Company LOGO WIRELESS DEPLOYMENT A successful solution to Campuswide role-based secure Wi-Fi deployment Andrea Di Fabio – Information Security Officer.

Slides:



Advertisements
Similar presentations
Securing Your Wireless Network
Advertisements

Network Security.
Student, Faculty, and Staff Data Availability and Protection What’s the Back-Up Plan? (for academic computing) Sponsored by.
Wireless LAN  Setup & Optimizing Wireless Client in Linux  Hacking and Cracking Wireless LAN  Setup Host Based AP ( hostap ) in Linux & freeBSD  Securing.
© Copyright Computer Lab Solutions All rights reserved. Do you need usage information about your computer labs? Copyright Computer Lab Solutions.
Cut Costs and Increase Productivity in your IT Organization with Effective Computer and Network Monitoring. Copyright © T3 Software Builders, Inc 2004.
Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau This work is the intellectual property of the authors. Permission is granted for.
WiFi VS Cellular “Bringing Secure Payment to the Point Of Service”
Copyright Statement Copyright Robert J. Brentrup This work is the intellectual property of the author. Permission is granted for this material to.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Northern Arizona University Wi-Fi 2005 Flagstaff Campus Wireless Plan 4/11/2005.
MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.
Wireless Security without a VPN! Stirling Goetz, Microsoft Consulting Services.
802.1x EAP Authentication Protocols
Wireless LAN Security Framework Backend AAA Infrastructure RADIUS, TACACS+, LDAP, Kerberos TLSLEAPTTLSPEAPMD5 VPN EAP PPP x EAP API.
© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-1 Security Olga Torstensson Halmstad University.
Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Chapter 8: Configuring Network Connectivity. Installing Network Adapters Network adapter cards connect a computer to a network. Installation –Plug and.
The Journey Toward 24/7 IT Monitoring University of North Carolina at Greensboro Design and Build of Network Operations Center Copyright Thomas M. Sheriff,
Wireless LANs A Case Study of Baylor University’s Wireless Network Copyright Bob Hartland 2002 This work is the intellectual property of the author. Permission.
Mobile Computing and Security Authenticated Network Access (ANA) Jon Peters Associate Director Dave Packham Manager of Network Engineering NetCom University.
Wireless Security with 802.1X Copyright 2005 Michael Griego This work is the intellectual property of the author. Permission is granted for this material.
802.1X in Windows Tom Rixom Alfa & Ariss. Overview 802.1X/EAP 802.1X in Windows Tunneled Authentication Certificates in Windows WIFI Client in Windows.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.
Moving Your Paperwork Online Western Washington University E-Sign Web Forms Copyright Western Washington University, This work is the intellectual.
CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.
Copyright Tim Antonowicz, This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial,
PKI Network Authentication Dartmouth Applications Robert Brentrup Educause/Dartmouth PKI Summit July 27, 2005.
CSC – Tieteen tietotekniikan keskus Oy CSC – IT Center for Science Ltd. WLAN Infrastructure Monitoring and Supplicants Workshop on Wireless Belgrade -
Sharing MU's SharePoint Experience 2005 Midwest Regional Conference Innovative Use of Technology: Getting IT Done Wednesday, March 23, 2005.
Windows 2003 and 802.1x Secure Wireless Deployments.
Agenda 10:00 11:00 Securing wireless networks 11:00 11:15 Break 11:15 12:00Patch Management in the Enterprise 12:00 1:00 Lunch 1:00 2:30 Network Isolation.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 7 City College.
Wireless Security Techniques: An Overview Bhagyavati Wayne C. Summers Anthony DeJoie Columbus State University Columbus State University Telcordia Technologies,
Wireless Infrastructures Wireless. Wireless Infrastructures Wireless LAN Predominantly IEEE A, B, G, N Wireless MAN WiMax and its.
Mobile and Wireless Communication Security By Jason Gratto.
EID Cards and “Identity Based Networking Services” Because “Networks” are an integral part of the total solution. Walter Gillis Account Manager, for Flemish.
Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.
WIRELESS LAN SECURITY Using
© 2004 Bluesocket, Inc. Secure Mobility ™ Wireless Security: Issues and Solutions Mike Brockney Bluesocket
The "How" and "Why" of a Large-Scale Wireless Deployment  March 3, 2004  EDUCAUSE Western Regional Conference Sacramento, CA Copyright Philip Reese,
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Wireless LANs Configuring Cisco WLAN Clients. Cisco a/b/g WLAN Client Adapters a/b/g dual-band client adapters Supports all three current.
Module 8: Designing Network Access Solutions. Module Overview Securing and Controlling Network Access Designing Remote Access Services Designing RADIUS.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
A Practical Guide for Joining EduRoam EuroCAMP Torino A Practical Guide for Joining EduRoam 4 March 2005 Version 1.6.
Environment => Office, Campus, Home  Impact How, not Whether A Checklist for Wireless Access Points.
© Aastra – 2012 SIP-DECT 4.0 RFP 43 WLAN June 2012.
Securing your wireless LAN Paul DeBeasi VP Marketing
IEEE i WPA2. IEEE i (WPA2) IEEE i, is an amendment to the standard specifying security mechanisms for wireless networks. The.
Rethinking Campus and Classroom Design William J. Mitchell NLII 2004 September 9, 2004 Copyright William Mitchell, This work is the intellectual.
SECURE WIRELESS NETWORK IN IŞIK UNIVERSITY ŞİLE CAMPUS.
Wireless Authentication & 802.1X By Gareth Ayres.
Wireless Technology x: Wi-Fi Standards - Cutting Through The Confusion Rob Karnbach Wireless ME May 2003.
Lesson 10: Configuring Network Settings MOAC : Configuring Windows 8.1.
802.1X Terry Simons Formerly of The University of Utah.
WLAN Security Condensed Version. First generation wireless security Many WLANs used the Service Set Identifier (SSID) as a basic form of security. Some.
NETWORKING & SYSTEM UPDATES
Quickly Establishing A Workable IT Security Program EDUCAUSE Mid-Atlantic Regional Conference January 10-12, 2006 Copyright Robert E. Neale This.
1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.
Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Introduction to Networking Technologies Wireless Security.
© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0— © 2003, Cisco Systems, Inc. All rights reserved.
Wireless Security - Encryption Joel Jaeggli For AIT Wireless and Security Workshop.
Overlapping eduroam networks operated by different organizations
On and Off Premise Secure Access
Project for OnLine Instructional Support (POLIS)
myIS.neu.edu – presentation screen shots accompany:
Presentation transcript:

