Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing BSC’s Wireless Network Nercomp Annual Conference March 7, 2005 Pat Cronin, Assoc. VP Information Technology Mike King, Telecommunications Technician.

Published byEden Prew Modified over 9 years ago

Similar presentations

Presentation on theme: "Securing BSC’s Wireless Network Nercomp Annual Conference March 7, 2005 Pat Cronin, Assoc. VP Information Technology Mike King, Telecommunications Technician."— Presentation transcript:

1 Securing BSC’s Wireless Network Nercomp Annual Conference March 7, 2005 Pat Cronin, Assoc. VP Information Technology Mike King, Telecommunications Technician Bridgewater State College, Bridgewater MA, 02325 www.bridgew.edu Copyright Bridgewater State College, 2005. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author. www.bridgew.edu

2 Agenda BSC Security Challenges of Wireless What We Did Lessons Learned Future Plans Question and Answers

3 Bridgewater State College Background Public State College –10,000 students –2300 Residents –1000 Faculty and Staff 30+ Buildings on 235 acres of land Ranked 50 th on Yahoo Internet Life’s list of “Most Wired Colleges of 2001”

4 Bridgewater State College June 2004 Wireless Environment 180 Access Points Enterasys R2 units 802.11b standard Seamless roaming via a VLAN

5 Security and Authentication 2004 Netreg acts as a captive portal Netreg maps MAC addresses to username Scan clients for RPC Vulnerability 128 bit WEP Encryption SSID Broadcast disabled Force users to visit Help Desk Working Computer & Network Security Team

6 Remediation Techniques 2004 During Welchia Virus outbreak, used the Policy feature of R2’s to drop PINGs Watched traffic reports for Top Hosts contacting other hosts, and blocked them at firewall. (Virus Like activity)

7 Infrastructure 2004

8 Security Challenges 2004 Viruses, spyware/malware Windows Patches Laptop requirement (1500 additional devices) Transient devices (No college account) Did not want administrator access to non-college owned devices Did not want to deal with maintaining VPN clients Concern about legacy apps (most were based on Telnet)

9 What We did We looked at Perfigo, Bradford Campus Manager, Roving Planet, and Still Secure We tested Perfigo in March 2004 Decided on 802.1x authentication with Rapid Rekeying (TKIP) Purchased Perfigo software Contracted with Dell and installed BSC image on program notebooks Implemented Application based security. (SSH/HTTPS)

10 What We Did (Standards) Sophos for AV Webroot SpySweeper for anti-spyware Windows Updates enabled Firewall enabled Used Microsoft built-in 802.1x client Created centralized download site for secure distribution of software

11 What We Did (New Practices) Made Applications available via Citrix Obtained Site Licenses for Office and XP Introduced the Be Security Conscious initiative to heighten security awareness http://it.bridgew.edu/Security/ Opened two support counters to help repair and train students on laptop computers

12 Bridgewater State College June 2005 Wireless Environment 230+ Access Points Added AireSpace to Enterasys R2 units 802.11b standard, Selected area’s with 802.11g and 802.11a 802.1x with Rapid Rekeying (TKIP) Profiles for faculty, students, and staff New Guest profile Users log-in with domain credentials

13 Security Implementation plan Summer 2004 Two major changes were made –802.1x –Perfigo (Network access Requirements) Both Wireless and ResNet users

14 802.1x Implementation Funk Steel belted Radius appliances All Roamabout R2 AP’s were configured for 802.1x with Rapid Rekeying, using the Radius Server. Clients were configured to used PEAP.

15 Perfigo Implementation Perfigo became the default router for all of the wireless and ResNet students. Subnets were shrunk to /29’s, reducing broadcast ranges to 4 hosts per subnets. Rules were written to enforce the standard applications and configurations that we made school policy.

16 Infrastructure 2005

17

18 How Does The Scan Work?

19 How Does The Scan Work, Example Norton Antivirus Corporate Edition

20 User Based Roles Admin Student Guest

21 Rules and Requirements at BSC Some Version of Norton AV, McAfee, or Sophos Antivirus installed or running Windows Update Service running Latest Service Packs and Patches –Windows 2000 SP4 and all Hotfixes till December –Windows XP SP2

22 Lessons Learned from 802.1x OSX and WinCE are difficult to configure Win9X have no built in clients (Third party available) Only one Palm device has 802.1x support Machine Authentication a must for Windows logon to be processed

23 Lessons Learned from 802.1x Not all vendors have released 802.1x drivers Even with easy to follow directions, most users sought the helpdesk to have configuration performed for them When creating computer images, 802.1x settings do not carry Popular devices have no 802.1x support (Wifi Phones, Game console wireless cards, Barcode scanners)

24 Lessons Learned from Perfigo Vendor updates need to be managed and approved Computer mobility and different policies in different zones Exempt classroom Front-ends Users did not understand why error messages were being presented.

25 Lessons Learned We set the security bar high. Maybe too high Vacation problems Touching computers Core-business is wired, but what is your users perception? Network Bridging in WinXP This security environment is difficult for your average student.

