Configuration, Support, and Security for UIUCnet Wireless - PowerPoint PPT Presentation

1 / 38

About This Presentation

Title:

Configuration, Support, and Security for UIUCnet Wireless

Description:

Can mean the cellphone network. Can mean wireless Ethernet. Can be the new mice and keyboards ... 2G, 2.5G, 3G are cellphone. IRDA is infra-red. Bluetooth is ... – PowerPoint PPT presentation

Number of Views:51

Avg rating:3.0/5.0

Slides: 39

Provided by: ccspCit

Category:

more less

Transcript and Presenter's Notes

Title: Configuration, Support, and Security for UIUCnet Wireless

1
Configuration, Support, and Security for UIUCnet
Wireless

Debbie Fligor
CITES - Network Engineering
fligor_at_uiuc.edu

2
Todays Topics

Wireless basics
UIUCnet Wireless specifics and How-tos
Frequently asked questions (and their answers)
Supporting off-campus wireless
Futures

3
Wireless - an overused word

Can mean the cellphone network
Can mean wireless Ethernet
Can be the new mice and keyboards
Can be IR from your PDA to your computer
Can be Bluetooth, a Personal Area Network

4
How to tell what it means

Context
With whom youre speaking
Keywords
2G, 2.5G, 3G are cellphone
IRDA is infra-red
Bluetooth is short distance, device-to-device
802.11(a,b,g) are Wireless Ethernet
What we will be looking at today

5
Wireless Ethernet Flavors

802.11b
Most used right now
Shipping since Fall 1999
11 Mb/s
Closer to 8 Mb/s for a single end user
Less if more than one user
Cheapest
Interference starting to happen
Uses 2.4 GHz frequency range

6
Wireless Ethernet Flavors

802.11g
Uses 2.4 GHz frequency range
Standard ratified last spring
802.11b users rate-limit 802.11g users
Same interference problems as 802.11b
More expensive than 802.11b (but prices are
dropping quickly)
Faster than 802.11b (sometimes)
Up to 54 Mb/s
The standard has 6, 9, 12, 18, 24, 36, 48, 54
(and 1, 2 ,5.5, 11 for 802.11b support)
But only requires up to 24

7
Wireless Ethernet Flavors

802.11a
Been shipping for over a year
5.5 GHz frequency range
Less interference (for now)
A little more expensive (for now)
Many new cards are dual a/b (or a/b/g)
Up to 54 Mb/s
The standard has 6, 9, 12, 18, 24, 36, 48, 54
But only requires 6, 12, and 24

8
What we use - 802.11b

Most common
Ready now
Currently deploying on campus
Affordable for home use

9
How it works - 802.11b

(All wireless Ethernet is basically the same)
Wireless Access Point (WAP)
Wireless Ethernet card
PC/MCIA (PC card)
Built-in
Strong signal
distance
signal blockers

10
How it works - 802.11b

The WAP has an Ethernet jack
The WAP bridges the wireless to the Ethernet
The wireless card looks like an Ethernet card to
the computer
The wireless card talks to the WAP (instead of to
an Ethernet cable)

11
Security - 802.11b

Wired Equivalent Privacy (WEP)
Part of the standard
Easy to hack (lt 20 minutes)
Why care? Sniffer software is free
Get your credit card info
Get your password(s)
Without WEP, its even easier

12
UIUCnet Wireless

The campus service
802.11b only (for now)
Separate security
Virtual Private Network (VPN)
Most clients are free
CITES runs the central server

13
UIUCnet Wireless

Cant leave wireless net without the VPN software
Login with NetID NetID Password
Insures the user is UIUC
Insures the data is secure WHILE ON THE WIRELESS
part of the network
This does not secure the data once it hits the
wired network
Guest accounts can be made by departments
Good for up to 72 hours
Can be extended if you contact CITES before it
expires

14
Setting up for UIUCnet Wireless

Set your computer to use its wireless interface
Network name (SSID) UIUCnet
Use DHCP to get your IP address
Be sure your machine has an IP address
It should start with 172.21.8-15
Launch the VPN software and login
Start using the net

15
Is it really that easy?

On a good day, yes
The rest of the time
Driver/OS issues
Access Point and card issues
VPN issues

16
Driver/OS issues

Windows Update patches
Anything that changed the kernel or IP stack
VPN major OS install
uninstall VPN
reinstall VPN
reboot
Need latest firmware and drivers
especially newer combo cards

17
Access Point card issues

802.11g cards and 802.11b access points
Should work, but
Compatibility and settings issues
Settings changes
Users shouldnt have to know how to do this

18
VPN Issues

The 5000 has been a pain
The 3000 client is MUCH better
The same interface on Mac and Windows
No certificate
Downloadable profiles
or configure by hand
Overall less picky
Still will be times it needs to be re-installed
5000 will be powered off December 31
Must be returned to Cisco

