ADDENDUM 12 TO APPENDIX 8 TO SCHEDULE 3.3



Similar documents
APPENDIX 3 LOT 3: WIRELESS NETWORK

Best Practices for Outdoor Wireless Security

Cisco Outdoor Wireless Network Serves Up Automatic Meter Reading

Cisco Virtual Office Express

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.

Wireless Network Standard and Guidelines

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches

Wireless Ethernet LAN (WLAN) General a/802.11b/802.11g FAQ

Municipal Mesh Network Design

The next generation of knowledge and expertise Wireless Security Basics

Cisco Outdoor Wireless Mesh Enables Alternative Broadband Access

Managed WiFi. Choosing the Right Managed WiFi Solution for your Organization. Get Started Now: to learn more.

How To Protect A Wireless Lan From A Rogue Access Point

Cisco Mobility Express Bundle. S&L Webinar

Supporting Municipal Business Models with Cisco Outdoor Wireless Solutions

Secure Wireless Networking

Networking: Certified Wireless Network Administrator Wi Fi Engineering CWNA

CWNA Instructor Led Course Outline

A Division of Cisco Systems, Inc. GHz g. Wireless-G. USB Network Adapter with RangeBooster. User Guide WIRELESS WUSB54GR. Model No.

Particularities of security design for wireless networks in small and medium business (SMB)

Cisco on Cisco Best Practices Cisco Wireless LAN Design

INFORMATION TECHNOLOGY MANAGEMENT COMMITTEE LIVINGSTON, NJ ITMC TECH TIP ROB COONCE, MARCH 2008

Developing Network Security Strategies

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Cisco WAP4410N Wireless-N Access Point: PoE/Advanced Security. Cisco Small Business Access Points

Wireless Services. The Top Questions to Help You Choose the Right Wireless Solution for Your Business.

Network Security Best Practices

Chapter 2 Configuring Your Wireless Network and Security Settings

HP AP8760 Dual Radio a/b/g Access Point Overview

How To Set Up A Cisco Wap121 Wireless N Access Point With Single Point Setup

Wharf T&T Limited Report of Wireless LAN Technology Trial Version: 1.0 Date: 26 Jan Wharf T&T Limited. Version: 1.0 Date: 26 January 2004

Cisco WAP4410N Wireless-N Access Point: PoE/Advanced Security Cisco Small Business Access Points

Best Practices for Deploying Wireless LANs

Design Guide for Pervasive Wireless Networks

Link Layer and Network Layer Security for Wireless Networks

Configure WorkGroup Bridge on the WAP131 Access Point

A Division of Cisco Systems, Inc. GHz g. Wireless-G. Access Point with SRX. User Guide WIRELESS WAP54GX. Model No.

SECURING ENTERPRISE NETWORK 3 LAYER APPROACH FOR BYOD

Configuration of Cisco Autonomous Access Point with 802.1x Authentication for Avaya 3631 Wireless Telephone

Robust security is a requirement for many companies deploying a wireless network. However, creating a secure wireless network has often been

A Division of Cisco Systems, Inc. GHz g. Wireless-G. User Guide. Access Point with Power Over Ethernet WIRELESS WAP54GP. Model No.

How To Manage An Wireless Network At A University

Security in Wireless Local Area Network

VLANs. Application Note

The Ultimate WLAN Management and Security Solution for Large and Distributed Deployments

Wi-Fi in Healthcare:

United States Trustee Program s Wireless LAN Security Checklist

Cisco WAP321 Wireless-N Selectable-Band Access Point with Single Point Setup

Cisco Virtual Office Flexibility and Productivity for the Remote Workforce

Chapter 4 Management. Viewing the Activity Log

Network Access Control ProCurve and Microsoft NAP Integration

A Division of Cisco Systems, Inc. Wireless A/G. USB Network Adapter. User Guide WIRELESS WUSB54AG. Model No.

Guide for wireless environments

Deploying Cisco Basic Wireless LANs WDBWL v1.1; 3 days, Instructor-led

Application Note User Groups

Course Content for Managing Cisco Wireless LANs (WMNGI 1.2) Duration : 4 Days

Industrial Communication. Securing Industrial Wireless

A Closer Look at Wireless Intrusion Detection: How to Benefit from a Hybrid Deployment Model

Mechanic Handheld Wireless Access Point Setup Guide

Configuring Security Solutions

Chapter 3 Management. Remote Management

How To Secure Wireless Networks

WLAN Security Why Your Firewall, VPN, and IEEE i Aren t Enough to Protect Your Network

Deploying the ShoreTel IP Telephony Solution with a Meru Networks Wireless LAN

300Mbps Wireless N Gigabit Ceilling Mount Access Point

Wireless Security and Healthcare Going Beyond IEEE i to Truly Ensure HIPAA Compliance

