Wireless Security In Colleges

scojones

Hello Lads,
As some of you may know i'm a student at the Institue of Technology, Tralee. The technicians in the college have set up a wireless network recently. However we can only use the internet from this connection. We cannot map our home drives or the public college drive. The reason we have been given is this:

At the moment we are just monitoring the current setup to see how well it works. It s just the web that can be accessed at the moment.

We are looking at a way of sharing drives that will be secure. ie. one
student cannot see another students home drive etc.

Another problem we have to resolve is how to check if a students wireless
devices OS and Antivirus software are up to date and patched.

What i'm wondering is how do the other colleges map the drives securely? i.e UCD. Do you think the technicians could be making up excuses? Afaik when you are mapping a drive like a home drive you need to give your username and pw for home drive you wish to map.

Also how could the technicians check if our software is up-to-date (sp2 and the most up-to-date virus definitions)?
Thanks alot lads.
sjones.

seamus

sjones wrote:

Hello Lads,
As some of you may know i'm a student at the Institue of Technology, Tralee. The technicians in the college have set up a wireless network recently. However we can only use the internet from this connection. We cannot map our home drives or the public college drive. The reason we have been given is this:


What i'm wondering is how do the other colleges map the drives securely? i.e UCD. Do you think the technicians could be making up excuses? Afaik when you are mapping a drive like a home drive you need to give your username and pw for home drive you wish to map.

Also how could the technicians check if our software is up-to-date (sp2 and the most up-to-date virus definitions)?
Thanks alot lads.
sjones.

You can't map your Home drives in UCD either. At least you couldn't 6 months ago.

The problem with Wireless is that anyone can read other people's traffic, unless it's encrypted. In order to implement proper security, they have to set up a WPA solution, and then all clients have to be configured. In a small or business environment, this is easy enough, but can be troublesome. In a University environment it's something that needs to be well planned and rigorously tested, not to mention integrated into the existing systems.

WPA is relatively new, and any students with oldish laptops running anything but Win2k or XP won't be able to use it.

In order to ensure that students laptops are also up-to-date isn't an easy task. Save the University adding every machine to a domain and forcing a logon script each time they boot, it's a tough one.

scojones

Cheers seamus. I'll look into WPA now.

Valehru

Well Im only speaking from my experience in NUI Galway. They install a Novell Client onto your Laptop which allows you to map directly to your network directory on their Novell Server. To access this drive you need your username and password. As far as I know there is a novell client implementation for any modern operating system. Unless the techs in Tralee are idiots it shouldnt be too difficult to implement. However the cost factor may be an issue.
Thats my two cents
Later days

tck

sjones wrote:

Cheers seamus. I'll look into WPA now.

http://www.securiteam.com/tools/6L00F0ABPC.html

seamus

Valehru wrote:

Well Im only speaking from my experience in NUI Galway. They install a Novell Client onto your Laptop which allows you to map directly to your network directory on their Novell Server. To access this drive you need your username and password. As far as I know there is a novell client implementation for any modern operating system. Unless the techs in Tralee are idiots it shouldnt be too difficult to implement. However the cost factor may be an issue.

Unfortunately this doesn't solve the problem of unsecured data. The issue arises becuase the data on the wireless connection is normally transmitted unsecured, and even WEP-secured data can be stolen, if the attacker has the WEP key (very likely in a college environment), or he sniffs enough packets.

So even though a person may be using a novell client, data to and from the Novell servers will be largely unsecured, as will the user's details when they log in initially.

Best method is probably WPA authentication, which I gather can be done via a RADIUS server (I'm not too familiar with it myself), and best practice there would be to tie the RADIUS authentication into the Novell authentication.

Probably not an insignificant job.

dabhal

I doubt they are making excuses, sounds to me like they are following best prcatice here. Wireless is not something to play around with unless no-one cares about the data which I very much doubt. They are ways of updating virus scanners macafee have e-policy orchester and a neat little program form wireless and laptop users but it all cost money.
The encryption depends on the network topology they have.
It's impossible to say whats best without knowing the exact layout and equipment.
In short....Be glad they didn't just stick a wireless device into a switch and announce, "hey we're wireless"

My two Cents
Dabhal

scojones

tck wrote:

http://www.securiteam.com/tools/6L00F0ABPC.html

WPA2 has not been cracked yet tck.