SECURE WIRELESS NETWORK IN IŞIK UNIVERSITY ŞİLE CAMPUS

Slides:



Advertisements
Similar presentations
Security Policy. TOPICS Objectives WLAN Security Policy General Security Policy Functional Security Policy Conclusion.
Advertisements

Security in Wireless Networks Juan Camilo Quintero D
Filtering and Security By Mohammad Shanehsaz June 2004.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Configure a Wireless Router LAN Switching and Wireless – Chapter 7.
How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
Security+ Guide to Network Security Fundamentals
Security+ Guide to Network Security Fundamentals, Third Edition
Security Awareness Chapter 5 Wireless Network Security.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security.
Chapter 8: Configuring Network Connectivity. Installing Network Adapters Network adapter cards connect a computer to a network. Installation –Plug and.
Top-Down Network Design Chapter Eight Developing Network Security Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—3-1 Wireless LANs Understanding WLAN Security.
Demonstration of Wireless Insecurities Presented by: Jason Wylie, CISM, CISSP.
Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University
Uday O. Ali Pabrai, CISSP, CHSS Chief executive, HIPAA Academy Health care & HIPAA Security Remediation.
Ch. 5 – Access Points. Overview Access Point Connection.
ECE 578: COMPUTER NETWORK AND SECURITY
Computer Networks. Network Connections Ethernet Networks Single wire (or bus) runs to all machines Any computer can send info to another computer Header.
WIRELESS LAN SECURITY Using
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Wireless Router LAN Switching and Wireless – Chapter 7.
Chapter Network Security Architecture Security Basics Legacy security Robust Security Segmentation Infrastructure Security VPN.
Wireless Network Security Dr. John P. Abraham Professor UTPA.
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Configure a Wireless Router Basic Wireless Concepts & Configuration Chapter.
Network Security Lecture 9 Presented by: Dr. Munam Ali Shah.
1 Figure 2-11: Wireless LAN (WLAN) Security Wireless LAN Family of Standards Basic Operation (Figure 2-12 on next slide)  Main wired network.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.
Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.
CWSP Guide to Wireless Security Chapter 2 Wireless LAN Vulnerabilities.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Introducing Network Design Concepts Designing and Supporting Computer Networks.
SECURE WIRELESS NETWORK IN IŞIK UNIVERSITY ŞİLE CAMPUS.
© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 6: Implement Wireless Scalability.
20 November 2015 RE Meyers, Ms.Ed., CCAI CCNA Discovery Curriculum Review Networking for Home and Small Businesses Chapter 7: Wireless Technologies.
WLANs & Security Standards (802.11) b - up to 11 Mbps, several hundred feet g - up to 54 Mbps, backward compatible, same frequency a.
The University of Bolton School of Business & Creative Technologies Wireless Networks - Security 1.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Introducing Network Design Concepts Designing and Supporting Computer Networks.
Understand Network Isolation Part 2 LESSON 3.3_B Security Fundamentals.
Chapter 16 Connecting LANs, Backbone Networks, and Virtual LANs
Networking Network Classification, by there: 3 Security And Communications software.
Cisco Discovery Home and Small Business Networking Chapter 7 – Wireless Networking Jeopardy Review v1.1 Darren Shaver Kubasaki High School – Okinawa,
1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.
Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Remote Authentication Dial-In User Service (RADIUS)
© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0— © 2003, Cisco Systems, Inc. All rights reserved.
NETWORK SECURITY. What do you see THE IMPORTANCE OF SECURITY THE ARE WEBSITES ON THE INTERNET COULD INFORM PEOPLE THE RANGE AND AVAILABLE UNSECURED SITES.
SOHO Security Recommendations. Change default user/password Of the AP/router Typical  admin – admin  root – root  root – 1234  Admin - There are web.
Wireless Security - Encryption Joel Jaeggli For AIT Wireless and Security Workshop.
Understand Wireless Security LESSON Security Fundamentals.
Discovery Internetworking Module 7 JEOPARDY K. Martin.
Top-Down Network Design Chapter Eight Developing Network Security Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
CompTIA Security+ Study Guide (SY0-401)
Instructor Materials Chapter 6 Building a Home Network
Wireless Technologies
Wireless Protocols WEP, WPA & WPA2.
Methods of Securing LANs
We will talking about : What is WAP ? What is WAP2 ? Is there secure ?
Chapter 11: It’s a Network
Chapter 4: Wireless LANs
How To Set Up A Wireless Network
Security of a Local Area Network
Chapter 12 Communications Security & Countermeasures
Wireless LAN Security 4.3 Wireless LAN Security.
DCS835 Compute Network and the Internet
IEEE i Dohwan Kim.
Wireless Network Security
Chapter 16 Connecting LANs, Backbone Networks, and Virtual LANs
Configure a Wireless Router
LM 5. Wireless Network Security
Presentation transcript:

