Wireless Security

UC Berkeley's Electrical Engineering and Computer Sciences department wanted to strengthen security for mobile users on the wireless network. This talk will cover practical knowledge required to address network security incidents in a forensically sound manner. The university selected FireEye's antimalware solution to protect against targeted stealth malware.

This presentation discusses how California College of the Arts met the challenge of securing an evolving wireless network.

Rogue access points (APs), those installed by unauthorized users, are a security, usability, and liability concern for all university network administrators. In this talk, we will present several time-saving methods of rogue AP detection that do not require expensive commercial applications or unwieldy directional antennae.

How can IAM be helpful in managing network intrusion and access? A researcher wants to show a national grid-enabled resource to her class, but can’t access it because she’s in a classroom and, by policy, unable to get through the firewall. She then clicks on her research icon, authenticates and, because of her researcher status, accesses the research van that is enabled to use the appropriate ports. Can coupling network capabilities and IAM replace the use of IP addresses as the criterion for access with identity, roles, and related attributes? Focusing in on wireless access specifically, can IAM can help correlate identity to an endpoint device by combining network registration and personal identification? This session will explore these questions and how one can identify the person behind the device or address.

Since its inception in 1997, this group has discussed a wide range of topics relevant to network managers including network convergence, bandwidth management, management systems, security, wireless technologies, and support. This gathering will allow network managers to share ideas about their current professional challenges and new or emerging technologies with other networking experts from a wide variety of institutional backgrounds.

Emory University is delivering a high-value wireless service that is widely used by students, faculty, staff, and visitors. A centralized WLAN architecture ensures network security, scalability, and manageability as well as ease of use for the university's diverse communities.

In 2002, Bethune-Cookman College (BCC), a small, historically black college, decided to overlay its existing wired network with wireless. BCC determined it was both unwise and too costly to convert completely to wireless. Logistical complications in some locations, however, made wireless installation the solution of choice. Network security was paramount, and the decision was made to limit wireless access to members of the campus community (students, faculty, and staff) without creating excessive maintenance requirements.

The Penn State network holds more than 100,000 registered hosts, with approximately 200 connecting wirelessly. With the growing demand for wireless (802.11b) access to the Penn State network, we needed a way to prevent unauthorized access to our main network via wireless access points and to protect data as it traveled through the air using strong encryption rather than WEP. To meet our needs, the security solution had to be inexpensive, easy to maintain, and support Windows, Macintosh, and UNIX. We decided to use our existing infrastructure as much as possible; our VPN concentrator provides encryption and our existing Kerberos domain authenticates users. Using Access Control Lists on our routers, we were able to leverage our existing infrastructure to restrict unauthorized access and encrypt traffic on our WLANs, resulting in the PSU Wireless SecurNet.

Purdue AirLink (PAL) is a campus-wide, secure, authenticated wireless access system. It allows laptops, desktops, and PDAs to connect to the Purdue network, making any area that is PAL accessible a part of the Purdue network. PAL supports Cisco native clients and MS-CHAP v2, meaning that almost any computer system can connect. Today, users are able to log in using their Purdue career account and use campus services as well as Internet access from over 90 percent of the public areas on campus.

The PAL system was designed to allow secure, authenticated, campus-wide wireless access. The system had to be relatively operating-system agnostic and had to provide a reasonably user-friendly method of access. In addition, it had to use standard protocols and hardware.

An effective security program has a number of components. The information security program at the University of Florida (UF) has expanded over the past four years in response to the growing issues of network and data security in a connected world. Among the many important components implemented at UF are a distributed network intrusion detection system, a contact database for network and server managers, vulnerability assessment software , regular proactive scans and audits, and a number of policies . The university was able to cope with the recent wave of RPC worms using the above components.