802.1X in SURFnet 22 May 2003.

Slides:



Advertisements
Similar presentations
Authentication.
Advertisements

Connect. Communicate. Collaborate eduroam: towards a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 Wi-Fi Workshop,
Terena Mobility Taskforce update Klaas Wierenga SURFnet.
Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June Licia Florio.
High-quality Internet for higher education and research 5 th of April, Eurocamp, Ljubljana eduroam, security and authentication Paul Dekkers.
TF Mobility Group 22nd September A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.
10 October 2003 Internet2 members meeting 1 An update on the work of JANET Wireless Advisory Group & The Terena Mobility Taskforce James Sankar UKERNA.
EduRoam ESA workshop 17 December 2004 Utrecht.
Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference th November, 2006.
Network Access and 802.1X Klaas Wierenga SURFnet
High-quality Internet for higher education and research Federated network access with Klaas Wierenga SURFnet Ljubljana, April.
Implementing Wireless LAN Security
High-quality Internet for higher education and research eduroam EuroCAMP, Porto, November 9, 2005
EduRoam: movilidad por Europa... y España Toledo, 29 de octubre de 2004
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Deliverable H: the interoperability testbed design Klaas Wierenga SURFnet.
MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
802.1x EAP Authentication Protocols
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
Wireless LAN Security Framework Backend AAA Infrastructure RADIUS, TACACS+, LDAP, Kerberos TLSLEAPTTLSPEAPMD5 VPN EAP PPP x EAP API.
© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-1 Security Olga Torstensson Halmstad University.
WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,
Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.
Top-Down Network Design Chapter Eight Developing Network Security Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—3-1 Wireless LANs Understanding WLAN Security.
Wireless Security with 802.1X Copyright 2005 Michael Griego This work is the intellectual property of the author. Permission is granted for this material.
802.1X in Windows Tom Rixom Alfa & Ariss. Overview 802.1X/EAP 802.1X in Windows Tunneled Authentication Certificates in Windows WIFI Client in Windows.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Wireless Security and Accounting with 802.1X. Introduction Background Why 802.1X? What is 802.1X? Implementing 802.1X at UTD The future of 802.1X and.
Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
PKI Network Authentication Dartmouth Applications Robert Brentrup Educause/Dartmouth PKI Summit July 27, 2005.
Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University
EAP Overview (Extensible Authentication Protocol) Team Golmaal: Vaibhav Sharma Vineet Banga Manender Verma Lovejit Sandhu Abizar Attar.
What about 802.1X? An overview of possibilities for safe access to fixed and wireless networks Amsterdam, October Erik Dobbelsteijn.
Windows 2003 and 802.1x Secure Wireless Deployments.
Wireless Security Techniques: An Overview Bhagyavati Wayne C. Summers Anthony DeJoie Columbus State University Columbus State University Telcordia Technologies,
Mobile and Wireless Communication Security By Jason Gratto.
EID Cards and “Identity Based Networking Services” Because “Networks” are an integral part of the total solution. Walter Gillis Account Manager, for Flemish.
WIRELESS LAN SECURITY Using
© 2004 Bluesocket, Inc. Secure Mobility ™ Wireless Security: Issues and Solutions Mike Brockney Bluesocket
Wireless Networking.
Perceptions of Wi-Fi Security Requirements: A Stratified View Merrill Warkentin Xin (“Robert”) Luo Mississippi State University.
High-quality Internet for higher education and research Paul Dekkers April 4th, Turkey.
Michal Procházka, Jan Oppolzer CESNET.
Center of Excellence Wireless and Information Technology CEWIT 2003 Keys To Secure Your Wireless Enterprise Toby Weiss SVP, eTrust Computer Associates.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Securing your wireless LAN Paul DeBeasi VP Marketing
High-quality Internet for higher education and research AAI from the NREN perspective Schiphol, October 17, 2005
UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering Secure Authentication System for Public WLAN Roaming Ana Sanz Merino, Yasuhiko.
Wireless Authentication & 802.1X By Gareth Ayres.
© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 6: Implement Wireless Scalability.
Wireless Technology x: Wi-Fi Standards - Cutting Through The Confusion Rob Karnbach Wireless ME May 2003.
Connect. Communicate. Collaborate TERENA Networking Conference, 7 june 2005 Eduroam: past, present, and future.
Security for (Wireless) LANs 802.1X workshop 30 & 31 March 2004 Amsterdam.
Workshop roaming services: eduroam / govroam
Wireless security Wi–Fi (802.11) Security
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
Authentication and Authorisation in eduroam Klaas Wierenga, AA Workshop TNC Lyngby, 20th May 2007.
Integrating multiple wireless access control schemes at NTUA Spiros Papageorgiou, Christos Siaterlis NOC/NTUA.
Wireless Unification Theory William Arbaugh University of Maryland College Park.
19 May 2003 © The JNT Association Terena Technical Advisory Council Terena Mobility Task Force
© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0— © 2003, Cisco Systems, Inc. All rights reserved.
Wireless Security - Encryption Joel Jaeggli For AIT Wireless and Security Workshop.
10 Years of eduroam (from an idea to a product)
On and Off Premise Secure Access
TF-Mobility update TF-EMC2, Barcelona 9 September 2005.
IEEE i Dohwan Kim.
UT Gert Meijerink Service Departement for Information Technology, Library and Education (ITBE) TERENA 2004.
Presentation transcript:

802.1X in SURFnet 22 May 2003

2 TOC Background Requirements Various solutions investigated 802.1X in SURFnet, the Netherlands and Europe Lessons learned The future Conclusion

3 Background Access Provider POTS Institution A LAN Institution B WLAN Access Provider ADSL International connectivity Access Provider WLAN Access Provider GPRS SURFnet backbone

4 Requirements Identify users uniquely at the edge of the network –No session hijacking Allow for guest usage Scalable –Local user administration and authN! –Using existing RADIUS infrastructure Easy to install and use Open –Support for all common OSes –Vendor independent After proper AuthN open connectivity

5 Various solutions WEP (unsafe) MAC-address (unsafe) LEAP (proprietary) Web-gateway (hard to make safe) VPN-gateway (hard to make scalable) 802.1X –Pilot with University of Twente and Alfa&Ariss

6 6. IEEE 802.1X True port based access solution (Layer 2) between client and AP/switch Several available authentication-mechanisms (EAP-MD5, MS-CHAPv2, EAP-SIM, EAP-TLS, EAP-TTLS, PEAP) Standardised Also encrypts all data, using dynamic keys RADIUS back end: –Scaleable –Re-use existing Trust relationships Easy integration with dynamic VLAN assignment Client software necessary (OS-built in or third-party)

X in action data signalling EAPOL EAP over RADIUS f.i. LDAP RADIUS server Institution A Internet Authenticator (AP or switch) User DB Student VLAN Guest VLAN Employee VLAN Supplicant

8 Cross-domain 802.1X with VLAN assignment RADIUS server Institution B RADIUS server Institution A Internet Central RADIUS Proxy server Authenticator (AP or switch) User DB Supplicant Guest Student VLAN Guest VLAN Employee VLAN data signalling

9 Current status Wireless –University of Twente, University of Amsterdam, Hogeschool van Amsterdam currently use 1X, most others are considering this. Fixed –Delft University, University of Tilburg currently use 1X, most others are considering this Software –Freeware tool SecureW2

10 …in the rest of the Netherlands (Freeband) Hotspots at public places near SURFnet locations WLAN connectivity on the move, i.e. trains, automobiles (planes yet to come) 802.1X connecting to SURFnet RADIUS infrastructure Open for whole SURFnet community Hotspots will be made available in Amsterdam, Utrecht, Groningen, Enschede, Eindhoven, Delft, Rotterdam, Leiden

11 … and beyond (TF-Mobility) European scale WLAN roaming Currently comparing –Web-based –VPN-based –802.1X based In summer testbed definition

12 Lessons learned It’s all about scalability EAP types are either unsafe (MD5, MS-CHAPv2), hard to deploy (TLS) or not ready (PEAP) so the choice is easy: TTLS 2-way RADIUS infrastructure introduces possible problems –Prevent loops AUP needed for guest usage Logging is needed The more you see about 1X the more you like it

13 Future New standards * WPA (pre standard i, TKIP) i: 802.1x + first TKIP, later AES Application integration A-select (TNC session 8c) –OTP via SMS is available

14 Conclusion 802.1X is available 802.1X works 802.1X scales 802.1X is secure 802.1X is extensible 802.1X allows for guest usage 802.1X is the future So what are you waiting for....

15 More information

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.