SECURE WIRELESS NETWORK IN IŞIK UNIVERSITY ŞİLE CAMPUS

Designed by VOLKAN MUHTAROĞLU

WLAN(Wirelass LAN) We introduced at 1986 for use in barcode scanning . A properly selected and installed Wi-Fi or wireless fidelity. 802.11a, 802.11b, 802.11g technologies, 802.11g is the latest technology. These are IEEE standard.

GENERAL TOPOGOLY OF WLAN

THE PROJECT The problem is, how can three different users access over an access point to different type of data with securily in our campus. As another word, if we choose there people such as; student, university staff and data processing center worker can access different type of data or they have different rights when access from the access point by securily.

THREE DIFFERENT USER Student University Staff Data Processing Center Worker

COMPONENTS OF SECURE WIRELESS NETWORK Cisco Aironet 1100 Series Access Point Radius Server Two Switch(One of them is Managable Switch, the other one is Backbone Switch) Vlan Cisco PIX Firewall WEP & LEAP Database Server Intranet Web Server

Cisco Aironet 1100 Series Access Point It is a wireless LAN transceiver. 1100 series is cheaper than the others and its performances is really efficient. It is also managable easily and common all over the world.

RADIUS SERVER RADIUS is a distributed client/server system that secures networks against unauthorized access. Use RADIUS in these network environments, which require access security This server also called AAA Server which means Audit, Authentication and Accounting. In my project Radius Server will provide Authentication and Mac filtering.

SWITCHES Managable Switch Backbone Switch I will use three different type IP. Student will take 10.0.x.x, University Staff will take 10.50.x.x, Data Processing Center Worker will take 192.168.x.x.

VLAN VLAN is a switched network that is logically segmented. I will use Vlan for having different kind of rights of these there different type of users on WLAN.

CISCO PIX FIREWALL I chose it because I have it.

DATABASE AND INTRANET WEB SERVER Database Server : Only Data Processing Center Worker can access these server. Intranet Web Server : Only University Staff and Only Data Processing Center Worker can access these server.

HOW WILL DESIGN BE? Firstly; how will student, university staff and data processing center worker be on the different Vlan, how can I give different rights them. The second thing is how these people come to these Vlan. The third thing which is most important how I can provide security.

SSID(Service Set Identifer) When connect to WLAN you will see the name of WLAN, which is SSID.

FOR VLAN 1 If we define two different SSID, one of them broadcasting, the other one is secret. For instance; our broadcasting SSID is tsunami; our not broadcasting(secret) SSID is Private. If you connect WLAN with access point everybody sees automatically tsunami SSID. Also when you connect this, you will come to Vlan 1 and this Vlan provides to access only Internet.

AUTHENTICATION If you are not student; you write the not broadcasting SSID name for accessing, at that time you will see the Username-Password Window for having different kind of rights. When you enter the username-password, the information come to Radius Server. And now; EAP (Extensible Authentication Protocol) uses.

AUTHENTICATION TOPOLOGY

WEP(Wired Equivalent Privacy ) WEP is an encryption algorithm used by the Shared Key authentication process for authenticating users and for encrypting data payloads over only the wireless segment of the LAN. The secret key lengths are 40-bit or 104-bit yielding WEP key lengths of 64 bits and 128 bits. WEP key is an alphanumeric character string used in two manners in a wireless LAN. WEP key can be used : Verify the identity of an authenticating station. WEP keys can be used for data encryption.

CRITERIA The 802.11 standard specifies the following criteria for security: Exportable Reasonably Strong Self-Synchronizing Computationally Efficient Optional WEP meets all these requirements. WEP supports the security goals of confidentiality, access control, and data integrity.

WEP KEY WEP key is an alphanumeric character string used in two manners in a wireless LAN. WEP key can be used : Verify the identity of an authenticating station. WEP keys can be used for data encryption.

WEP KEY TABLE

EAP(Extensible Authentication Protocol ) This authentication type provides the highest level of security for your wireless network. Using the Extensible Authentication Protocol (EAP) to interact with an EAP-compatible RADIUS server. This is type of dynamic WEP key. There are five different type of EAP, I will use LEAP (Lightweight Extensible Authentication Protocol, designed by Cisco) which is the most secure.

LEAP TOPOLOGY

MAC(Media Access Control) ADDRESS FILTERING Server checks the address against a list of allowed MAC addresses. If your MAC address is University Staff’s MAC address, you wil come to Vlan 2 and you will have thoose rights, if your MAC address is data processing center worker’s address, you will come Vlan 3 also you will have those rights.

MAC FILTERING TOPOLOGY

STUDENT TOPOLOGY-1

STUDENT TOPOLOGY-2

STUDENT GENERAL TOPOLOGY

UNIVERSITY STAFF TOPOLOGY-1

UNIVERSITY STAFF TOPOLOGY-2

UNIVERSITY STAFF TOPOLOGY-3

UNIVERSITY STAFF GENERAL TOPOLOGY

DATA PROCESSING CENTER WORKER TOPOLOGY-1

DATA PROCESSING CENTER WORKER TOPOLOGY-2

DATA PROCESSING CENTER WORKER TOPOLOGY-2

DATA PROCESSING CENTER WORKER GENERAL TOPOLOGY

SECURITY POLICY The purpose of this policy is to provide guidance for the secure operation and implementation of wireless local area networks (WLANs).

AUTHENTICATION University Staff and Data Processing Center Worker have to authenticate the system if they want to have different kind of rights. For authentication, username and password authentication is used so users must use strong passwords (alphanumeric and special character string at least eight characters in length). Shared secret (or shared key) authentication must be used to authenticate to the WLAN

ENCRYPTION & ACCESS CONTOL Distinct WEP keys provide more security than default keys and reduce the risk of key compromise. SSID MAC(Media Access Control)

FIREWALL Firewall provide security based on ports.

PHYSICAL AND LOGICAL SECURITY Access point must be placed in secure areas, such as high on a wall, in a wiring closet, or in a locked enclosure to prevent unauthorized physical access and user manipulation. Access point must have Intrusion Detection Systems (IDS) at designated areas on Campus property to detect unauthorized access or attack.

CONCLUSION With this design Student, University Staff and Data Processing Center Worker can access securily; wherever they want, don’t use extra devices or don’t make any adjusting.

QUESTION ?

REFERENCES Cisco Press 802.11 Wireless Network Site Surveying and Installation book. Cisco Securing 802.11 Wireless Networks handbook. Cisco Aironet 1100 Series Access Point Quick Start Guide. Certified Wireless Network AdministratorTM Official Study Guide. Wireless Network Solutions (Paul Williams) http://www.cisco.com/en/US/tech/tk722/tk809/tk723/tsd_technology_support_sub-protocol_home.html http://www.cisco.com/en/US/tech/tk722/tk809/tsd_technology_support_protocol_home.html http://www.webopedia.com/TERM/M/MAC_address.html http://searchnetworking.techtarget.com/originalContent/0,289142,sid7_gci843996,00.html

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.