1 Akademska in raziskovalna mreža Slovenije Case Studies - Case Studies - Eduroam in Slovenia Eduroam in Slovenia Rok Papež ARNES - Academic and research network of Slovenia aaa-podpora@arnes.si Eurocamp, Ljubljana, April 2006
2 Start of Wi-Fi project Start of Wi-Fi project Akademska in raziskovalna mreža Slovenije Arnes started testing Wi-Fi equipment in 2002 – Testing equipment – Involved with TERENA tf-mobility work group – Unclear how technology will evolve – Testing of radius servers (Radiator)
3 Arnes eduroam project Arnes eduroam project Akademska in raziskovalna mreža Slovenije Ministry tender in 2004 – Deployment of wi-fi networks Test setup – Lab – Actual faculty environment – Radius tests (Radiator, freeradius) Configuration samples Technical specifications – Equipment – Network configuration – Security E-mail support
4 Eduroam now Eduroam now Akademska in raziskovalna mreža Slovenije Technology used – SSID=eduroam – WPA Enterprise (+ WPA2/802.11i) – Dynamic VLANs – Support for legacy networks (multiple SSID) – L2/L3 security Radius configuration – EAP-TTLS + PAP – Send real user-name in Access-Accept (accounting) – Log full radius accounting + IP address – Radiator – Freeradius
5 Arnes eduroam map Arnes eduroam map Akademska in raziskovalna mreža Slovenije http://www.eduroam.si
6 Eduroam sites in Slovenia Eduroam sites in Slovenia Akademska in raziskovalna mreža Slovenije Connected to the Eduroam in September 2004 2004 – 1 test WLAN in University of Ljubljana – 6 WLANs at Universities and a high-school center (ministry tender) 2005 - more institutions joined – Secondary school Ptuj – Institute Jožef Stefan (*) – Central technical library, University of Ljubljana (*) – 3 not yet with a test connection Now - 10 institutions in eduroam
7 Slovenian eduroam network use Slovenian eduroam network use Akademska in raziskovalna mreža Slovenije Eduroam network logins 45000 40000 35000 FE/ FRI 30000 FERI FOV 25000 FDV FMF 20000 FHŠ 15000 PTUJ S KUPAJ 10000 5000 0 9 10 11 12 1 2 3 4 5 6 7 8 9 10 11 12 04 04 04 04 05 05 05 05 05 05 05 05 05 05 05 05 monthly
8 Slovenian eduroam statistics Slovenian eduroam statistics Akademska in raziskovalna mreža Slovenije Network use varies a lot – Summer vacations – Winter vacations – Exam periods Steep climb – network logins – number of active users March 2006 statistics – 885 active users – 40 used roaming (4,52 %) – Most of the users are from technical faculties
9 Student survey – Use of eduroam Student survey – Use of eduroam Akademska in raziskovalna mreža Slovenije Student survey October 2005 – Use of any wi-fi • Only 15.2% of students use Wi-Fi technology (routers, sharing of internet connection with a neighbor at home ...) • Eduroam is being used by 5% of students – Reasons for not using the eduroam • Not informed about it • Don't own a laptop • They don't know how to use it • Bad experience with use – Why students don't bring laptops to lectures • Don't want to stand out • Afraid of damage or theft
10 Easier end user deployment Easier end user deployment Akademska in raziskovalna mreža Slovenije eduroam without the eduroam_client – Setting up windows wireless – Setting up SecureW2 – First connect problem (certificates) eduroam client – Uses secureW2 site deployment – Certificates are pre-installed – SecureW2 is pre-configured • username/password – Wireless encryption settings – ftp://ftp.arnes.si/software/eduroam
11 Eduroam client configuration Eduroam client configuration Akademska in raziskovalna mreža Slovenije
12 Future of eduroam in Slovenia Future of eduroam in Slovenia Akademska in raziskovalna mreža Slovenije Eduroam on wired networks – Testing of equipment (switches) – Looking at the possibility to use for dial-up RadSec for inter-radius connections Eduroam_client – Localization – Limited development resources Eduroam in a box – Deploying eduroam in smaller organisations – Web configuration wizard and management tool – (optional) built in firewalling (L2/L3 security) – Free software – http://eduroam.sourceforge.net
13 Eduroam in a box: smaller network Eduroam in a box: smaller network Akademska in raziskovalna mreža Slovenije Typical network: – Structure network • 802.1q VLANs – Classroom – Staff
14 Eduroam in a box: “plug and play” Eduroam in a box: “plug and play” Akademska in raziskovalna mreža Slovenije
15 What is in this picture ? What is in this picture ? Akademska in raziskovalna mreža Slovenije Bob Metcalf, Xerox, 1972
16 Ethernet (in)security Ethernet (in)security Akademska in raziskovalna mreža Slovenije Unauthorized network use – Rogue Access Points MAC spoofing ARP attacks – Router – Other users DHCP attacks – DOS – Eavesdropping IP spoofing
17 Ethernet security mechanisms Ethernet security mechanisms Akademska in raziskovalna mreža Slovenije Network login (wireless or wired - 802.1x) Wireless connection encrypted (WPA) Special mechanisms on a router/switch – ip dhcp snooping – ip arp inspection – ip verify source IP security – Firewall – ACL
18 Eduroam.si Eduroam.si Akademska in raziskovalna mreža Slovenije http://www.eduroam.si mailto: aaa-podpora@arnes.si
Recommend
More recommend
