Wireless LANs A Case Study of Baylor University’s Wireless Network Copyright Bob Hartland 2002 This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

Baylor University 14,221 Students 1,750 Full Time Employees 80 Buildings

Baylor Vision Connecting People with Ideas

How are we using Wireless? Roaming Network Access Point-to-Point Connectivity Point-to-Multipoint Connectivity

Wireless Applications Library Loaner Laptops EBIC MBA and EMBA ResNet access for dorms that are difficult to wire Mobil network access Connecting small remote facilities to LAN

Unique Users Over Past Year

Wireless Network Growth Currently 60 access points installed Projected to have 210 installed access points by Fall 2002

Current Wireless Coverage

Projected Wireless Coverage

Access Point Installation Site Survey 2 lines to every location Power supplied over ethernet cable Configure AP with proper channel separation Document – location, coverage area, channel

Wireless Troubleshooting Tools Access Point management tools Wireless sniffers Spectrum analyzers Documentation Wireless Test Stations

Security Who ? What ? Where ? When ?

Wireless Usage Policies Wireless falls under Computer Usage Policy Baylor Air-Space Policy for 2.4GHz spectrum

Wireless Network Practices Firewall blocks connection attempts from the Internet to Wireless hosts Firewall requires user authentication before allowing access to campus LAN and Internet Centralized logging server for authentication information

Wireless Authentication - Current Design Client application NetAuth DHCP server Firewall RADIUS server LDAP Centralized logging

Problems with Current Design Password is passed in clear text Maintaining client application for wide range of Operating Systems (Palm Os, Linux, Windows CE…) Limitations in customizing the firewall’s authentication mechanisms Modular Design creates configuration issues and multiple points of failure

Needs: Replace DHCP server, firewall, and client with one device – Wireless Firewall Gateway (WFG) Took a solution described by a NASA white paper then expanded and customized.

DHCP service Secure Web Site Firewall Router Wireless Authentication – Proposed Design

WFG Log On

The WFG solution addresses the following issues: Clear text password Holes in existing solution if a client uses a static IP and/or a falsified MAC address No client application to maintain – only requirement is a secure web browser Less expensive to maintain hardware/software Highly customizable

Contributors: Bob Hartland Director for IT Servers and Network Services Baylor University Scott Day Cori Rhodes Jon Allen Speaker: Technical:

Questions?

Support Issues Wide variety of platforms Non-standard personal machines and cards Maintaining 200+ access points Troubleshooting a mobile device Wireless become default for accessing resources

Air-Space Policy Key Points: Describe what the policy covers (include reference to FCC documentation) We are concerned with the 2.4GHz range used by b Explain why policy is needed Only way to help guarantee a reliable wireless network. State that Baylor will conduct regular scans for interference Prevents redistribution of Baylor’s network List sanctions or consequences Students dealt with through the student policies Work with faculty/staff to eliminate interference

Wireless Test Stations Guarantee one functional access point Troubleshooting steps for user to walk through Near a phone for phone support if necessary

Who Can Access Baylor LAN? Wireless network name User Authentication

What Info is Accessible over WLAN? Username and password Assume all other WLAN traffic is unsecure

WFG Design Map

Example Coverage Map

Organizational Chart

Design Map

Current NetAuth Application