Thread Links Date Links
Thread Prev Thread Next Thread Index Date Prev Date Next Date Index

Re: [802SEC] Post Conference Network Update (2004-03)




Hello again,

Since I didn't get to speak to you all at the closing EC meeting, let me 
take a couple of moments to point out two statistics in the network 
update presentation.

One is the discrepancy between the number of attendees vs. the number of 
devices on the network. The conference had 1350 attendees, but the 
network provided services for 1675 devices. Of course, some conference 
attendees have multiple interfaces or cards they use to connect to the 
network. This is the highest difference we've seen and implies that we 
had a number of people outside the conference members on the network.

We continually improve our software to support this network and part of 
the increased sensitivity to disruptive network activity is captured in 
the final number of reported incidents: 175. The software we wrote 
identified and removed the access of a total of 27 clients by the end of 
the conference. Due to the behavior of the clients, including 
purposefully scanning our network servers looking for vulnerabilities, I 
do not think that they were all members of the conference.

This leads to the suggestion at the end of the presentation that the 
LMSC consider the impact of requiring some level of access control for 
clients to connect to the network. Some points to consider during your 
discussions:

1) WEP (802.11 encryption) is not access control and it does not do 
anything for controlling access to wired clients in the Internet cafe 
area. Besides, by the time you pass out WEP keys to 1500 people at 
registration, you will be able to walk in off the street and pick a copy 
of the key up off any table or out of any trash can.

2) Any system implemented should allow us to identify any conference 
member by IP or MAC address. It is currently trivial to tie the IP to 
the MAC address, but finding who the individual is using the computer 
would allow us to get enough information to directly contact them if we 
detect a problem caused by their client.

3) Any system implemented would require that companies sending members 
to this conference provide them with equipment that conforms to whatever 
technology standards that are needed to support the access control 
mechanism. A long lead time on any change and good communication with 
members and their companies is essential for this to work effectively.

While I.D.E.A.L. Technology Corporation is strongly motivated to making 
this network more manageable, the additional time and effort to design 
and implement a workable solution to control access is frankly outside 
the scope of our support contract. I.D.E.A.L. will of course be happy to 
review and consider any request for action the LMSC makes of us 
regarding this matter.

Tony

-- 
Anthony L. Awtrey
Vice President
[T]  407.999.9870 x13
[F]  407.999.9850

I.D.E.A.L. Technology Corporation
http://www.idealcorp.com

"The Leader in Linux and Open Source Solutions"