19
Frequently Asked Questions(and their answers)

These are from the Librarians
1. What kind of software do I need?
VPN
2. Do I need a special network card?
Most 802.11b cards should work, were working on
a list of cards that will be specifically
supported by the Help Desk

20
Frequently Asked Questions(and their answers)

3. If I have a virus on my computer, can I still
use wireless?
No, your VPN account will be disabled when youre
noticed
4. What is my radius password?
Your NetID Password (like for U of I Direct)
5. I downloaded the VPN client and certificate,
now how do I install it?
Run the installer and follow the directions
Then launch the VPN and import the profiles (for
3000)

21
Frequently Asked Questions(and their answers)

6. How can I download the VPN client and
certificate if I can't connect to begin with?
http//172.21.0.22
This is a local web server on the wireless
network
It only applies to on-campus wireless (not
Illini Center, Airport, etc.)
7. Can my pda, handheld computer, etc connect
to wireless?
With an 802.11b networking card and the VPN
software

22
Frequently Asked Questions(and their answers)

These are from the Help Desk
1. Where are the locations around campus that
have wireless access?
http//www.cites.uiuc.edu/wireless/locations-map.h
tml
click on a building to get details
2. Why is it prompting me for a "shared secret"
password?
On the 5000 it will do that if you dont have a
certificate installed, or didnt check the use
certificate button
On the 3000 if you didnt download the
configuration

23
Frequently Asked Questions(and their answers)

3. What does IKE error mean?
Probably an error in the VPN client-server
communications (includes bad passwords)
4. I installed everything correctly, why don't I
get a wireless signal?
This one is really tough and can be anything from
drivers to a failed access point

24
Frequently Asked Questions(and their answers)

5. Which wireless network am I supposed to select
when more than one is available?
UIUCnet
6. What exactly is this VPN thing that I need and
where do I get it (this is a VERY popular
question)?
The software you need to use the wireless service
http//172.21.0.22 or http//www.cites.uiuc.edu/vp
n

25
Your role in UIUCnet Wireless

CITES assumes all users will contact the Help
Desk if assistance is required
244-7000
consult_at_uiuc.edu
Faculty and Staff might expect their IT support
staff to know whats going on
CITES doesnt mind if you help
Always feel free to send users to the Help Desk
instead

26
Things you can try

UIUCnet not ANY for SSID
Can you ping 172.21.0.22?
(Before starting the VPN)
Yes-gt wireless is working, its a VPN issue
No-gt youre not on the wireless net correctly or
the server is down (its the DHCP server, its
not supposed to be down)
Wireless basics are the same as wired
Can the OS see the card?
Do you have link?
Do you get an IP address via DHCP?

27
Supporting off-campus

Once theyve gotten used to it, theyll want it
at home - as net admin, you can help
802.11b is affordable for many home users
Consumer Wireless Access Points lt 150
Most need Ethernet so you need
DSL or ISDN
Cable Modem
Fixed Wireless (Volo, Prairieinet)
A few have 56k modems included

28
Supporting off-campus

Security is still important
Borrowing bandwidth
Passwords and credit card info
Interference from
Cordless phones
Other wireless networks
X10 cameras
Some microwave ovens
Bluetooth

29
Supporting off-campus

How should a home system be setup?
Pick a network name thats not too obvious
Turn on WEP encryption
Its not perfect, but keeps most people out
Do not use clear-text passwords
POP email is clear text, unless you ssh tunnel
WebMail is not clear text, so is safe
Never use telnet, always use ssh
Never use ftp, always use scp or sftp
Make sure any web form is https

30
Supporting off-campus

What if I have to use clear-text passwords?
There are a few system where you must
Encrypt them first
Use the VPN
Use an ssh tunnel

31
Going from campus to home(and back)

UIUCnet Wireless uses DHCP
Set up DHCP on home WAP
Name your home wireless network UIUCnet
It doesnt hurt anything
Easier to hard-code the network name
You might have to turn off WEP when you get to
work and back on when you get home

32
Futures-Hardware

802.11a
hopefully starting Spring 04
What about 802.11g?
Will show up on campus when priced as low as b
radios
Wont advertise it as g since the b users will
keep the speeds down

33
Futures-Security

Replace the VPN?
Appliance solutions have many problems
Dont co-exist with the VPN, so people that want
to use VPN from off-campus are out of luck
Need lots of extra hardware -- points of failure
and equipment to maintain
Considering adding web-based SSL authentication
in addition to VPN
This would only allow access to secure services
http, https, ssh, sftp, sPOP, sIMAP
Would only need an SSL-capable web browser
What do you think?

34
For More Information

UIUCnet Wireless development information
(includes service offering information)
http//www.cites.uiuc.edu/wireless/admin
How to setup your computer for UIUCnet Wireless
or just the VPN
http//www.cites.uiuc.edu/wireless
http//www.cites.uiuc.edu/vpn
http//www.cites.uiuc.edu/wireless/quickstart.pdf

35
If you really want more info