Ebonyi State University Abakaliki 2 Department of Computer Science. Our Saviour Institute of Science and Technology 3 Department of Computer Science

QuickSpecs. HP M n Access Point Series. Models HP M n WW Access Point. Key features

300Mbps Wireless N Gigabit Ceilling Mount Access Point

Unified Access Point Administrator's Guide

CABLING REQUIREMENTS:

HANDBOOK 8 NETWORK SECURITY Version 1.0

Chapter 3 Safeguarding Your Network

NXC5200/ NWA5000-N Series Wireless LAN Controller/ a/b/g/n Managed Access Point

Wireless Technology Seminar

How To Unify Your Wireless Architecture Without Limiting Performance or Flexibility

Lab Configuring LEAP/EAP using Local RADIUS Authentication

Application Note Secure Enterprise Guest Access August 2004

ROGUE ACCESS POINT DETECTION: AUTOMATICALLY DETECT AND MANAGE WIRELESS THREATS TO YOUR NETWORK

Running Head: WIRELESS DATA NETWORK SECURITY FOR HOSTPITALS

Table of Contents. Cisco Wi Fi Protected Access 2 (WPA 2) Configuration Example

Cisco s BYOD / Mobility

300Mbps Wireless N Ceiling Mount Access Point

The All-in-One, Intelligent WLAN Controller

HP E-M110 Access Point Series. Product overview. Key features. Data sheet

Enterprise A Closer Look at Wireless Intrusion Detection:

Abstract. Avaya Solution & Interoperability Test Lab

HP M n Access Point Configuration and Administration Guide

YO-301AP POE AP Datasheet

Wireless Local Area Network Deployment and Security Practices

CISCO SMB CLASS MOBILITY AND WIRELESS SOLUTIONS: THE RESPONSIVE WORKFORCE

Cisco WAP4410N Wireless-N Access Point, PoE/Advanced Security

Transcription:

ADDENDUM 12 TO APPENDIX 8 TO SCHEDULE 3.3 TO THE

Overview EXHIBIT T to Amendment No. 60 Secure Wireless Network Services are based on the IEEE 802.11 set of standards and meet the Commonwealth of Virginia (CoV) ITRM Standard SEC 501-01. This service, available via the new MPLS network, will provide secure connectivity to the VITA network from 802.11 wirelessly enabled desktop, laptop, and tablet workstations and Personal Digital Assistants (PDAs). The service provides secure wireless 802.11A/B/G access for Commonwealth users and guests (if requested) within the designated areas of a facility requesting this service. This secure wireless infrastructure will provide security and network management for the secure wireless systems. Secure Wireless Network Service is intended to be a convenience service and additional to standard Data Network Services. Technical Description With Secure Wireless Network Service, the Commonwealth can securely connect users with wireless-capable devices to a local-area-network (LAN) using encryption and authentication technologies that protect data from unauthorized use. The Secure Wireless Network Service provides the following: Mobility Within the work place, provides secure wireless authenticated access to the network and to applications requiring network access. Gives users the ability to work independently without having to be plugged into work areas such as conference rooms or other joint meeting areas where there are not enough outlets for users to plug into. Option for guest access to the Internet via the Guest VLAN to check mail or browse the web. Security Users authenticate against Cisco Access Control Server (ACS) via RADIUS Server and/or Active Directory. Encryption data is encrypted over the secure wireless network. Theft of access points will not compromise network due to the fact that they receive their information via their controllers. Monitoring Intrusion detection and prevention. RF signal propagation control. Rogue device detection. Rogue User detection. Intruder notification. Inoperable AP Technology. Wireless devices unified network. Managed devices. Lightweight Access Point Protocol (LWAPP) Architecture. PAGE 1

Technical Solution Secure Wireless Site Survey Vendor will conduct a wireless survey of the applicable Eligible Customer Location. The intent of this survey is to assess the impact of the Eligible Customer Location s construction and layout on the theoretical performance of the secure wireless network. Based on the results of this survey, Vendor will recommend the quantity and location of the secure wireless access points to VITA and the Eligible Customer. Components The solution consists of three components as follows: Access Control Server (ACS): o The ACS is the access policy control platform and is located in CESC where it will support all 802.11 secure wireless deployments from an enterprise level. o The ACS device provides the enterprise security capabilities working in conjunction with two-factor authentication and the secure wireless management. Secure Wireless LAN Controllers (WLC): o WLCs assist with secure wireless transmissions and include the required wireless intrusion detection / prevention capabilities. o WLCs handle remote monitoring and management of the secure wireless access points. Secure Wireless Access Points (WAP): o The WAPs do not contain a configuration because they operate in Lightweight mode. The Access Point acts as a radio in the 2.4 GHz and 5.0 GHz frequency. All radio and usability information resides on the WLCs. o Notionally, each WAP can support up to (25) simultaneous network connections with minimal degradation in performance. Actual secure wireless performance and coverage will be restricted by the construction and layout of the site. The Secure Wireless LAN Controller (WLC) and Secure Wireless Access Point (WAP) devices will undergo technology refresh by the Vendor every five (5) years to maintain service continuity. Architecture The 802.11 secure wireless devices for End-Users and guests will be housed at the Eligible Customer Locations. The users are categorized as two distinct types defined as follows: Category 1 - End-Users Category 2 guest users The Secure Wireless Network Service consists of the physical secure wireless access media (WAPs and WLCs), and core components for secure wireless intrusion detection and prevention, and Network Management (WLCs and ACS). PAGE 2

