 |
| Loris Meadows |
One EduPASS server sits in each of those schools, controlling student and staff access to network and Internet services.
"EduPaSS version 2 is currently waiting for approval, it's all documented and designed. And this time around we've had more time to design and document," the department's head of ICT security Loris Meadows told a Sydney conference yesterday.
EduPaSS is built upon "best of breed" open source software, according to Meadows, including the Smoothwall Linux Distribution, FreeRADIUS, OpenSSL and a custom Linux kernel based on Red Hat.
"Microsoft weren't very impressed," she told the audience.
The software has proved its worth since WiNS went live last year. "Since June 1st 2005, we've had 17.5 million successful authentications," said Meadows.
Version 2 of the software will add advanced features like Quality of Service (QoS) for bandwidth management, the Wi-Fi Protected Access version 2 (WPA2) sercurity mechanism, and in-line intrusion detection.
"We'll be using FTWall to prevent peer to peer sharing such as Kazaa, Gnutella and Napster," said Meadows. In addition, the department has already implemented "a central view of all EduPaSS servers".
Meadows said the department would not be contributing any code back to the open source community for security reasons, but said white papers would be made publicly available in an effort to share lessons learnt.
A custom open source solution was chosen, according to Meadows, because "there was no third-party solution" to meet the department's needs.
In general, the WiNS project was an outstanding success, according to the ICT security manager, but had not been without its hiccups.
For example, she outlined how the department had persuaded hardware vendor Cisco to modify its wireless access points (WAPs) during the manufacturing process.
The change was needed to ensure the WAPs could not be reset to factory default settings. Network hardware commonly comes with a discreet button providing this function.
Meadows said her department had asked Cisco to disable this "God" button due to security concerns.
She also said ordering such a large number of WAPs -- approximately 10,000 -- was not easy. "Cisco didn't have [that many] sitting on their shelves," she said.
The vendor's hardware was chosen for its superior coverage and roaming ability, according to Meadows.
She concluded that 99 percent of state schools now had wireless under the program, with some 15 schools not yet fully cabled.
I'm not familiar with the details of the licenses involved - but is it legal of them to distribute the software to external bodies (schools are external to the ministry of education, aren't they?) without giving back their modifications?
And from another angle - she should know by now that "security through obscurity" (of the code) is just a way to get a false sense of security - instead of letting the people who wrote the software and keep improving on it to see their changes and point out the bugs.