copyright 2003 ubc wireless.ubc.ca balancing security and usability on the world’s largest wi-fi...
Post on 18-Dec-2015
214 views
TRANSCRIPT
Copyright 2003 UBC
wireless.ubc.ca Balancing security and usability on the world’s largest Wi-Fi campus network
Jonn MartellWireless Project Manager, [email protected]
October 3rd 2003
Copyright 2003 UBC
University of BC (UBC) A Research 1 university Public (and research) funded Motivation: Estrategy and UNP $30.6 M CDN wired project of which
10% was allocated to a specific wireless budget and project.
High level support and buy in.
Copyright 2003 UBC
The Largest Wi-Fi Campus network in the world….
5 million square feet of coverage 150+ buildings Over 1000 users (daily) Campus-wide coverage 1300 access points configured, installed
and documented – up to 2000 possible. Now adding residential areas. Cited as the #1 item that stands out for
new students.
Copyright 2003 UBC
Copyright 2003 UBC
Prime Directives Meeting UBC’s mission: Research,
Education and learning User centric & ease of use. Estrategy self service tools.
Faculty, Student, Staff and guests/affiliate with sponsor
Zero cost goal University funded Cost to user (dollars, time, grief etc).
Built on standards and modular
Copyright 2003 UBC
Biggest Issues Microsoft keeps shipping
insecure default configurations Deploying & supporting Antivirus Deploying & supporting Personal
firewall Aggregating intrusion alerts
Copyright 2003 UBC
Survey of EDU environment Secure and proprietary wireless EDU
networks weren’t being used – denial of service?
Cost of ownership can be difficult if not standards-based.
Users come back from conferences or setup wireless at home and say, “it works there, why not here?”
Users don’t care about security
Copyright 2003 UBC
Technology 802.11b 11 Mbps everywhere 802.11g 54 Mbps as early as fall ‘03 802.11a 54 Mbps likely not campus wide,
deployment on hold. Enterprise class equipment:
Wireless access points: Cisco AP1200 and some AP1100 Powered Switched: Cisco 3550PWR Core/Carrier class: Cisco 4507R Colubris Wireless Gateway: CN3500 Nortel Contivity VPN Servers: 2700/1700
Copyright 2003 UBC
Conceptual Network Diagram
Copyright 2003 UBC
Balancing usability with security Basic Access – Secure Web Login Only restricting (filtering) extremely
flawed traffic (Microsoft Networking) Optional virtual private networking
VPN (PPTPv2 and IPSec) Promoting safe computing Usability is more important to users
than security
Copyright 2003 UBC
Key to success Ease of use Designing for “zero cost”. Low cost, standards-based network cards Handling security by heavy monitoring –
access, time, traffic Automating abuse detection tools Advanced management tools – users don’t
complain! Bad users are a small minority - let’s not
punish good users because of the few bad users
Copyright 2003 UBC
Triangulation to detect problems
Copyright 2003 UBC
VPN – Virtual Private Network VPN no longer optional for Exchange,
Microsoft File and Print etc. General service, free to faculty, staff and
students. Works common campus single ID and
password Supports both VPN standards (PPTP and
IPsec)
Copyright 2003 UBC
WPA & IEEE 802.11i WPA - Providing authentication
and encryption between client and AP
Will always be challenges to security
VPN is here to stay….
