you visit.

WIRELESS LAN SECURITY Using

Udit Verma( ) Aditya Gulati( ) Abhishek Meena( )

Common Devices Used In Computer Networks

Perceptions of Wi-Fi Security Requirements: A Stratified View Merrill Warkentin Xin (“Robert”) Luo Mississippi State University.

Wireless Network Authentication Regnauld / Büttrich, Edit: Sept 2011 Wireless Network Authentication Regnauld / Büttrich, Edit: Sept 2011.

Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Configure a Wireless Router LAN Switching and Wireless – Chapter 7.

Lector: Aliyev H.U. Lecture №15: Telecommun ication network software design multimedia services. TASHKENT UNIVERSITY OF INFORMATION TECHNOLOGIES THE DEPARTMENT.

Module 8: Designing Network Access Solutions. Module Overview Securing and Controlling Network Access Designing Remote Access Services Designing RADIUS.

A Practical Guide for Joining EduRoam EuroCAMP Torino A Practical Guide for Joining EduRoam 4 March 2005 Version 1.6.

Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/ Network Engineering & Telecommunications Section Update Jim Van.

Draft-chown-v6ops-campus-transition-00 Tim Chown v6ops WG, IETF 60, San Diego, August 2, 2004.

CAEN Wireless Network College of Engineering University of Michigan October 16, 2003 Dan Maletta.

Wireless Hotspots: Current Challenges and Future Directions CNLAB at KAIST Presented by An Dong-hyeok Mobile Networks and Applications 2005.

MAC Registration or Fun with Wireless at the Member’s meeting.

Secure Systems Research Group - FAU Patterns for Wireless Web Services Nelly Delessy January 19, 2006.

Wireless Network Design Principles Mobility Addressing Capacity Security.

TERENA TF-Mobility: Roaming for WLANs Tim Chown University of Southampton TF-Mobility WG & UKERNA Wireless Advisory Group.

Wireless? A wireless LAN or WLAN is a wireless local area network that uses radio waves as its carrier. The last link with the users is wireless, to give.

● Albert Einstein explained it best: ● "You see, wire telegraph is a kind of a very, very long cat. You pull his tail in New York and his head is meowing.

LIN and Shibboleth: Where do application and network access control systems meet? Tim Chown University of Southampton (UK) JISC Core.

6 June 2004TF-Mobility meeting 6 June TF-Mobility meeting Agenda TF-Mobility Meeting, June Welcome and Update on TF-Mobility to date Discussion.

RouterOS, in a Distributed Internet Services Delivery Environment Mike Everest, DuxTel Pty Ltd.

IPv6 - The Way Ahead Christian Huitema Architect Windows Networking & Communications

APAN 24, August 28, 2007, Xi’an IPv6Deployment in European Academic Networks Tim Chown School of Electronics and Computer Science University of Southampton.

19 May 2003 © The JNT Association Terena Technical Advisory Council Terena Mobility Task Force

1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.

IS3220 Information Technology Infrastructure Security

Chapter 1-4 Home Networking. Introduction Setting up a home network is probably one of the first networks that the student sets up. This is an exciting.

Wireless Networking Presented by: Jeffrey D. Bombell, American Computer Technologies.

Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Introduction to Networking Technologies Wireless Security.

Model: DS-600 5x 10/100/1000Mbps Ethernet Port Centralized WLAN management and Access Point Discovery Manages up to 50 APs with access setting control.

Tightening Wireless Networks By Andrew Cohen. Question Why more and more businesses aren’t converting their wired networks into wireless networks?

Wireless Local Area Network (WLAN)

Digital Pacman: Firewall Edition

Risks of Wireless Access Points

By Markus Kriechhammer

Presentation transcript:

UK WLAN Deployment Survey Tim Chown Electronics and Computer Science Department University of Southampton (UK) TERENA TF-Mobility Meeting, Amsterdam 10 th February 2003

UK WLAN survey Run jointly by UKERNA and University of Southampton –UKERNA interested in general access for UK HE community – e.g. includes microwave point- to-point links –UoS has small JISC-funded WLAN project (MAWAA: Mobile Ad-Hoc Wireless Access for Academia) Questionnaire on UKERNA web site –Results collated jointly and being analysed by UoS with a view to some follow-up visits.

