The URL can be used to link to this page

Home My WebLink About2006 11 13 Consent 410 Hotspot COMMISSION AGENDA ITEM 410 Consent Mgr. / Dept. Authorization November 13.2006 Regular Meeting REQUEST: Information Services requests Commission authorize and additional appropriation in the amount of $710 in order to secure the Commission chambers wifi hotspot. PURPOSE: To obtain an additional appropriation in the amount of $710 to secure the Commission chambers wifi hotspot. CONSIDERATIONS: On Thursday, September 7,2006, the City Commission gave a directive to install a free hotspot for free internet access in the chambers for public use. The directive was for the hotspot to be up before the next regular meeting which was Monday, September 11, 2006. Information Services was not consulted on this directive and the Commission mistakenly thought that there were no security issues. This decision was based on inaccurate assumptions. As per the directive, the hotspot was installed and was functional for the September 11, 2006 meeting. However, there are some security concerns with this setup. It is fully understood that the goal here is to give the public access to the Internet only and not to give them access to any CITY OF WINTER SPRINGS CITY COMMISSION REGULAR MEETING - NOVEMBER 13,2006 CONSENT AGENDA ITEM "410" PAGE 2 0F 3 network resources; with that said, and without going into much detail, it should be understood that: . The Information Services Department is staffed with educated individuals who are knowledgeable of networks, network infrastructure, security, and wireless issues. The City's Security Administrator, Joe Alcala, holds a CISSP certification which stands for Certified Information Systems Security Professional and is qualified to address this issue as it relates to our network. . We have looked at how other entities provide this service and most do not have the same setup as we do. Most are not hosting internally as many general public resources as we do behind the firewall. . Existing network infrastructure is being utilized in order to give the . public access to the Internet. . With the existing configuration, the potential exists for a user to use the City resources to attack other sites and for these attacks to be traced back to our Internet Service Provider and the IP addresses be associated with our domain; this has the potential to have our domain associated with various Internet attacks appearing as if they are generated by a local government agency. . The City currently hosts resources that the Commission and the general public accesses behind our firewall; resources such as OW A (Outlook Web Access) which the Commission uses to access their email and WebLink which the public uses to search for City documents. This requires us to provide DNS, which is an Internet service that translates domain names into IP addresses, for these users of the system. The same thing is now true for users of the Chambers hotspot; we now need to provide DNS for these users as well. In an . attempt to isolate the various forms of traffic behind our firewall and to isolate and protect the Commissioners and their laptops from possible prying eyes, a new setup needs to be developed and implemented. Because these users are now located behind our first line of defense, they have effectively by-passed one layer of security to prevent malicious attacks. . One of our biggest security concerns with this hotspot is the chance that someone will connect to the hotspot and perform malicious . attacks, not only from the City resource, but to it as well. If an attacker were to scan the network and find security gaps and possibly gain access to someone's personal laptop such as a Commissioner's or the Attorney's laptop and were to have unrestricted access to the laptop, and were to compromise that laptop, who would be responsible? . Seminole County was also consulted to see how their wifi was set up. The wifi in their chambers is set up as we are recommending: on a totally separate network with separate equipment. Here are the options Option 1 - Purchase: Access point NIC for Pix Firewall Software License Upgrade - Pix Must provide DNS - Computer Windows 2003 Server T -1 . for Internet Access Total Cost for this options Option 2 - Purchase: Small Office Lite (BrightHouse) Installation Wireless Router CITY OF WINTER SPRINGS CITY COMMISSION REGULAR MEETING - NOVEMBER 13, 2006 CONSENT AGENDA ITEM "410" PAGE 3 0F 3 $650 $136 $2628 $0 (use one we currently have) $450 $0 (use one we currently have) $3864 ~one-time cost, no recurring cost $660/year ($55/month Small Office Lite 780Kbs down/128Kbs up) $0 liQ $710* ($660 + tax per year recurring costs) Information Services recommends option 2 for the following reasons: . It totally isolates traffic from the City's network. . It isolates public hotspot network from Commission's network at Dias. . It would allow us to maintain all of our network security defenses. . It would not require us to share the T -1 that we currently have for Internet Access for the City with the public as this connection is used by the entire City, including Public Safety for email and Internet traffic. FUNDING: Requesting an additional appropriation in the amount of$710 (to cover wireless router plus 10 months service + taxes) from general fund reserves. RECOMMENDATIONS: The Commission authorize an additional appropriation in the amount of $710 for Option 2 to secure the Commission chambers hotspot. ATTACHMENTS: None. COMMISSION ACTION: