Wireless RADIUS Access Susan Mulholland Joseph Paulowskey Joseph Woulfe.

Slides:



Advertisements
Similar presentations
Network Security.
Advertisements

Security in Wireless Networks Juan Camilo Quintero D
WiFi VS Cellular “Bringing Secure Payment to the Point Of Service”
1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.
Presentation viewer : _ Mahmoud matter. Ahmed alasy Dr: Rasha Atallah.
Module 5: Configuring Access for Remote Clients and Networks.
Implementing Security for Wireless Networks Presenter Name Job Title Company.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
802.1x EAP Authentication Protocols
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.
Wireless Security Focus on Encryption Steps to secure a Wi-Fi Network.
Securing Home Networks (including WiFi and Servers) By Dr. Rafael Azuaje, Sul Ross State University, Alpine, TX Home networks (wire/wireless) are becoming.
Wi-Fi the Standard and Security. What is Wi-Fi? Short for wireless fidelity. It is a wireless technology that uses radio frequency to transmit.
Using RADIUS Within the Framework of the School Environment Charles Bolen Systems Engineer December 6, 2011.
802.1X in Windows Tom Rixom Alfa & Ariss. Overview 802.1X/EAP 802.1X in Windows Tunneled Authentication Certificates in Windows WIFI Client in Windows.
Using RADIUS Within the Framework of the School Environment Ed Register Consultant April 6, 2011.
Securing a Wireless Network
1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.
Windows 2003 and 802.1x Secure Wireless Deployments.
TAX-AIDE Network Router Setup Network Printer Setups July SMT/TCS Training - Dallas1.
© 2013 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to 802: Managing and Troubleshooting PCs Fourth Edition (Exam.
Configuring Routing and Remote Access(RRAS) and Wireless Networking
Computer Networks. Network Connections Ethernet Networks Single wire (or bus) runs to all machines Any computer can send info to another computer Header.
Mobile and Wireless Communication Security By Jason Gratto.
WIRELESS LAN SECURITY Using
Wireless or wired connection of the technician’s smartphone to Cable Ties network.
70-411: Administering Windows Server 2012
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
1 Chapter Overview Using the New Connection Wizard to configure network and Internet connections Using the New Connection Wizard to configure outbound.
Michal Procházka, Jan Oppolzer CESNET.
Module 8: Designing Network Access Solutions. Module Overview Securing and Controlling Network Access Designing Remote Access Services Designing RADIUS.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
A Practical Guide for Joining EduRoam EuroCAMP Torino A Practical Guide for Joining EduRoam 4 March 2005 Version 1.6.
Module 11: Remote Access Fundamentals
1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.
Module 8: Configuring Network Access Protection
Understanding Wireless Networking. WiFi Technology WiFi began as a way to extend home and small office network access without installing more cable. As.
Secure Wireless Home Networks Area 2 SIR Presentation Nov. 18, 2004 Dean Steichen Br. 8.
1/28/2010 Network Plus Unit 4 WAP Configuration WAP Configuration In this section we will discuss basic Wireless Access configuration using a Linksys.
PRESENTATION ON WI-FI TECHNOLOGY
Configuring Linux Radius Server Objectives –This chapter will show you how to install and use Radius Contents –An Overview Of How Radius Works –Configruation.
1. Outlines Introduction What is Wi-Fi ? Wi-Fi Standards Hotspots Wi-Fi Network Elements How a Wi-Fi Network Works Advantages and Limitations of Wi-Fi.
Computers Are Your Future Eleventh Edition
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Internet Authentication Service.
Configuring Network Access Protection
Networking in Linux. ♦ Introduction A computer network is defined as a number of systems that are connected to each other and exchange information across.
1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.
Mohammed F & Aya. Peer-to-peer network are usually common in homes and small businesses and are not necessarily expensive. On a peer-to-peer network each.
Lesson 10: Configuring Network Settings MOAC : Configuring Windows 8.1.
Linux Operations and Administration
Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.
Wi-Fi Technology PRESENTED BY:- PRIYA AGRAWAL.
Simon Prasad. Introduction  Smartphone and other mobile devices have made it so easy to stay connected.  But this easy availability may lead to personal.
Chapter 1-4 Home Networking. Introduction Setting up a home network is probably one of the first networks that the student sets up. This is an exciting.
Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Introduction to Networking Technologies Wireless Security.
Wi-Fi Presented By: N. Rakesh Kumar (07D01A0591).
Module 9: Configuring Network Access
Instructor Materials Chapter 6 Building a Home Network
Wireless Network Computer Science Engineering Technical English II
Wireless Technologies
SUBMITTED BY DINEEJ A 28 S3 EC
Configuring and Troubleshooting Routing and Remote Access
Wireless Local Area Network (WLAN)
Web Servers / Deployment
Presentation transcript:

