The URL can be used to link to this page

Home My WebLink About2004 08 23 Regular 500 COMMISSION AGENDA ITEM 500 Consent Informational Public Hearing Regular X August 9. 2004 Regular Meeting /T~ Mgr. / Dept. Authorization REQUEST: Information Services (I.S.) wishes to present to the Commission three options for providing wireless Internet access to the Mayor and Commission in the Commission Chambers using their own personal or corporate (non-City- owned) laptops; and requests that the Commission choose and fund an option to be implemented. PURPOSE: To have the Commission choose and fund an option for providing wireless Internet Access to the Mayor and Commission in the Commission chambers using their own personal or corporate (non-City-owned) laptops. CONSIDERATIONS: The Mayor and Commission have requested wireless Internet Access in the Commission Chambers using their personal or corporate (non-city- owned) laptops. The I.S. Department has temporarily disconnected its wireless network at City Hall which was being used for testing, and I.S. use, as well as for network connectivity for our training room systems. It will remain disconnected until an internal wireless network plan and wireless policy is developed. S:\Information _ Services\Admin _ Docs\Agenda Items\FY 2004\2004 August\August 23, 2004\082304_ COMM _Regular _500 _ Wireless_Internet_Access _for_Mayor _and _ Commission. doc CITY OF WINTER SPRINGS CITY COMMISSION August 23,2004 REGULAR 500 PAGE20F3 Wireless connectivity for the Mayor and Commission was not placed on our Technology Plan but has been an issue with the Mayor and Commission for several months now. While I.S. feels that a wireless network is a great productivity tool (if secure), we are not prepared with our current network configuration and equipment to provide individuals with personal laptops connectivity to the Internet via the existing Access Point (AP) located in the Commission Chambers because the AP sits on our network and I.S. cannot guarantee that the laptop connecting to the AP device is virus free or has the latest virus dat files loaded. Updates can be automatically pushed out to all City-issued equipment automatically such as: Virus definition files, System O/S updates, Office Updates, Firmware updates, etc. This ensures safer computing environment. I.S. currently uses a product called WebSense which filters and monitors Internet access. Filtering means that it will block users from certain internet sites such as porn, hate sites, etc. Monitoring means that a log is kept of all the places yisited on the Internet and reports can be ran by individual. Working with a security firm, Internet Security Systems (lIS), 3 options are being proposed in order to furnish the wireless Internet connectivity that is being requested. (See attachment 1) None of these options provide access to the City's network. · Option 1 - Separate Internet Connection via Cable provider $54 Equipment + $80/month or $960/year recurring costs · Option 2 - DMZ off of Firewall- unmonitored and unfiltered $940 equipment and technical support · Option 3 - Segment internal network with additional security appliance - monitored and filtered $2400 equipment It is recommended that an Enterprise solution be deployed and we are recommending option 2 if the Commission feels that monitoring and filtering are not needed. If monitoring and filtering are required, then option 3 would be the appropriate choice. Option 2 and 3 both utilize the City's existing T-l internet connection. FUNDING: Additional appropriation requested dependent upon which option is chosen. CITY OF WINTER SPRINGS CITY COMMISSION August 23,2004 REGULAR 500 PAGE30F3 RECOMMENDATIONS: That the Commission choose and fund option option 2 ($940 + $60 contingency) if monitoring and filtering are not necessary; option 3 ($2400 + $150 contingency) if monitoring and filtering are necessary. ATTACHMENTS: Attachment 1- Wireless Options COMMISSION ACTION: LItyor WImer :::spnngs Wireless Connectivity in Chambers - options Option Description Advantaaes Disadvantaaes Cost Considerations 1 Utilize a separate broadband . Will not require much support from . Additional setup and monthly re- . Broadband modem = connection for Internet access city resources occurring costs included for wireless devices. . Isolates traffic from rest of city . Technical support not provided . Broadband network locally router/AP/firewall = 54 . Will not degrade performance of . No additional monitoring of traffic . Monthly re-occurring ISP city's Internet access will be conducted costs $80/month . ISP setup costs = included 2 Wireless Access Point . Isolates wireless traffic on a . Wireless traffic will consume city . Additional Ethernet port configured on a DMZ port of the separate, isolated, network bandwidth, but it is minimal on FW (if one is not city FW. segment . City resources will be needed to available) = $140 . City firewall will provide security maintain equipment . Wireless AP/Switch = from external users $400 . City firewall will provide central . Cisco Technical Support = logging of wireless activity $400 . Network support provided locally by city IT staff . Creation of new DMZ could also be utilized to isolate dial-uD modems 3 Wireless AP configured on an . Same as option #2 . Same as option #2 . Multi-functional appliance isolated segment behind a . Utilizes existing web logging . Most expensive option, requiring = approx $2,000 security appliance to utilize software to monitor network traffic additional hardware . Wireless AP = $400 existing web logging software to . Provides additional FW support that . Additional hardware and features track usage. could allow secure VPN will require additional support from connections to the internal network city IT staff if needed in the future . Multi functional appliance could allow use of Intrusion Prevention Systems (IPS) for additional security Option #1: Separate Broadband Connection ISP Option #2: DMZ off of FW Switch/AP PIXFW Option #3: Segment internal network with additional security appliance Switch Websense Wireless AP