Integrating multiple wireless access control schemes at NTUA Spiros Papageorgiou, Christos Siaterlis NOC/NTUA.

Slides:

Advertisements

Similar presentations

Encrypting Wireless Data with VPN Techniques

Advertisements

Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June Licia Florio.

TF Mobility Group 22nd September A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.

Digital DNA Server Login People ®. Login People ˃ IT security vendor ˃ Patented Digital DNA ® technology innovation Digital DNA Server Multi-factor Authentication.

1 Network Authentication with PKI EDUCAUSE/Dartmouth PKI Summit July 27, 2005 Jim Jokl University of Virginia.

Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference th November, 2006.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

Network Access and 802.1X Klaas Wierenga SURFnet

Deliverable H: the interoperability testbed design Klaas Wierenga SURFnet.

CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

Security and Policy Enforcement Mark Gibson Dave Northey

802.1x EAP Authentication Protocols

Wireless LAN Security Framework Backend AAA Infrastructure RADIUS, TACACS+, LDAP, Kerberos TLSLEAPTTLSPEAPMD5 VPN EAP PPP x EAP API.

Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?

Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.

Al Williams / DLT October 13,2009

Wireless Security with 802.1X Copyright 2005 Michael Griego This work is the intellectual property of the author. Permission is granted for this material.

802.1X in Windows Tom Rixom Alfa & Ariss. Overview 802.1X/EAP 802.1X in Windows Tunneled Authentication Certificates in Windows WIFI Client in Windows.

Remote Networking Architectures

Wireless Security and Accounting with 802.1X. Introduction Background Why 802.1X? What is 802.1X? Implementing 802.1X at UTD The future of 802.1X and.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.

PKI Network Authentication Dartmouth Applications Robert Brentrup Educause/Dartmouth PKI Summit July 27, 2005.

1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.

Windows 2003 and 802.1x Secure Wireless Deployments.

WSV404 DirectAccess Server (Server 2008 R2) DirectAccess Client (Windows 7) Internet Native IPv6 6to4 Teredo IP-HTTPS Tunnel over IPv4 UDP, HTTPS,

Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.

Internet Information Server 6.0. Overview  What’s New in IIS 6.0?  Built-in Accounts and IIS 6.0  IIS Pass-Through Authentication  Securing Web Traffic.

Academy Conference 2010 Introduction to SSL-VPNs

Clinic Security and Policy Enforcement in Windows Server 2008.

Abdullah Alshalan Garrett Drown Team 3 CSE591: Virtualization and Cloud Computing.

1 FirePass 6.0 Sales Training. 2 Agenda FirePass 6.0 Release Highlights Packaging & Pricing Product Availability Q&A.

Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.

Technology Overview. Agenda What’s New and Better in Windows Server 2003? Why Upgrade to Windows Server 2003 ?  From Windows NT 4.0  From Windows 2000.

Altai Certification Training Backend Network Planning

Education roaming Secure Wireless Service for Research and Education.

VPN Protocol What is a VPN? A VPN is A network that uses Internet or other network service to transmit data. A VPN includes authentication and.

Module 8 Configuring Mobile Computing and Remote Access in Windows® 7.

Module 8: Designing Network Access Solutions. Module Overview Securing and Controlling Network Access Designing Remote Access Services Designing RADIUS.

1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.

A Practical Guide for Joining EduRoam EuroCAMP Torino A Practical Guide for Joining EduRoam 4 March 2005 Version 1.6.

Module 11: Remote Access Fundamentals

1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.

Supercomputing Communications Data NCAR Scientific Computing Division NETS 12/10/ Network Engineering & Telecommunications Section Update Jim Van.

CAEN Wireless Network College of Engineering University of Michigan October 16, 2003 Dan Maletta.

1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.

A Study of Wireless Virtual Network Computing Kiran Erra.

Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.

Providing Teleworker Services

Using RADIUS as a AAA backbone for Windows networks Kostas Kalevras NTUA Network Operations Centre.

802.1X in SURFnet 22 May 2003.

Microsoft Management Seminar Series SMS 2003 Change Management.

SonicWALL SSL-VPN Series Easy Secure Remote Access Cafferata Cristiano SE Italia.

Security for (Wireless) LANs 802.1X workshop 30 & 31 March 2004 Amsterdam.

802.1X Terry Simons Formerly of The University of Utah.

Scaling RADIUS to Support a Nationwide Network Access Infrastructure Kostas Kalevras NTUA Network Operations Centre.

Short Customer Presentation September The Company  Storgrid delivers a secure software platform for creating secure file sync and sharing solutions.

Virtual Private Network Technology Nikki London COSC 352 March 2, 2010.

Wireless Security - Encryption Joel Jaeggli For AIT Wireless and Security Workshop.

Microsoft Windows NT 4.0 Authentication Protocols

Maintaining a Secure and Usable Wireless Network

A Study of Wireless Virtual Network Computing

Server-to-Client Remote Access and DirectAccess

Providing Teleworker Services

Providing Teleworker Services

Install AD Certificate Services

Cengage Learning: Computer Networking from LANs to WANs

What about the other wireless solutions?

Providing Teleworker Services

Presentation transcript:

Integrating multiple wireless access control schemes at NTUA Spiros Papageorgiou, Christos Siaterlis NOC/NTUA

NTUA infrastructure: Vlan based network LDAP backend FreeRadius AAA PKI deployment scheduled in 2004 Encrypted Passwords in LDAP Problem Description Guidelines: OpenSource Solutions Preferred HW / Vendor independent solutions

Requirements User’s perspective Data Encryption Ease of Use, Optimum would be: –No extra SW installation –No setup needed Reliability Operator’s Perspective Authenticated Access Use PKI/Radius or PAP/Radius Accounting Scalability

Solution Novice user Web-based auth scheme Zero setup Secure Authentication with https No data encryption Average user VPN/IPSec tunnel Familiar setup (like a dialup connection) Encryption of data Client certificate Advanced user 802.1x Data Encyption Work in its home VLAN EAP- TLS/TTLS

Web authentication MAC/IP access control

VPN/IPSEC Simple setup of L2TP VPN Win2k, XP

VPN/IPSEC IPsec with certificates. Racoon + Kernel IPsec L2TPd PPPd with Radius support

802.1x Windows XP support Client SecureW2 for TTLS/PAP Dynamic WEPkey rotation Compatible HW needed

Limitations Web login Login Webpage needs to refresh Users keep closing loginpage Most Handheld devices unsupported IE caches loginpage VPN/IPSEC Encryption overhead Need for Certificate Updated Win2k required Not available for guests Most Handheld devices unsupported 802.1x Compatible HW & drivers needed Not easy for guests Extra SW needed

Conclusions Web login Immediate Access Secure login No setup Best for guests! VPN/IPSEC Strong encryption Useful as a network service beyond WIFI Standard Windows setup 802.1x The future! Handhelds Supported No encryption overhead Selection of VLAN per user User isolation

Thank you! Questions?