The secure wireless system will provide a framework for ensuring that each user can only access those tools and services defined by their network access rights. The secure wireless design provides secure wireless 802.11 A/B/G access for End-Users and guests users within the Eligible Customer Locations. Secure wireless access is provided throughout the requested areas of coverage within the facility. The access points are mounted to or above the ceiling tiles or to the drop ceiling grids through out the Eligible Customer Location(s). Vendor s secure wireless data solution architecture is shown in the following Figures 1 and 2 below: Figure 1 - REDACTED Figure 2 - REDACTED Vendor will install the WAPs as dictated by the wireless site survey in conjunction with the Eligible Customer s business requirements. The WAPs are connected to the on-site switch via customer-provided Category 5 (CAT5e) or better ethernet cabling, thus additional ports on the LAN switches must be available. The cabling used for the secure wireless solution must meet Vendor s cabling standards to support Power over Ethernet (PoE) usage. The individual WAPs are managed by a secure wireless LAN controller (WLC) which communicates back to the ACS Server for End-User authentication and authorization. This architecture will allow the Vendor to remotely monitor and manage the entire secure wireless infrastructure from the ENOC at CESC. Vendor s architecture provides two connectivity paths depending on the category of user. End- Users can authenticate to the CoV domain and have full network access after successful authentication. Users who do not have CoV network rights are segregated to the Guest VLAN that only provides Internet access through the Internet Secure Gateway (ISG). Security / Authentication Vendor s Secure Wireless Network Service was developed specifically to meet the security requirements provided by VITA. The solution includes the following security functionality: Requires End-Users to utilize two-factor authentication through the use of COV accounts and certificates. Guests accessing the secure wireless network are directed to the Internet through the Internet Secure Gateway (ISG) and are not allowed access to the VITA network. An intrusion detection system (IDS) and an intrusion prevention system (IPS) are resident in the WLAN to detect and prevent threats to the site-level secure wireless network. Communication between the user devices and the WAPs utilize the advanced protocol WPA2 and is certified by the Wi-Fi Alliance. WPA2 introduces the use of AES-based encryption algorithms. A unique Service Set Identifier (SSID) will be established in the WLAN device, but will not be broadcasted. PAGE 3

End-Users will authenticate utilizing the existing domain controllers and certificate servers located in CESC that have been deployed via other transformation projects. Two-factor authentication is required and will be handled by either Enterprise VPN Services or Certificates. A secure wireless client with Wi-Fi Protected Access 2 (WPA2) is authenticated by a RADIUS server and will only transmit extensible authentication protocol (EAP) traffic until the authentication is completed. After End-User login, mutual authentication between the client and the RADIUS server occurs. A dynamic encryption key is derived during this mutual authentication at the client and at the RADIUS server. The RADIUS server sends the dynamic encryption key to the WAP via a secure channel. After the WAP receives the key, normal network traffic is enabled at the WAP for the authenticated client. The credentials used for authentication, such as a login password, are never transmitted over the secure wireless spectrum without first being encrypted. Technical Assumptions Vendor s Secure Wireless Network Service includes the following assumptions: Adequate ports on the LAN switches must be available. Users will be considered trusted users and receive full network access upon successful authentication. Users who do not have CoV network rights are considered guest users and will be segregated to the Guest VLAN that only provides internet access through the enterprise Internet Secure Gateway (ISG). The wireless network interface cards on the user devices must be configured for Wi-Fi Protected Access 2 (WPA2) mode. Vendor s standard PC images include this capability.; otherwise Vendor is not responsible for Wi-Fi capabilities at the user level (e.g., desktop, laptop, and tablet workstations and PDAs) under this SOW. The user device must be configured to disable the secure wireless interface when a wired connection is present to eliminate unwanted wireless bridging to the wired network. The site where secure wireless network is installed must have completed network transformation and have access to the MPLS network back to CESC. The site where secure wireless network is installed must have completed messaging transformation and have access to the COVA Common Domain. The site where secure wireless network access is installed must have completed server, network and directory services transformation to take advantage of centralized deployment. If all assumptions are not met there may be latency issues as well as bandwidth constraints that could arise due to additional traffic overhead. Vendor is not responsible for identifying guest users. PAGE 4

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information