Company LOGO WIRELESS DEPLOYMENT A successful solution to Campuswide role-based secure Wi-Fi deployment Andrea Di Fabio – Information Security Officer Copyright Andrea Di Fabio This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

Agenda 1.The Challenge Manageability End User Configuration Campus and User Security Wireless Standards Hardware and Vendors 2.The Results Selection of Standards Hardware and Vendor Selection Wireless Site Survey 3.Pitfalls and Solutions Shared Computers PDA’s Remote Locations (no VLAN) The business case for Wi-Fi 4.Conclusion 1.The Challenge Manageability End User Configuration Campus and User Security Wireless Standards Hardware and Vendors 2.The Results Selection of Standards Hardware and Vendor Selection Wireless Site Survey 3.Pitfalls and Solutions Shared Computers PDA’s Remote Locations (no VLAN) The business case for Wi-Fi 4.Conclusion

Manageability  Least time managing the infrastructure  Standard Configuration = fast deployment  Access Points  End User  Health monitoring tools  Simple effective and secure

End User Configuration As simple as possible  Standard configuration for all users  Secure communication  Awareness Program  Flyers and Web instructions

Campus and User Security GOAL: Simple effective and secure Protect the end user  Encryption  Dynamic keys  Key rotation  Protect the Campus Network  VLAN’s and ACL’s  Encryption  Authentication  Role-based security context  Automatic VLAN switching  Per VLAN ACL’s  User Authentication Required  Wireless Encryption Required  Awareness VS Technical Controls

The Challenge Matrix ManageabilityConfigurationSecurity Least timeSimpleUser Authentication Standard configuration StandardRole-Based Context Simple and SecureSecureEncryption Health monitoring

Possible Solutions Wi-FiManageabilityConfigurationSecurity OpenSimplest None Plain Text & Authenticated Moderate User Access Encrypted & No Auth ComplexModerateData Encrypted & Authenticated Complex? User & Data

Wireless Standards  Some Technical Jargon and …  Let the fun begin!  a/b/g/i  802.1X  EAP, PEAP, LEAP, TLS, TTLS  WEP, WPA, WPA2, TKIP, CCMP  RADIUS, IETF, EXTENDED TAGS  WIRELESS MESH

Wireless Standards PEAP with Generic Token Card (GTC) PEAP with MS-CHAP Version 2 Cisco LEAPEAP-TLS User Authentication Windows NT Active Directory Novell NDS OTP Windows NT Active Directory Windows NT Domains, Active Directory Windows NT Active Directory Novell NDS OTP Requires Server Certificates Yes NoYes Requires Client Certificates No Yes

THE TEAM Network Team:  Select vendor supporting selected standards  Determine needs for additional VLANS  Conduct site survey and deploy AP’s  Server Team:  Define/Create AD groups for VLAN mappings  User Dept mappings delegated to depts.  ADSI Scripts to regroup users  Security Team:  Selecting and implementing the standards  Defining and implementing QoS requirements

The Implementation 802.1X PEAP Authentication with Dynamic VLAN Assignment

Hardware and Vendors  Project Team Selects:  CISCO Aironet AP’s  Coverage inside buildings  We started with Dorms and Admin Buildings  Mostly one AP per floor (no overlapping channels)  Vivato Panels  Green space coverage  5 Panels, each panel is made on 11 AP’s  Very Directional.

AP Configuration dot11 ssid NSUWIFI vlan 172 authentication open eap eap_methods<- PEAP authentication network-eap eap_methods<- LEAP authentication key-management wpa cckm optional<- WPA ! interface Dot11Radio0 ! encryption vlan 172 mode ciphers tkip wep128 ! encryption vlan 75 mode ciphers tkip wep128 ! interface BVI1 ip address <- MGMT

RADIUS CONFIGURATION  Database Mappings  Prioritize group mappings

RADIUS CONFIGURATION  Use RADIUS Shared Secret  Between AP and RADIUS Server  Make good use of RADIUS Attributes  VLAN TAGGING

Wireless Coverage Site Survey by Elandia Solutions, Inc.

The Flyer The Instructions … WIRELESS Configuration … and the Pitfalls

Shared Computers  The Problem  Authentication of new users  The Solution

PDA’s  The Problem  Limited Support for 802.1X on PDA’s  The Solution  Funk’s Odyssey (Commercial)  Future Plans …

Remote Locations (no VLAN)  The Problem  RADIUS TAGGING on FLAT NETWORK …  The Solution

The Business Case for Wi-Fi  $$$$  Wireless GB bridges VS Fiber  Great success in Resident Halls  Full VLAN Support (Layer 2)  Wireless Labs and Classrooms  VBHEC Lab 100% Wireless  Wireless Collaboration Classes  WPA2 ‘almost’ as secure as Wired  Wireless VoIP Phones

Conclusion A successful solution to Campuswide role-based secure Wi-Fi deployment Auto VLAN + encryption + authentication can be SIMPLE Need for a well developed directory infrastructure Assemble a diverse team: InfoSec, Network, Server, Faculty/Staff Use well know vendors and upgradeable hardware Know the Pro and Cons in your Options Balance Security, User Access, Configuration and Administration 802.1X PEAP MS-ChapV2 with Dynamic VLANS Per Session WEP Key migrating to WPA TKIP Natively supported by Windows and MAC OS Linux Support in WPA_SUPPLICANTS and Open1X A successful solution to Campuswide role-based secure Wi-Fi deployment Auto VLAN + encryption + authentication can be SIMPLE Need for a well developed directory infrastructure Assemble a diverse team: InfoSec, Network, Server, Faculty/Staff Use well know vendors and upgradeable hardware Know the Pro and Cons in your Options Balance Security, User Access, Configuration and Administration 802.1X PEAP MS-ChapV2 with Dynamic VLANS Per Session WEP Key migrating to WPA TKIP Natively supported by Windows and MAC OS Linux Support in WPA_SUPPLICANTS and Open1X

Q&A

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.