Mobile Computing and Security Authenticated Network Access (ANA) Jon Peters Associate Director Dave Packham Manager of Network Engineering NetCom University of Utah Copyright David Packham and Jon Peters, 2001. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.
27
Embed
Mobile Computing and Security Authenticated Network Access (ANA) Jon Peters Associate Director Dave Packham Manager of Network Engineering NetCom University.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Mobile Computing and SecurityAuthenticated Network Access (ANA)
Jon PetersAssociate Director
Dave PackhamManager of Network Engineering
NetComUniversity of Utah
Copyright David Packham and Jon Peters, 2001. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or
to republish requires written permission from the author.
•University of Utah, located in Salt Lake City
•Department of Network & Communication Services (NetCom) responsible for campus network backbone, phone service, security, email, help desk, phone operators
•Hosting the 2002 Winter Olympic opening and closing ceremonies, and the athletes’ residence village
Background
Purpose of Presentation
• Authentication through a firewall.
• Authenticated network access (ANA).
Driving Need
Driving Need
OC-12c GigEthernet
OC-12c
OC-12c
OC-3c/12cOC-12c
C-12c
CiscoLS1010
ATMSwitch
Cisco 6509Building
AggregationSwitch
BuildingAggregation
Switch
GIG
BACKBONE
R
Fort Douglas StudentVillage Distribution Node
Ballfield #1
Ballfield #2
Ballfield #3
Ballfield #4
Ballfield #5
Ballfield #6
Conner Road #1
Conner Road #2
Conner Road #3
Guest House #1
Eleven Acres #1
Eleven Acres #2
Eleven Acres #3
Eleven Acres #4
Eleven Acres #5
Village Center #1
Village Center #2
Upper Chapel #1
Upper Chapel #2
Upper Chapel #3
48 10bT ports
48 10bT ports
72 10bT ports
68 10bT ports
68 10bT ports
68 10bT ports
143 10bT ports
145 10bT ports
180 10bT ports
190 10bT ports
171 10bT ports
264 10bT ports
219 10bT ports
286 10bT ports
210 10bT ports
176 10bT ports
176 10bT ports
169 10bT ports
169 10bT ports
166 10bT ports
3,036 10bT ports
1000bFX LinksBuilding switch to
Building AggregationAccess Switch
Fort Douglas StudentVillage Data Network
Access andAuthorization
Services
Cisco 6509Building
AggregationSwitch
Driving Need
Driving Need
Design Requirements
• Security
• Performance
• Scaling
• Cost
• Global authentication database model
• Minimum client side configuration
• Multi-platform support
Authentication through a firewall
R
Laptop computer WWW/DNS
Firewall
DHCP
Ethernet
LDAPServer
Authentication through a firewall
• Security
• Performance
• Scaling
• Cost
Authenticated Network Access (ANA) Components
• (2) redundant HSRP router capable of supporting multiple interfaces or virtual sub-interfaces and the ability to associate a user supplied MAC address per each interface.
• Average Number of Visits per Day on Weekdays 468• Average Number of Hits per Day on Weekdays 32,956• Average Number of Visits per Weekend 1,009• Average Number of Hits per Weekend 49,250• Most Active Day of the Week Wed• Least Active Day of the Week Mon• Most Active Date October 01, 2000• Number of Hits on Most Active Date 58,379• Least Active Date September 20, 2000• Number of Hits on Least Active Date 5,624• Most Active Hour of the Day 18:00-18:59• Least Active Hour of the Day 06:00-06:59
Current Development Plan
• Addition of wireless networks and other devices.
• Addition of remote access users through VPN’s.
• Bandwidth and usage notifications.
• Post login licensed software download.
Email Address [email protected] Server – http://www.netcom.utah.edu/ana