Re: [802SEC] Post Conference Network Update (2004-03)
Since I didn't get to speak to you all at the closing EC meeting, let me
take a couple of moments to point out two statistics in the network
One is the discrepancy between the number of attendees vs. the number of
devices on the network. The conference had 1350 attendees, but the
network provided services for 1675 devices. Of course, some conference
attendees have multiple interfaces or cards they use to connect to the
network. This is the highest difference we've seen and implies that we
had a number of people outside the conference members on the network.
We continually improve our software to support this network and part of
the increased sensitivity to disruptive network activity is captured in
the final number of reported incidents: 175. The software we wrote
identified and removed the access of a total of 27 clients by the end of
the conference. Due to the behavior of the clients, including
purposefully scanning our network servers looking for vulnerabilities, I
do not think that they were all members of the conference.
This leads to the suggestion at the end of the presentation that the
LMSC consider the impact of requiring some level of access control for
clients to connect to the network. Some points to consider during your
1) WEP (802.11 encryption) is not access control and it does not do
anything for controlling access to wired clients in the Internet cafe
area. Besides, by the time you pass out WEP keys to 1500 people at
registration, you will be able to walk in off the street and pick a copy
of the key up off any table or out of any trash can.
2) Any system implemented should allow us to identify any conference
member by IP or MAC address. It is currently trivial to tie the IP to
the MAC address, but finding who the individual is using the computer
would allow us to get enough information to directly contact them if we
detect a problem caused by their client.
3) Any system implemented would require that companies sending members
to this conference provide them with equipment that conforms to whatever
technology standards that are needed to support the access control
mechanism. A long lead time on any change and good communication with
members and their companies is essential for this to work effectively.
While I.D.E.A.L. Technology Corporation is strongly motivated to making
this network more manageable, the additional time and effort to design
and implement a workable solution to control access is frankly outside
the scope of our support contract. I.D.E.A.L. will of course be happy to
review and consider any request for action the LMSC makes of us
regarding this matter.
Anthony L. Awtrey
[T] 407.999.9870 x13
I.D.E.A.L. Technology Corporation
"The Leader in Linux and Open Source Solutions"