setting up and securing a campus-wide wifi network
DESCRIPTION
Setting up and securing a campus-wide WIFI network. Lessons Learned @ Georgia Cumberland Academy Ernest Staats [email protected] MCSE, CNA, CWNA, CCNA, Security+, I-Net+, Network+, Server+, A+ and all around Nerd URL http://www.gcasda.org/tech/index.asp?id=118. Define your WIFI needs:. - PowerPoint PPT PresentationTRANSCRIPT
Setting up and securing a campus-wide WIFI network
Lessons Learned@ Georgia Cumberland AcademyErnest Staats [email protected], CNA, CWNA, CCNA, Security+, I-Net+, Network+, Server+, A+ and all around Nerd
URL http://www.gcasda.org/tech/index.asp?id=118
Define your WIFI needs:
Types of connections Speed of connection Acceptable uses Cost and redundancy
Site Survey: What types of interference are you going
to contend with What distances do you need to
broadcast What types of data are you going to
support over WIFI (data/voice) Network access
Setup worst-case scenario for testing Know what your signal to Noise ratio You should be expect an interview
before any testing is done (how many users, roaming, location of wiring closets)
Site Survey: Report Describe survey’s basis, approach and
results. Define all requirements, and
assumptions Describe RF interference found Identify recommended installations
locations and channels for Access Points Give a map with listing of RF strength,
and list any dead spots
Adapted from: Certified Wireless Network Administrator certification Course available at:: http://www.cwnp.com/
Self-Installation:
Do you have the skills/ time for self-installation
Software for testing Equipment for testing—use the same
equipment you plan to deploy
Consultant Installation:
How and what are they using for a site survey
The Ping of Death True load testing S/N Ask for guarantee of results and be a
part of the testing process
Vendors :
So many choices—which one is right for you?
Standardize on ONE vendor for a given application
The type of network may determine what vendor you choose
Vendor Relations
Establishing Constructive Relationships Types of Hardware Support
Vendor 3rd-party Self
Two-way Problem Resolution
Adapted from: MSIA Seminar 2 Week 2 M. E. Kabay, PhD, CISSP Program Director, MSIA Norwich University
Establishing Constructive Relationships Avoid the bleeding edge Price should not be the only factor Evaluate sales contact from vendor Specify who has what responsibility in
the contract Never buy under pressure (FUD) Write down details of meetings and
distribute to all participants
Adapted from: MSIA Seminar 2 Week 2 M. E. Kabay, PhD, CISSP Program Director, MSIA Norwich University
Securing the network:
First, secure your wired network Then secure your wireless network Security methods for WIFI
Radius Wi-Fi Protected Access (WPA) WEP (easier to crack) (Change your Keys)
Airsnort, Airfart, AirCrack, and others
A Case study—GCA: GCA has two separate WIFI networks
one is secured and one is open. Providing wireless ISP services for
another school (secured) Giving access to all staff on campus
homes (secured) The campus WIFI network for student
access (not secure) What went wrong What was done to solve the issues
Campus Map External WIFI
Campus Map Internal WIFI
Hardware: Used @ GCA
Amplifier (now removed from system) Bridges 3COM work Access Points Client cards
Photos Outside WIFI network
3Com 13 dBi Directional Sector Panel Antenna (Homes)
3Com 11 Mbps Wireless LAN Workgroup Bridge
3com Building to Building Bridge
3Com 18 dBi Directional Sector Panel Antenna (Ad
Building and Coble)
Outside WIFI network cont.
Pigtail 3Com Workgroup Bridge SMA Cable Adapter
15 dBi Omni-Directional Antenna
AMP244 500 mW Outdoor Amplifier
3Com 20 foot Antenna Cable
Used Radio Shack TV Antenna mast
Inside WIFI
Installing Meru A P (what is wrong?)Meru AP100 Access Point
Meru Controller 1100 Blade
Security: used @ GCA
Building to building Networks Used non WIFI Compatible settings WEP MAC Address Filtering
Campus in the buildings Separate from main school network Open system Radius ?
Tips Use at least four devices to test the AP at the
same time Use same equipment in test as will be used in
real life Understand what will cause issues Metal heat
ducts, placement of AP, 2.4 gig Phones, etc. Understand co-channel interference
Resources: Software Air Magnet
http://www.airmagnet.com/products/demo-download.php
DrWi-Fi Net Stumbler –Free
http://www.netstumbler.com/downloads/ Mini Stumbler –Free
http://www.netstumbler.com/downloads/ Aircrack-2.1 802.11 sniffer and WEP key
cracker for Windows and Linux. -Free http://www.cr0.net:8040/code/network/
Resources: Links CWNP Learning Center has over 1000 free
white papers, case studies: http://www.cwnp.com/learning_center/index.html
free electronic site survey forms (excellent): http://www.cwnp.com/mlist/subscribe.php
GUIDE TO MASTERING NEGOTIATIONS: http://common.ziffdavisinternet.com/download/0/2537/whiteboardtoview.pdf
List of Equipment used at GCA: http://www.gcasda.org/uploadedFiles/tech/gcaeq.pdf
Stay away from vendors who use FUD How FUD is used: The following is a compilation of FUD 101 v1.0 by Eric Lee
Green and The Newbie's Guide to Fear, Uncertainty, and Doubt by Brian Martin. There are twelve ways in which FUD is used and they are listed in 5 different categories. Urgency get our products today!
1) Buy our product now to avoid increased cost tomorrow! 2) Buy our product now because they will have the features you want in an
upcoming update. Who endorses this product: 3) No one has endorsed the product. 4) Those who endorse the product are known frauds or charlatans. Technical: 5) Use large or trendy words instead of easily understood technical terms. 6) Hyping currently in use technologies and then claiming that they are such an
amazing product or service because they use the common technology. Harm: 7) Only our Products or services can protect you! 8) Your company will lose future contracts without our products since they are
becoming the new industry standard. 9) You need our products to save time and money today. Spin Doctoring: 10) ``Spin'' your opponent's strengths as a weaknesses, or Hype your opponent's
weaknesses 11) Lie or make up weakness in opponent or for a given network. 12) Associate other vendors or an individual’s current configuration with
undesirable elements.
Adapted from: Paper written for MISA class by Ernest Staats