Wireless RADIUS Access Susan Mulholland Joseph Paulowskey Joseph Woulfe

What is a Wi-Fi?  Stands for Wireless Fidelity  The wireless networking and networking is called  Can connect PC’s, notebooks, and PDAs to enable them to share internet connections, printers and documents  Can be up to 300 feet

Three kinds of  b  The first version of b  Slowest  Least expensive  a  The second version  Can handle up to 54 mega bits per second  Operates at 5 GHz  g  The third version  Operates at 2.4 GHz  Has advantage of higher speeds

Advantages of Wi-Fi  Allows LANs to be deployed without cabling  Reduce the costs of network deployment and expansion.  Can host wireless LANs.  Networks support roaming  Wi-Fi client works in all different countries  A global set of standards

Disadvantages of Wi-Fi  Power consumption is high  Concerns about battery life and heat  Has limited range.  Access points could be used to steal personal information transmitted from Wi-Fi users.  Wired Equivalent Privacy or WEP is easy to be breakable even when correctly configured. WPA2 Wired Protected Access is improved and better than WEP.

Wi-Fi Security  If a hotspot is open, then anyone with a Wi-Fi card can access the hotspot. The original standard was 64-bit encryption that was easily broken.  If it is secure using 128-bit encryption, then the user needs to know a WEP key to connect. Using a hotspot at your house, you need a WEP 128-bit encryption preventing intruders into your network.

Wi-Fi network in your home  b  Is slightly less expensive and the slowest of the three For home use, g costs just a little more, but is up to 5 times faster. If you will be doing a lot of file transfers between computers in your home, g is definitely the way to go.  g  Costs just a little more,  Up to 5 times faster. If you do a lot of file transfers between computers in your home, then g is the best the way to go.

Two kinds of Wi-Fi  Commerical Wi-Fi  Services are available such as Internet cafes, Borders bookstore, and more. T-Mobile has many hotspots in all Borders and Starbucks.  Free Wi-Fi  Many members of local governments have joined with local community groups to help expand free Wi-Fi networks. Some community groups built their Wi-Fi networks based on volunteer efforts and donations.

About Wi-Fi revolution  Consultants from Pyramid Research predicted that more Americans would use Wi-Fi than cellular networks by  Last year, approximately 30.2 million Americans used Wi-Fi, according to Pyramid comparing with 213 million mobile-phone customers.  Demand for Wi-Fi is increasing. However, the pace shows signs of slowdown.

RADIUS Stands for: Remote Dial In User Service The Certificates are used to authenticate the user’s computer and to authenticate the RADIUS server.

Deployment Diagram This diagram shows how the user’s wireless device will connect through the wireless access point. The credentials will then be sent from the access point to the radius server which will verify the user information using the Network Information Service (NIS) server. Upon verification in the NIS server the user acceptance will be passed back up to the RADIUS server then back up to the access point which will put the user back on the network. The user will then be allowed to do a DHCP request for an IP address and the DHCP server will respond.

