SECURING WIRELESS LANS WITH CERTIFICATE SERVICES

Slides:



Advertisements
Similar presentations
Authentication.
Advertisements

Wireless LAN  Setup & Optimizing Wireless Client in Linux  Hacking and Cracking Wireless LAN  Setup Host Based AP ( hostap ) in Linux & freeBSD  Securing.
Simple ways to secure Wireless Computers Jay Ferron, ADMT, CISM, CISSP, MCSE, MCSBA, MCT, NSA-IAM, TCI.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Wireless Security without a VPN! Stirling Goetz, Microsoft Consulting Services.
802.1x EAP Authentication Protocols
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
Protected Extensible Authentication Protocol
WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,
Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Wireless Technologies Networking for Home and Small Businesses – Chapter 7.
Internet Protocol Security (IPSec)
By Alvin Tse.  FCC – Federal Communications Commission   IETF – Internet Engineering Task Force   IEEE –
Wireless Security Issues Implementing a wireless LAN without compromising your network Marshall Breeding Director for Innovative Technologies and Research.
Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University
EAP Overview (Extensible Authentication Protocol) Team Golmaal: Vaibhav Sharma Vineet Banga Manender Verma Lovejit Sandhu Abizar Attar.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.
VPN Wireless Security at Penn State Rich Cropp Senior Systems Engineer Information Technology Services The Pennsylvania State University © All rights.
WIRELESS LAN SECURITY Using
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Wireless Technologies Networking for Home and Small Businesses – Chapter.
Wireless and Security CSCI 5857: Encoding and Encryption.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
11 SECURING COMMUNICATIONS Chapter 7. Chapter 7: SECURING COMMUNICATIONS2 CHAPTER OBJECTIVES  Explain how to secure remote connections.  Describe how.
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
BY MOHAMMED ALQAHTANI (802.11) Security. What is ? IEEE is a set of standards carrying out WLAN computer communication in frequency bands.
UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos “Securing.
Module 8: Designing Network Access Solutions. Module Overview Securing and Controlling Network Access Designing Remote Access Services Designing RADIUS.
Cellular Access Control and Charging for Mobile Operator Wireless Local Area Networks H. Haverinen, J. Mikkonen and T. Takamaki, Nokia Wei-Jen, Lin Advanced.
Wi-Fi Technology. Agenda Introduction Introduction History History Wi-Fi Technologies Wi-Fi Technologies Wi-Fi Network Elements Wi-Fi Network Elements.
Module 8: Designing Security for Authentication. Overview Creating a Security Plan for Authentication Creating a Design for Security of Authentication.
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
Lecture 24 Wireless Network Security
1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Wireless Technologies Networking for Home and Small Businesses – Chapter.
Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Introduction to Networking Technologies Wireless Security.
Port Based Network Access Control
Wireless Security - Encryption Joel Jaeggli For AIT Wireless and Security Workshop.
Understand Wireless Security LESSON Security Fundamentals.
Discovery Internetworking Module 7 JEOPARDY K. Martin.
1. Introduction In this presentation, we will review ,802.1x and give their drawbacks, and then we will propose the use of a central manager to replace.
Virtual Private Networks
Implementing Network-Edge Security with 802.1x
Authentication and handoff protocols for wireless mesh networks
Module 9: Configuring Network Access
Virtual Private Networks
Virtual Private Network (VPN)
Microsoft Windows NT 4.0 Authentication Protocols
Wireless Protocols WEP, WPA & WPA2.
SECURING NETWORK TRAFFIC WITH IPSEC
Remote Access Lecture 2.
Configuring and Troubleshooting Routing and Remote Access
A Wireless LAN Security Protocol
Wireless Local Area Network (WLAN)
Chapter 4: Wireless LANs
Virtual Private Networks (VPN)
The Tunneled Extensible Authentication Method (TEAM)
IS4550 Security Policies and Implementation
On and Off Premise Secure Access
Secure Authentication System for Public WLAN Roaming
– Chapter 5 (B) – Using IEEE 802.1x
Wireless LAN Security 4.3 Wireless LAN Security.
Virtual Private Network (VPN)
Goals Introduce the Windows Server 2003 family of operating systems
Virtual Private Network
Authentication and handoff protocols for wireless mesh networks
Presentation transcript:

