Upload
alberta-mcbride
View
214
Download
0
Tags:
Embed Size (px)
Citation preview
Outline
• Wireless and 911• The old way• The new system• Unique
Considerations for WAPs and MATs.
• WAP design conditions• Mobile Terminal design
conditions• We got the performance
we had hoped for
Wireless & 9-11-2001SIGNIFICANT EVENTS• Security awareness increases – TSA • Security Vulnerability Assessment Completed
TECHNOLOGY DIFFICULTIES• IP Ethernet Switches from the Power Utility Industry migrated into
the Transportation world• MPEG 2 and MPEG 4 standards emerging• Handheld computers attain GHz Pentium class• No wireless standards• Intelligent video is a military deployment only• Video recorders are not VCRs and • Video on demand is waiting for terrabyte storage drives
Project History• Security Vulnerability Assessment -- 2001• Gaming and Grants activities -- 2003• Design Consultant selected -- 2004• Design completed -- 2005• Construction completed -- 2006• Next upgrade expected -- 2008
St. Pete in 2003The old system
•15-year old access control system•Equipment no longer manufactured •Upgrades available at 50% more than new•Copper-based communications•Some MMFO cable•Video done on a “homerun” basis and reviewed only occasionally
St. Pete 2006The new system
This Technology was not available in 2001• MM fiber for terminal SM fiber outside (F)• New access control system (T)• New Ethernet Layer 3 Switch (T)• New Ethernet Layer 2 switches (T)• New Intelligent Video application (F)• New mobile access terminals (MATs) (T)• New Wireless access points (WAPs) (T)
What Changed?
• Attitude
• Technology
• Cost
• Staff availability
Attitude Changed
• All Department of Defense wired and wireless networks should deploy 24x7 wireless monitoring and intrusion detection systems that are NIAP common criteria certified. – US DoD, June 2006
• Department of Transportation is now part of Homeland Security
Technology Change - FIBER
• All dielectric• 3 frequencies • Lots of experienced
Contractors• New installation methods• Reduced cost• Internet Protocols
Technology Change Access Control
• Badge operations• Database management• Provision for biometrics• Smart card encryption• Proximity card concept• Intelligent video • Communications
improvements
Technology Change - Layer 3
• Permits virtual LAN
• Hosts need only deal with messages in VLAN
• Routes messages between VLANs
Technology Change - Layer 2
• Permits connecting devices in spanning tree rings at under $1000
• Relieves devices of message overhead• Permits fiber with non-fiber devices• Up to 74ºF)
Technology Change Mobile Terminal
Technology ChangeCentral Control Room
• Rugged enough for outdoor
• Ergonomic • Flat screens• Dual screens• Computers built-in• Noise and air
conditioning considerations
• Lighting built-in
Conceptual Diagram
Changes in Concept• IP
• Fully digital
• Distributed intelligence – Control room– Controllers in field– Devices
• Windows, Corba
IEEE Standards have changed802.11 Working Groups
Number Description Number Description
802.11 a 5.0 GHz 1999 802.11 n 100Mbps throughput 2007
802.11 b 2.4 GHz 1999 802.11 o Reserved
802.11 c Wireless Bridge 2001 802.11 p WAVE
802.11 d International 2001 802.11 q Reserved
802.11 e QoS 2005 802.11 r VOIP 2007
802.11 f AP Interoperability 2003 802.11 s Mesh Networks
802.11 g 2.4 GHz 2003 802.11 t Wireless Performance
802.11 h 802.11a Intl 2003 802.11 u Interworking non 802
802.11 i Security 2004 802.11 v Wireless Network Mgmt
802.11 j 802.11a Japan 2004 802.11 w Protected Mgmt Frames (Security)
802.11 k Radio Mgmt 2005 802.11 x Not yet
802.11 l Reserved 802.11 y 3.65-3.7 GHz for 802.11
802.11 m Standards Maintenance 802.11 z Not yet
MPEG Standardshave changed
• MPEG 2 requires 3-5 MBPS and is full motion. When the client sees it, the client loves it. It costs more.
• MPEG 4.6.2 requires less than 1.54 MBPS and can be reprogrammed to look like motion pictures for short periods of time. It costs less.
Why Wireless?• Roving patrols see what only operators once saw
• CCTV verifies conditions before the responder arrives
• Authorization is checked as the patrol moves toward the alarmed condition
• Less staff is required• Database can be either forensically sound or not• The control center moves to the field
Wireless Network Access Point
• Permits mobile network access
• Adds complexity
• Security concern
• Slow message rates
• Requires proper design– Eliminate dead zones– Eliminate interference
Why Not Wireless?
• Rogue Access Points
• Sniffing – WEP cracking
• Masquerading – Evil Twin
• Insertion – Man in the middle attack
• Denial of Service – Jamming
• Viruses
• Hot spot attacks
WiFi / WiMAX 2005
• WiFi – 100 feet good for personal access network– 802.11a 5 GHz and 54 Mbps– 802.11b 2.4 GHz and 11 Mbps– 802.11g 2.4 GHz and 54 Mbps
• WiMAX 300 miles Standard due in 2007 good for metropolitan area network– 802.16e-2004 QoS, Mobile Fixed
5 GHz unlicensed
10-66 GHz licensed
Will WiMAX replace WiFi/3GPP?
• Ubiquity• Development• Breadth of application• Nokia and Intel finalizing standard 802.16e• Cisco says WiMAX is a poor business
model but supports it.• 3GPP will coexist with WiMAX and the two
will suppress need for WiFi--Cisco
The practical solution
• Radio Frequency Study to determine how to eliminate interference -- $25K
• Deployment tools to make sure that field strength is optimal -- $25K
• WAP cost -- $1500
• Put in 4 times as many WAPs as you need.
What we caught because of Intelligent Video
• Tenant jumped the gate
• Airport documented the action in video
• Airport warned and cited the violator
• Airport let the tenant see that there was no room to dispute
• Tenant accepted penalty
What we get from a MAT
• The ability to rove
• Staff can multi-task
• Video documentation is a button away
• Quicker delivery of staff and other resources
• Access to networks from airports, etc.
The problem - solution
• Wireless coverage • Metal• Foil Walls• Small antennae• Hackers• Speed for video• Memory• IT vs Engineering• Previous successes
Metal – Foil Walls
The solution
• Design self-dampening antennae fields
• More WAPs
The problem
• Neighbors
• Holes in reception
• Signing off
A PDA or Computer?• This slide will be dated
within a year
• PDA can’t handle 3 MBPS
• Antenna is 2 to 4”
• PDA has specialized software for email, text messaging
• Technology genera-tions are > 2 years
• OQO could handle streaming video
• Antenna is 6 to 12” with extension to
18”
• OQO could emulate a Blackberry
Handling Hackers
• Wireless is susceptible to incursion
• Firewall is not enough
• Field strength must resolve conflict not create it
• Making it a less than once in a life time event
• Encryption is possible and required
• Field strength can be designed and “tweaked” with WAPs
An Institutional Issue
• IT does – Email– Internet– Phone
• IT does not do– Real time– Human safety– Security
• Engineering does– Real time– Human safety– IP Phone
• Engineering does not– Email– Internet
Previous Successes• Because the technology is only 1-2 years old
• Because the designers are still gaining experience
• Because the telecommunications explosion interferes
• Because the rules since 911 are unweildy
There are only a few successes to report.
Summary
• Attitude, Technology, Cost & Staff size changing rapidly
• Wireless becoming common• Wireless introduces liability/vulnerability• Proper design can “sure up” the application
reasonably.