Architectural Design

Radiusd.conf The radiusd.conf file is the main configuration file for the FreeRadius Server radiusd.conf file. Port =1812 #sets the port to listen on to 1812 Log_auth = yes #sets the server to log authentication requests

Clients.conf The clients.conf file is a configuration file for the FreeRadius server that establishes what clients can connect to the radius server. The following are the lines that were modified in the client.conf file to allow for the single test access point to be a client as well as the local host to be a client for testing. client [ ]{ secret = cmps354 shortname = WAP354 } client localhost{ secret = cmps354 shortname = lh }

Eap.conf The eap.conf file is a file that handles the configuration for the EAP protocols in FreeRadius. The following lines have to be adjusted. default_eap_type = tls #tls is the authentication form that is being used #The following is from the tls module private_key_password = private_key_file = ${raddbdir}/certs/serverkey_cert.pem certificate_file = ${raddbdir}/certs/serverkey_cert.pem CA_file = /usr/local/openssl/cmpsCA/cacert.pem dhfile = /dev/null #link to a built in null location random_file = /dev/urandom #link to a built in random number generator #The following is from the ttls module #default_eap_type = copy_request_to_tunnel = yes use_tunnled_reply = yes

Installing OpenSSL OpenSSL by default is installed onto the FreeBSD 5.4 system After installing OpenSSL the administrator has to go to the directory that contains the configuration files for OpenSSL. By default on FreeBSD the path is /usr/local/openssl/. From there you can find the file openssl.cnf this file has a number of lines that should be edited for ease of use.

openssl.cnf lines that should be edited for ease of use. # These are some of the lines that should be modified [ CA_default ] dir =./cmpsCA # Where the CA is kept#further downcountryName_default = US stateOrProvinceName_default =Pennsylvania 0.organizationName_default = Computing Science Department

xpextensions After editing the defaults of the openssl.cnf file another file must be created because these certificates are going to be used on Microsoft Windows XP computers. The file should be created and named xpextensions.

xpextensions The following lines should be added to xpextensions: [ xpclient_ext]extendedKeyUsage = [ xpserver_ext ]extendedKeyUsage =

Creating a Certificate Authority To create a certificate authority you must edit the CA.sh file in the openssl/misc directory CATOP=./cmpsCA #this path should match the dir specified in #openssl.cnf

Creating and Signing Certificates The first step for creating the server certificates is to make a certificate request with this command: $ openssl req -new -nodes -keyout server_key.pem -out server_req.pem -days 730 -config./openssl.cnf After making the request it will prompt the user to enter some organization information then the request will be created under the file server_req.pem This server request now has to be signed by your created certificate authority and the xpextensions needs to be added to the certificate. This can be done with the command: $ openssl ca -config./openssl.cnf \-policy policy_anything - out server_cert.pem \-extensions xpserver_ext -extfile./xpextensions \-infiles./server_req.pem

Creating and Signing Certificates client_req.pem The client certificate follows the same process as the server certificate First you must create a signing request. $ openssl req -new -keyout client_key.pem \ -out client_req.pem -days 730 -config./openssl.cnf Then you sign the request with the same certificate authority $ openssl ca -config./openssl.cnf \-policy policy_anything -out client_cert.pem \-extensions xpclient_ext -extfile./xpextensions \-infiles./client_req.pem

Creating and Signing Certificates Finally after you have created your signed certificate in the client_cert.pem you have to convert it to a.p12 file for windows machines. You can do that with this command openssl pkcs12 -export -in client_cert.pem \-inkey client_key.pem - out client_cert.p12 -clcerts

Wireless Access Points The Wireless Access points need to be configured for the network Set static IP IP address should be reflected in the clients.conf file of the radius directory The SSID needs to be modified to “CMPS”

Wireless Access Points

User Interface Design SecureW2 Supplicant The SecureW2 client is a WPA supplicant that installs onto the users Windows XP computer. This is used to authenticate the user through the RADIUS server using the TTLS protocol.

SecureW2 Installation The SecureW2 client can be downloaded from ndex.htm

SecureW2 Installation

Configuration SecureW2 allows for PAP authentication SecureW2 also allows you to input a user id and password combination for quick reconnecting to the network This can be used on a personal computer The configuration of the SecureW2 Client is shown below

Resources      hool/cmps490/SystemDocumentation.do c#_Toc