SECURING WIRELESS LANS WITH CERTIFICATE SERVICES Microsoft Solution for Security (MSS) Group Presented by PHILIP HUYNH 2009

Purposes of the Report WLAN in the Organization: Benefits and Threats. The design of solution for securing WLAN using 802.1x Certificate Based Authentication (EAP-TLS). 11/20/2018 PHILIP HUYNH

Wireless LAN Architecture Need a Corporate WLAN picture! 11/20/2018 PHILIP HUYNH

The Benefits of WLAN Core Business Benefits Mobile connection to corporation LAN Organizational flexibility Integration of new devices and applications into the corporate IT environment Operational Benefits The cost of provisioning network Easily scale the network to respond to different levels of demand Capital cost no longer is tied to building infrastructure 11/20/2018 PHILIP HUYNH

Main Security Threats for WLANs Eavesdropping (disclosure of data) Interception and modification of transmitted data Spoofing Denial of Service (DoS) Free-loading (or resource theft) Accidental threats Rogue WLANs 11/20/2018 PHILIP HUYNH

Elements of WLAN Protecting Authenticating the person (or device) connecting to the network Authorizing the person or device to use the WLAN Protecting the data transmitted on the network 11/20/2018 PHILIP HUYNH

IEEE 802.1x Protocol The 802.1x protocol is an IEEE standard Authenticating access to a network Managing keys used to protect traffic. The 802.1x protocol involves The network user A network access (or gateway) device such as wireless AP An authentication and authorization service in form of a Remote Authentication Dial-In Service (RADIUS) server. 802.1x protocol relies on the Extensible Authentication Protocol (EAP) to carry out the authentication exchange between the client and the RADIUS server. 11/20/2018 PHILIP HUYNH

EAP-TLS Authentication Method IETF standard (RFC 2716) Probably the most widely supported authentication method on both wireless clients and RADIUS servers in used today Uses public key certificates to authenticate both the wireless client and RADIUS server. Establishing an encrypted TLS session between client and server 11/20/2018 PHILIP HUYNH

The Benefits of 802.1X with WLAN Data Protection High security Stronger encryption Transparent User and computer authentication Low cost High performance 11/20/2018 PHILIP HUYNH

Target Organization’s Network 11/20/2018 PHILIP HUYNH

802.1X EAP-TLS Strategy 11/20/2018 PHILIP HUYNH

802.1X EAP-TLS Strategy 11/20/2018 PHILIP HUYNH

802.1X EAP-TLS Strategy 11/20/2018 PHILIP HUYNH

802.1X EAP-TLS Strategy 11/20/2018 PHILIP HUYNH

802.1X EAP-TLS Strategy 11/20/2018 PHILIP HUYNH

802.1X EAP-TLS Strategy 11/20/2018 PHILIP HUYNH

Future Work Implement the solution Public Key Infrastructure using MS Server 2003 Certificate Services RADIUS Infrastructure using MS Internet Authentication Service WLAN Security: Client and AP Testing and deriving the learning lessons 11/20/2018 PHILIP HUYNH

Related Work CS Master thesis of NIRMALA LUBUSU (2003) Implementation and Performance Analysis of The Protected Extensible Authentication Protocol http://cs.uccs.edu/~chow/pub/master/nbulusu/doc/ Different EAP method: What is PEAP? 1st stage: a TLS session is established between client and server, and allows the client to authenticate the server using the server’s digital certificate. 2nd stage: requires a second EAP method tunneled inside the PEAP session to authenticate the client to the RADIUS server. Different implementation PKI/Certificate Server using the OpenSSL RADIUS Server using FreeRADIUS / Linux OS 11/20/2018 PHILIP HUYNH

References IEEE Std 802.1X-2001 (2001) IEEE Standard for Local and metropolitan area network – Port based Network Access Control, The Institute of Electrical and Electronics Engineers, Inc. The Microsoft Solution for Security (MSS) group (2004) Securing Wireless LANs with Certificate Services Release 1.6, Microsoft Corporation. Nirmala Lubusu (2003) Implementation and Performance Analysis of The Protected Extensible Authentication Protocol, Department of Computer Science, UCCS. 11/20/2018 PHILIP HUYNH

Questions ? 11/20/2018 PHILIP HUYNH

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.