« July 2005 | Main | September 2005 »
August 12, 2005
A week in the life of the Talis Infrastructure Team
This week has been pretty interesting so I thought I'd share some of things that have been going on lately. Our responsibilities are many and varied, this week has been a perfect example.
I spent Monday discussing among other things, the LUN design for a new SAN at a customer site, progress on our evolving disaster recovery plans and software licensing. I completed a Server build for another Talis customer, began developing and testing an inhouse podcasting environment and reviewed quotes for AV upgrades in our offices.
On Tuesday I finally got around to setting up a VMWare environment and registering my MSDN subscription. VMWare has come on in leaps and bounds since I last tried it in the dark old days of RedHat 5.x. In no time at all I had RedHat Enterprise 4.0 ES and Windows Sever 2003 running as Virtual machines on my laptop. I now have my own DNS, Active Directory and SQL Server 2000 in an isolated test environment. Next comes SharePoint Portal Server and Project Portal Server 2003. So far performance and stability has been pretty impressive and it compares well with MS Virtual PC.
On Wednesday I became embroiled in a couple of customer support issues, the worst of which being a corrupt Solaris kernel. We also rolled out MS Office 2003 to all members of staff and just to keep me on my toes we had a power outage just as I was leaving the building. Still it was a good test of our generator and UPS!
Thursday was an interesting day, not least because I had back to back meetings between 9.30am and 6pm. We met two suppliers to discuss future partnerships and various new technical initiatives. One of which involved a non-disclosure agreement so I can't talk about that just yet. Still both meetings went well and will certainly be keeping me busy over the next few months.
During the same week other members of the team have been looking at enhancing our Server monitoring, patching Servers as part of the Server Hardening Service, rolling out Windows Server Update Services (WSUS) and analysing initial results from Lyra Health checks.
Posted by jimprince at 09:41 AM | Comments (0) | TrackBack
Wireless Authentication
Our initial investigation highlighted the need for distinct security requirements for our staff, customer training equipment and guest users. To not help my hair-loss any further, I ruled out 6 access points. Of course if any students mis-behave they may have to walk the plank in the middle of all the wireless laptops. Further investigation pointed us at VLAN capable access points that allowed separation of traffic on a single access point, using multiple SSIDs along with 802.1x authentication, which is supported by most current hardware and software.
We looked at authentication protocols including WEP and it was not too difficult to decide to use the 802.1x framework for our wireless LANs. With WEP all access points and client radio NICs on a particular wireless LAN must use the same encryption key. In order to use different keys, each access point and radio NIC must manually be configured. This might not be too much of a concern for smaller networks but the task of renewing keys on a network with over 100 clients seemed an administration nightmare. If keys are not updated often then an unauthorised person with a sniffing tool, such as AirSnort or WEPcrack, can monitor the network for less than a day and decode the encrypted messages.
The use of 802.1X offers us an effective framework for authenticating and controlling user traffic to a protected network, as well as dynamically varying encryption keys.
Posted by Saheed Akhtar at 09:37 AM | Comments (0) | TrackBack