Preliminary survey results

WLAN usage survey First stage complete –37 (+4) survey replies –Quite detailed questionnaire –Probably enough replies to gain some insight into trends, but over 200 universities and 300+ FE colleges use JANET network –Appears that most deployments are in early stages, thus timely to recommend best practice –Figures for UMTS/GPRS/etc not presented here Site interviews and visits to follow –Six sites identified –Final survey report by end of February 2003

DeployedTriallingPlanning Total Fixed Wireless: Wireless LAN a: % Wireless LAN b: % HiperLAN1: 1 13% HiperLAN2: 00% Wireless DSL: 3 38% One-way Satellite: 1 13% Two-way Satellite: % Mesh radio: %

Security/access control (Intentional) Guest access – 2 sites No one reported any wireless-related (known) security incidents MAC Filtering1438% WEP1130% Traditional (Firewall & VPN)1027% 802.1x / Dynamic WEP411%

Comments on the responses

General concerns (1) Security of the wireless medium –Access (MAC filtering acknowledged as weak) –Data snooping where no WEP/VPN Publicised issues with WEP –Weak keys, need to see lots of traffic to break b/802.11a interoperability –Fear of future changes making new deployment obsolete Marginal connectivity issues –Users tend to gather near to APs, prefer wires –Many university buildings have very thick walls Some hard-to-diagnose WLAN problems –Particularly where large numbers of devices

General concerns (2) Bandwidth in large deployment –Impact of multicast Wireless to “time consuming” to deploy Supporting client software where required Rogue access points on internal VLANs –Breaks “wired security” of VLAN –Frequency/channel interference Rogue access points on same ESSID –Potential man-in-the-middle attacks –802.1x authentication to wrong AP? Offering mobility in multi-subnet wireless network Management of large (100+ AP) deployments

Good points Very few interoperability issues reported between wireless technologies –But a few reported between vendor equipment –Cheap commodity access points more problematic Many universities want to deploy and support campus-wide mobile wireless services –Some plan SMS or GPRS integration –Very few plans for location-aware services yet Many different VPN solutions available –But require client software and support –Common comment to treat WLAN like a “dial-up” (with associated VPN, firewall and other implications) Can use wireless access controls on wired networks also

Securing access: Some FUD factors:- WEP –Little confidence in the technology VPN/BlueSocket –Perceived as complex 802.1x –Perceived as complex –Not widely supported yet Thus deployment is cautious

RoamNode Developed at Bristol –Freely available, open system Integrated authentication, VPN, IDS Uses NAT internally, Public IPs via VPN Syslogging can be used Web-based management –RADIUS back-end (e.g. FreeRadius) Runs on commodity PC hardware Requires client software –Already present on Windows XP QoS and SNMP extensions being implemented

WNap A community wireless project Offers initial connectivity to a local WLAN Private IP address assigned by DHCP –Can then communicate in the local WLAN Must authenticate to and join VPN to access external services –Established via RADIUS back-end Similar in spirit to Open.Net –(a system available in Sweden/Stockholm)

BlueSocket Commercial solution –Deployment of a “black box” system Offers VPN solution –One box can serve a /24 network Cost seems high: £5,000 per box? –Do we want to go down proprietary paths? Was presented at UK Networkshop 2002 (will determine more from the Open University site visit)

The MAWAA project

MAWAA project goals Embrace pervasive wireless network access Vision of wireless campus –Rapidly growing staff + student use of laptops, PDAs –802.11b now, a/g becoming available and UK open –PDAs now available with built-in Wireless LAN adaptors Consistent access method in UK (+ EU) HE Evaluate security and access mechanisms –Access control desirable for (civil) accountability –Encryption of Wireless LAN data desirable Trial technologies

MAWAA requirements Consistent access control mechanism –Needs consistent authentication back-end –The detailed site mechanisms may vary –(Inter)national interoperability is highly desirable –Integration of cheap commodity equipment is desirable Support at the IP layer –IPv6 emerging –May wish to apply IP layer security Ideally usable at application level –Can we have single access control and resource access? Ease of use (for users and administrators)

MAWAA deliverables WLAN deployment survey –Look at WLAN deployment barriers –Seek out best current practice in UK HE –Results and interviews (Feb ’03) Technology review –Includes promising technology, e.g X + RADIUS –Access technology report (Apr ’03) Site deployment trials –Trying best concepts from technology review –Demonstrate interoperability with UK + EU sites –Final report (Jul ’03)