Group member: Tai Ting Hin(12020028), Kwan Nok Him, Jeffrey (12021148), Wong Nga Sim (12011150), Tse...

transcript

Group member: Tai Ting Hin(12020028), Kwan Nok Him, Jeffrey (12021148), Wong Nga Sim (12011150), Tse Wai Chu (12009334), Tam Chung Ming (12017922), Fung Man Kit (12005088), Chow Chun Yan (12013870), Tao Shiu Him (12015458), Mak Shun Ning (12018309)

Wifi and networking at HKBU

ISEM3410Telecommunications and Networking in Business

Agenda

HKBU WifiHKBU Networking

Introduction of ITOThe HKBU NetworkingHKBU Physical NetworkingHKBU Logical Networking HKBU Network Security

Wifi IntroductionCurrent HKBU Wifi Tech

Wifi Security2

Introduction of ITO

◼ Missions◼ Visions ◼ Organization

The HKBU Networking(1/3)

The Internal Networking

● The Baptist University computer network system (BUNET)

The External Networking

● The Joint Universities Computer Centre Ltd. (JUCC)

➢ HARNET system (Hong Kong Academic and Research Network)

The Internal Networking The Baptist University computer network system (BUNET)

The External Networking The Hong Kong Academic and Research Network (HARNET)

HKBU Physical Networking(1/6)

Backbone Structure of University

● Campuses are connected through fiber optic lines between different buildings.

● Ho Sin Hang to SHAW Campus - BU Bridge

● SHAW Campus to BU Road - AAB Bridge

Connection Media1. Between Buildings

10GB Ethernet optic fiber - to transmit data

2. Within Buildings

● Optic fibers are gathered to the Gigabit Ethernet switches in equipment room

Connection Media - Within Buildings

Optic fibers in packets that go through floors,

buildings, and campuses

Optic fibers connected to switches12

Connection Media - Within Buildings Type of switches used

UTP Ethernet 10// 100Base-T/ Token Ring (16MB) host modules The optic fiber connectors used Unix Space

Server

HKBU Logical Networking(1/6)

Only in the software Logical connection of devices Can span various physical devices Can encompass a subsection of a single device

● Logical network architecture of devices● forms the physical network● online access to all connected devices

Server computers

link and connect all computers

enable multiple users in a network

e.g. files sharing, documents printing

Server virtualization Partition of a physical server into smaller virtual servers

More than one server to operate on the same piece of hardware

Advantages of server virtualization(5/6)

Efficiency

Better utilization of underutilized servers

Capital cost on new server hardware

Operation cost

Disadvantages of server virtualization(6/6)

● Degraded performance of servers● Complex root cause analysis● Training for new skills

HKBU Network Security(1/4)

1. Firewall All external and wireless connections to University networks must pass

through a network firewall. Blocked several unauthorized or harmful access attempts.

2. Network traffic surveillance mechanism Keep record of all of user’s activities When there are abnormal changes on the network response

time, accuracy, throughput and utilization… Alert will be given to the user ITO Staff would look into details

3. Network Access Control

User name(for example: student id) and; Password is required to access the HKBU Network Only specific users can access some corresponding network. For example: Can’t use student id to logo in “ITO STAFF Corner”

Unauthorized 22

4. Security assurance policy For non-central servers Individual departments/offices bring up their own servers Risk of hacking ITO set up "Servers Hosting Network" Relocate those servers to these protected server hosting

networks.

HKBU Wifi24

Introduction of Wifi(1/3)

•Wi-Fi is Wireless Fidelity

•Wireless networking technology•Wireless internet and network connections•Using radio frequency

The Wi-Fi Alliance defines Wifi as:

•Wireless Local Area Network(WLAN) (Group of computer)•Align with Institute of Electrical and Electronics Engineers’ (IEEE) 802.11 standards

Current HKBU Wi-Fi Technology

Wi-Fi Infrastructure in HKBU

Wi-Fi Accessible

Devices

Access Points Routers PoE

Switches

RADIUSHKBU SeverHARNET• HKIXInternet

Components of Wi-Fi Infrastructure (1/8)

◼Wi-Fi Accessible DevicesThe devices that has Wi-Fi access abilitye.g. Smartphones, Tablets, Notebooks, Desktops include a PCI Wi-Fi card/USB Adapter

◼Access Points (AP)Device that connecting Wireless Network & Wired Network(Ethernet)Connected to Network Switches by twisted pair cables

◼RouterNetwork Connecting DeviceConnect multiple networks for transmitting dataCAN be used as an AP

◼Hidden in the ceiling or in containers

◼PoE SwitchesConnecting devices to computer network and allowing data transmitting in particular devicesMultiple devices can be connected through cables

PoE =Power over EthernetTechnology that allows power supply and data transmission through twisted pair cablesLower cost no need to set up power supply cableLong Length power supplyCut off power in remoteLatest standard IEEE 802.3at-2009 PoE

◼Remote Authentication Dial-In User Service (RADIUS)

AAA protocol Authentication+ Authorization + Accounting

User dials in to the ISP

Key in Username &

Password

Information passed to

RADIUS sever

Identification Verified

authorizes access to the ISP’s network

◼The Hong Kong Academic and Research NETwork (HARNET)

Wide area network which links up the campus networks of the eight institutions in HK

Managed by Joint Universities Computer Centre (JUCC)

An advanced network infrastructure to facilitate the exchange of information

◼Hong Kong Internet eXchange (HKIX)

layer-two settlement-free Internet exchange point

Operated by HARNET

Allowing local network connection to the internet directly through a 1000Mbps link

99% of Internet Access in HKSAR connect through HKIX

Different Wifi of HKBU(1/3)BU Standard BU Guest BU Web BUSRH

Users Staffs and Students Visitors Staffs and Students Staffs and Students

Location Campus buildings and Public areas Student halls

ISP HARNET HARNET HARNET HKBNHARNET

(for 1st & 19th floor)

Characteristics -802.1x authentication-Connected to HARNET-Over 1,800 APs in Kowloon Tong Campus

-Login ticket (issued by ITO) is required-Requires money to buy the ticket

-Authentication via web login-Only for web browsing and email-Used only if 802.1x is not supported by users’ devices

-802.3 authentication-only available in Student Hall-Provided by a different ISP, HKBN-1st and 19th floor are connected to HARNET-10 Aps per floor

Different Wifi of HKBU(2/3)

For Customers of PCCW and HKBU students

Different Wifi of HKBU(3/3)

For Customers of Y5ZONE and University students For visitors from local and international educational institutes

Wifi Security

Wifi Security - Encryption(1/2)

◼ Wi-Fi Protected Access (WPA & WPA2)● More advanced security protocols● Encryption keys often change when a device accesses the network, it is

much more difficult to hack than WEP

◼ Authentication method: Protected EAP(PEAP) Identity authentication TLS

Wifi Security - Digital Certificate(2/2)

● This is for authenticating a machine or user to a network

● It contains information about who owns the certificate, certificate issuer, a unique serial number or other unique identification, expiration dates, and encrypted information that can be used to verify the information held within the certificate

● To authenticate and associate with access points (APs) or broadband Wi-Fi routers. APs and routers connect to the Internet via a DSL, cable or other types of modems. 43

Conclusion

HKBU Network System is important in keeping the daily operation of the school

➢ Booking Sport venue➢ Booking school facility➢ Library system

Our teaching, learning and working environment are improved. ITO keeps improving HKBU Network

The End

Group member: Tai Ting Hin(12020028), Kwan Nok Him, Jeffrey (12021148), Wong Nga Sim (12011150), Tse...

Documents