There likely is no more hostile network on the planet than the one at the DEF CON security conference. The annual security conference hosts up to 30,000 attendees and in the vendor area openly sells hacker tools that help to enable users to hack the network.
In a video tour of the Network Operations Center (NOC) at the DEF CON 25 conference at Caesar’s Palace this past week, volunteers that help to operate the network (referred to as ‘Goons’) explained how the wired and wireless networks are set up.
DEF CON gets a 1 Gbps network drop from the hotel which is then pulled into a core switch. Along with the bandwidth, DEF CON gets 32 IPv4 addresses from the hotel, which are then provisioned ahead of services. From each of the public IPv4 addresses, the DEF CON network uses NAT (Network Address Translation) to provide thousands more for attendees.
The core switch is then wired out to various edge switches and from there to wireless access point drops. The wireless network uses 150 different VLANs and then there are an additional 100 VLANs for every network drop.
From a hardware perspective, DEF CON makes extensive use of Aruba gear, including an Aruba controller and Aruba access points.
Rather than using a simple shared WPA2 password approach with TLS to secure WiFi users, DEF CON has built its own Protected Extensible Authentication Protocol EAP-PEAP secured network.
The way the PEAP system works is DEF CON users first go to a WiFi registration site, which is hosted on an Intel NUC (Next Unit of Computing) server, to register a username and password. Those credentials are then authenticated over PEAP with the Enterprise WPA2 protected DEF CON WiFi network.
With PEAP, DEF CON provides the server certificate so when clients connect, it make sure they are talking to the right RADIUS server before they send credentials.
Watch the video tour of the DEF CON NOC below:
Sean Michael Kerner is a senior editor at EnterpriseNetworkingPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.