26 Future Rules and Requirements Some Version of Norton AV, McAfee, or Sophos Antivirus installed, running, recent updates Windows Update Service running and configured for automatic download and install Require all administrative computers to use Perfigo

27 Future Rules and Requirements Latest Service Packs and Patches –Windows 2000 SP4 and all Hotfixes till the previous month –Windows XP SP2 and all Hotfixes till the previous month Webroot SpySweeper required Latest Version of Perfigo Client. (Now Cisco Clean Access Agent)

28 Future Wireless Plans Upgrade infrastructure including access points Create wireless solution that supports multiple SSIDs Implement campus bus locator app complete with video surveillance Extend Campus Card to Off-campus vendors Cover Bridgewater downtown and add hotspots

29 Future Wireless Plans Mesh Network

30 Questions and Answers Questions about the AireSpace Outdoor Mesh product can be directed to Jeff Aaron jaaron@airespace.com 408-635-2052 jaaron@airespace.com

Download ppt "Securing BSC’s Wireless Network Nercomp Annual Conference March 7, 2005 Pat Cronin, Assoc. VP Information Technology Mike King, Telecommunications Technician."

Similar presentations

CHECK 2012 Bridging the Gap for Mobile Devices: Eager Adoption v. Practical Support Emporia State University The Faculty & Staff Support Perspective Cory.

CHECK 2012 Bridging the Gap for Mobile Devices: Eager Adoption v. Practical Support Emporia State University The Faculty & Staff Support Perspective Cory.
Student, Faculty, and Staff Data Availability and Protection What’s the Back-Up Plan? (for academic computing) Sponsored by.

Student, Faculty, and Staff Data Availability and Protection What’s the Back-Up Plan? (for academic computing) Sponsored by.
10 Things You Can do to Secure Your PC Presented by Peter Nowak OIS Client Services Manager.

10 Things You Can do to Secure Your PC Presented by Peter Nowak OIS Client Services Manager.
Cut Costs and Increase Productivity in your IT Organization with Effective Computer and Network Monitoring. Copyright © T3 Software Builders, Inc 2004.

Cut Costs and Increase Productivity in your IT Organization with Effective Computer and Network Monitoring. Copyright © T3 Software Builders, Inc 2004.
Information Technology Services & Office of Residence Life WIRED Computer Protection CD: Healing Students' Personally Owned Computers Information Technology.

Information Technology Services & Office of Residence Life WIRED Computer Protection CD: Healing Students' Personally Owned Computers Information Technology.
Overview of Wireless Network Steven Fetcie Infrastructure Manager Information Services.

Overview of Wireless Network Steven Fetcie Infrastructure Manager Information Services.
Configuring your Home Network Configuring your Home Network Jay Ferron ADMT, CISM, CISSP, MCDBA, MCSE, MCT, NSA-IAM.

Configuring your Home Network Configuring your Home Network Jay Ferron ADMT, CISM, CISSP, MCDBA, MCSE, MCT, NSA-IAM.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
Northern Arizona University Wi-Fi 2005 Flagstaff Campus Wireless Plan 4/11/2005.

Northern Arizona University Wi-Fi 2005 Flagstaff Campus Wireless Plan 4/11/2005.
Windows Security Tech Talk 9/25/07. What is a virus?  A computer program designed to self replicate without permission from the end user  The program.

Windows Security Tech Talk 9/25/07. What is a virus?  A computer program designed to self replicate without permission from the end user  The program.
Wi-Fi Structures.

Wi-Fi Structures.
SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.

SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.
Company LOGO WIRELESS DEPLOYMENT A successful solution to Campuswide role-based secure Wi-Fi deployment Andrea Di Fabio – Information Security Officer.

Company LOGO WIRELESS DEPLOYMENT A successful solution to Campuswide role-based secure Wi-Fi deployment Andrea Di Fabio – Information Security Officer.
Wireless LANs A Case Study of Baylor University’s Wireless Network Copyright Bob Hartland 2002 This work is the intellectual property of the author. Permission.

Wireless LANs A Case Study of Baylor University’s Wireless Network Copyright Bob Hartland 2002 This work is the intellectual property of the author. Permission.
Mobile Computing and Security Authenticated Network Access (ANA) Jon Peters Associate Director Dave Packham Manager of Network Engineering NetCom University.

Mobile Computing and Security Authenticated Network Access (ANA) Jon Peters Associate Director Dave Packham Manager of Network Engineering NetCom University.
Wireless Security with 802.1X Copyright 2005 Michael Griego This work is the intellectual property of the author. Permission is granted for this material.

Wireless Security with 802.1X Copyright 2005 Michael Griego This work is the intellectual property of the author. Permission is granted for this material.
1 Configuring Linksys Wireless Router Prof. Valencia Community College.

1 Configuring Linksys Wireless Router Prof. Valencia Community College.
Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.

Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.
Windows XP Professional Deployment and Support Microsoft IT Shares Its Experiences Published: May 2002 (Revised October 2004)

Windows XP Professional Deployment and Support Microsoft IT Shares Its Experiences Published: May 2002 (Revised October 2004)

Similar presentations

Ads by Google