Victoria's Department of Education and Training is continuing to develop in-house server software it built on top of open-source tools to bring its state-wide wireless network to life.
The software -- dubbed EduPaSS -- was developed as part of the
state's AU$6 million Wireless Networks for Schools (WiNS)
initiative which last year saw over 1,700 Victorian schools given high-speed
wireless access on their campuses.
One EduPASS server sits in each of those schools, controlling
student and staff access to network and Internet services.
"EduPaSS version 2 is currently waiting for approval, it's all
documented and designed. And this time around we've had more time
to design and document," the department's head of ICT security
Loris Meadows told a Sydney conference yesterday.
EduPaSS is built upon "best of breed" open source software,
according to Meadows, including the Smoothwall Linux
Distribution, FreeRADIUS, OpenSSL and a custom Linux kernel based
on Red Hat.
"Microsoft weren't very impressed," she told the audience.
The software has proved its worth since WiNS went live last
year. "Since June 1st 2005, we've had 17.5 million successful
authentications," said Meadows.
Version 2 of the software will add advanced features like
Quality of Service (QoS) for bandwidth management, the Wi-Fi
Protected Access version 2 (WPA2) sercurity mechanism, and
in-line intrusion detection.
"We'll be using FTWall to prevent peer to peer sharing such as
Kazaa, Gnutella and Napster," said Meadows. In addition, the
department has already implemented "a central view of all EduPaSS
Meadows said the department would not be contributing any code
back to the open source community for security reasons, but said
white papers would be made publicly available in an effort to
share lessons learnt.
A custom open source solution was chosen, according to
Meadows, because "there was no third-party solution" to meet the
In general, the WiNS project was an outstanding success,
according to the ICT security manager, but had not been without
For example, she outlined how the department had persuaded
hardware vendor Cisco to modify its wireless access points (WAPs)
during the manufacturing process.
The change was needed to ensure the WAPs could not be reset to
factory default settings. Network hardware commonly comes with a
discreet button providing this function.
Meadows said her department had asked Cisco to disable this "God" button due to security concerns.
She also said ordering such a large number of WAPs --
approximately 10,000 -- was not easy. "Cisco didn't have [that
many] sitting on their shelves," she said.
The vendor's hardware was chosen for its superior coverage and roaming ability, according to Meadows.
She concluded that 99 percent of state schools now had
wireless under the program, with some 15 schools not yet fully