1. MAC Registration or Fun with Wireless at the Member’s meeting

2. MM wireless infrastructure Two Vivato Wi-Fi “Switches” A couple of conventional access points Special DHCP server Special DNS server DNS redirector Snort box (IDS) MAC address database

3. MM wireless manpower Four to six folks walking around with wireless analyzers A fulltime engineer from Vivato Parts of network engineers to assist with configuration and running of the various servers

4. Objectives Provide a quality wireless service for the MM Identify and fix problems caused “ad-hoc” access points Detect and remedy infected hosts

5. How are we doing? The registration process seems to be working well (lucky to have caught static DNS address issue) The wireless service has been somewhat problematic, seems to be client specific We do have the ability to identify ad-hoc hosts and their owners relatively easily Snort was started today, so we’ll see if that’s of value

6. What we do on campus Simple Access Points, no security features used SSID broadcast in the clear DHCP serves 10.0.0.1 addresses VPN server (currently PPTP) used to as a gateway

7. Our experience VPN works pretty well, current OSs provide user-friendly PPTP clients Still high barrier for network connected appliances (e.g., 802.11B VoIP phone) No good way to deal with guest users (both generating credentials as well as dealing with VPN software

8. Biggest Problem Windows XP’s easy to use “feature” that allows you to share you wired connection at layer 2 Currently growing tools to management the campus-wide service Scaling issues with PPTP server (hint: when vender gives performance data for IPsec don’t assume PPTP will be similar)