Presentation is loading. Please wait.

Presentation is loading. Please wait.

WorkSafeBCs Wireless LAN Implementation …with a focus on security UBC October 2, 2008 Allan Alton, BSc, CISA, CISSP.

Similar presentations


Presentation on theme: "WorkSafeBCs Wireless LAN Implementation …with a focus on security UBC October 2, 2008 Allan Alton, BSc, CISA, CISSP."— Presentation transcript:

1 WorkSafeBCs Wireless LAN Implementation …with a focus on security UBC October 2, 2008 Allan Alton, BSc, CISA, CISSP

2 Agenda Goals Functional Security Architecture Overview Challenges Futures

3 Goals - Functional Head Office and 17 area offices/work centres Meeting rooms Common areas (lobby, atrium, lounge, cafeteria) Parking lot edge (drive-by downloading) From:

4 Goals - Functional Employee access to internal network Guest access to Internet Broader Public Sector (BPS) employee access to Internet To:

5 Goals - Functional existing built-in client adapters PC Card adapter for exceptions Windows XP client software standardized client for easier support g and a only no b due to performance penalty Using:

6 802.11b Exclusion

7 Goals - Security Tip for success: Work with your security group from the beginning Network Services & IS Security

8 Goals - Security Wi-Fi Protected Access 2 (WPA2) only Firewall separation from internal network SSID not broadcast (except for guest) Integration with Active Directory Wireless intrusion detection Intrusion detection at wired network entry Access Points physically hidden

9 Goals - Security 802.1x EAP Types Feature or Benefit MD5 --- Message Digest 5 TLS --- Transport Layer Security TTLS --- Tunneled Transport Layer Security PEAP --- Protected Transport Layer Security FAST --- Flexible Authentication via Secure Tunneling LEAP --- Lightweight Extensible Authentication Protocol Client side certificate required noyesno no (PAC) no Server side certificate required noyesnoyes no (PAC) no WEP key management noyes Rogue AP detection no yes ProviderMS FunkMSCisco Authentication Attributes One wayMutual Deployment Difficulty Easy Difficult (because of client certificate deployment) Moderate Wireless SecurityPoorVery HighHigh High when strong passwords are used.

10 Architecture Overview Centralized controller model Redundancy measures: Secondary / Tertiary controller assignment for APs Under-load AP/controller ratio for controller failure 802.3ad Link Aggregation for cable failures Switch stacks for switch failure Multiple paths to multiple core switches HSRP for router failure Firewall cluster in active/standby mode

11 802.3ad link aggregation switch stack for switch failure multiple paths to multiple core switches firewall cluster in active/standby mode two slots in core

12 Logical View

13 Guest Access Separate SSID (broadcast) Ethernet over IP tunnel to Internet DMZ Authentication models wired guest access SecurID token held by Help Desk Web page authentication

14 Guest Access Legal text: - be a good person or else - transmission not encrypted Call Customer Support Centre if you wish to proceed Customer Support Centre verifies requirement and provides information to enter

15 Challenges Sorting out rogues (on vs. off network) Problems in remote offices Interference, rogues, security attacks

16 Futures Broader Public Sector access Location: Will explore these capabilities n: No real requirement Non-workstation devices: will consider Voice over WLAN No plans, VoIP experimental on wired side Did site survey for voice coverage

17 Additional for voice First phase installation

18 Antenna Research Greater RF gain needed Users are more mobile Integration with personal protective gear Sophisticated look – coolness factor

19 Questions ? ? ? ? ? ?


Download ppt "WorkSafeBCs Wireless LAN Implementation …with a focus on security UBC October 2, 2008 Allan Alton, BSc, CISA, CISSP."

Similar presentations


Ads by Google