Question

You work as a network administrator for a college located in your local city. Next door to the college is a new gated community. The residents have been moving in over the last few months. The college is running a converged network. The services that are present on the infrastructure include the phone system that all staff and faculty use to make calls (voice network). The data for students and faculty are also present on the infrastructure. The infrastructure includes a student-accessible wireless environment.

You have gotten numerous complaints about call quality. Complaints have included the following:

• It has been intermittent and very hard to track down the issue.
• The trouble report states that the call quality is poor and that calls are breaking up.
• It was also stated that the overall network performance is very bad, and it started a few months ago but is progressively getting worse.
• It takes a long time to access any files or the Internet.

About 2 months ago, you implemented a network monitoring solution. You decided to check the logs as a result of a call you received from your CIO. The president of the college was on an important phone call and was not able to communicate as a result of the call quality. A review of your performance monitor logs revealed an enormous amount of traffic on the network. This excess network traffic was generated from the wireless LAN. Network traffic was destined for P2P (peer-to-peer) Web sites for movie and music downloads. The logs further reveal very high traffic volume when the students, staff, and faculty were off campus. You just remembered that the university did not have a wireless access control solution in place. It appears that unauthorized usage of the wireless network is generating this traffic that is greatly affecting network performance. You reported this finding to the CIO, and she needs a resolution.

Assignment Deliverable

• Research and identify an enterprise wireless access control solution.
• Based on your research, write a report of 1–2 pages for your boss on your solution to the above stated issues.
• Explain how security mechanisms were employed.

Answer 1

Abstract:

This is the report in response to recent reports of poor call quality and slow internet connection. The investigations involve investigations of logs based on various parameters and network infrastructure. Probable solutions are provided at the end of the report.

Introduction:

The institute has an network infrastructure setup for personnel on campus. The performance of network was good until past few months. There have been reports of poor call quality and slow internet connection. These reports started from past few months which indicates the cause of the problem occurred around few months ago. I was asked by CIO to investigate the problem. To further the investigations I installed a network monitoring system and collected the logs of usage of the network. This report gives the process and inferences of my investigations followed by root cause analysis. In end of the report I have provided probable solutions along with their pros and cons.

Events:

1. The QoS started declining from past few months
2. The housing society across the campus is setup and is populated.

These two event happened around the same time frame so it one probable direction of investigation is that these two events are related.

Investigations of Network Logs:

I collected logs from network monitoring system. The logs indicate following anomalies.

1. The network has a lot of traffic for p2p network for downloading media files
2. The network was active after hours of the college. This is opposite to expected behavior. The traffic should drop considerably after the working hours of college.
3. The number of users on wireless network has increased substantially in past few months.

Investigations of Network Infrastructure:

1. The institute network also has a wireless network. The institute network is an open access network.
2. Since the community across the college started populating in past few months, I investigated if the wireless network is accessible from the community near the college.
3. The wireless network was accessible from the community.

Inferences:

1. I think that the people that the people shifted to community are accessing the college network without authority.
2. The root cause of the problem is open access wireless network.

Solutions:

1. Register MAC addresses of the devices of people on campus and deploy mac address filtering
   1. Pros:
      1. This is the most secure method to avoid unauthorized access to network
   2. Cons:
      1. The process is manual and will take a little long to implement
      2. This process of de-registration will also be manual and should be done when personnel leave the college.
2. Enable WPA2 password protection for the network
   1. Pros:
      1. The process is just single step
      2. The password needs to be sent to the users.
   2. Cons:
      1. The password can be distributed by users to unauthorized users.
      2. The passwords need to be changed and managed repeatedly
3. Enable PEAP infrastructure protection for the network
   1. Pros:
      1. This process is automated
      2. The process will setup official college ids for all the personnel
      3. The process has a one time setup
   2. Cons:
      1. The setup time is a little more.

Recommendation:

1. Deployment can be done in stages where initially only setup WPA2 password protection while we setup PEAP infrastructure.
2. This will provide a immediate improvement in QoS on campus while we setup a better solution for long run.