Presentation is loading. Please wait.

Presentation is loading. Please wait.

SENSE Secure Enterprise Networks – Simple & Easy Stefan Winter.

Published byPercival Long Modified over 8 years ago

Similar presentations

Presentation on theme: "SENSE Secure Enterprise Networks – Simple & Easy Stefan Winter."— Presentation transcript:

1 SENSE Secure Enterprise Networks – Simple & Easy Stefan Winter

2 The Project Origin, Funding SENSE is one of 21 beneficiary projects of the GÉANT Open Call research project initiative FP7  GN3+  SENSE Consortium comprised of

3 The Project Goals Make Enterprise Networking easier and more secure at the same time. – User side: no need to understand all our technobabble no need to follow 20-page PDF instructions It just works (on devices beyond iOS) – Admin side: Describe deployment in one place, deploy once, understood by all devices Try out WiFi setup in a test environment before going to production – Supplicant Implementer side: Enable easy testing of EAP spec conformance and corner case behaviour Understand the good, the bad, and the ugly about supplicant design (UI and functionality)

4 The Project Work Items 1.EAP Metadata File Format - common language for EAP config - 2.Supplicant Assessment - the good, the bad, and the ugly - 3.EAP Lab - verify supplicant conformance and UI - 4.Configurator Development - Linux, Android, CAT module -

5 WI 1: EAP Metadata Standardisation IETF effort: define a EAP configuration file format which – can hold all finesses of EAP deployments and their enabled EAP methods – can provide some meta-information about the Identity Provider to the consumer Non-goal: define Wi-Fi setup properties – that would be IEEE space – Wi-Fi properties have their own (many) subtleties – (we also do that, but not aiming at standardisation)

6 WI 1: Results so far I-D exists https://tools.ietf.org/html/draft-winter- opsawg-eap-metadata-00 https://tools.ietf.org/html/draft-winter- opsawg-eap-metadata-00 Presented at IETF89 – Audience (Ops Area folks) “mildly interested” – Only one significant question: Why XML … … when we have YANG?

7 WI 2: Supplicant Assessment Define criteria – what MUST/SHOULD/SHOULD NOT/MUST NOT a supplicant do? Areas to include – EAP security – System security – Interoperability – User interface – Automatic configuration capabilities

8 WI 2: Results so far Still WIP The “classic” security options are well-known Other areas less so: – Will the import of a root CA for WiFi purposes also make the CA trusted for websites?  (unintentional) TROJAN HORSE – Does the supplicant have meaningful error messages for the user?

9 WI 3: EAP Lab Provide environment to test – EAP supplicants vs. “well-behaved” RADIUS server – EAP supplicants vs. rogue or misconfigured RADIUS server No common EAP methods Wrong CA Correct CA, wrong servername … and many more – Access Points (e.g. eduroam SP-only, or during provisioning) against a remote RADIUS server Test criteria from WI 2 for various supplicants

10 WI 3: Results so far It’s ready Check out https://eaplab.supplicants.net/ https://eaplab.supplicants.net/ – Set of “promiscuous” RADIUS servers – “Fixed Configs” are for everybody’s use (well-behaved RADIUS conversations) – Logging in allows to define own test scenarios, including all kinds of RADIUS/EAP naughtiness on the server side More finetuning and naughtiness coming soon …

11 WI 4: Use the source, Luke! Influence actual supplicants out there: – KDE (“Plasma NetworkManager”, the default KDE supplicant) Improve configuration UI Improve error reporting – CAT: produce config info in EAP Metadata format – Linux in general: installer which consumes the EAP Metadata format – Android 4.3+: Play Store App which consumes the EAP Metadata format

12 WI 4: Results so far CAT: module which implements the -00 IETF Internet-Draft is ready KDE: improved error reporting underway – EAP session states need to be exported – wpa_supplicant  NetworkManager daemon  KDE Plasma NM Linux: implementation underway, alpha Android: implementation underway, alpha

13 DEMO We are showcasing the EAP Lab and the Android configuration app! If you ever wanted to – know how your phone reacts if an EAP server behaves “funny” – See Android auto-configuration in action Come to room “Demo B” at 11:00 tomorrow!

14 The Team Consortium Partners – Zbigniew Ołtuszyk (PSNC) – project coordinator – Stefan Winter (RESTENA) – research cordinator, T2.1 and T2.2 leader – Tomasz Wolniewicz (PSNC/NCU) – T2.3, T2.4 leader – Michał Gasewicz (PSNC/NCU) – Maja Górecka-Wolniewicz (PSNC/NCU) – Jędrzej Jajor (PSNC) – Tomasz Krakowski (PSNC/NCU) – Łukasz Zygmański (PSNC/NCU) 3rd Party Contractors – Gareth Ayres (RESTENA/U. Swansea) – Lamarque Vieira Souza (RESTENA/Individual)

15 The End Thanks for your attention! The SENSE project is one of 21 beneficiary projects of the GÉANT Open Call research project initiative, which is part of the wider GÉANT Innovation Programme. The Open Call initiative brings fresh ideas to the GÉANT project and supports new uses of the network. For more information, visit http://www.geant.net/opencallhttp://www.geant.net/opencall This project has received funding from the European Union’s Seventh Framework Programme for research, technological development and demonstration under grant agreement no 605243. This document has been produced with the financial assistance of the European Union. The contents of this document are the sole responsibility of RESTENA and PSNC and can under no circumstances be regarded as reflecting the position of the EU.

Download ppt "SENSE Secure Enterprise Networks – Simple & Easy Stefan Winter."

Similar presentations

CLARIN AAI, Web Services Security Requirements

CLARIN AAI, Web Services Security Requirements
© 2009 GroundWork Open Source, Inc. PROPRIETARY INFORMATION: Information contained herein is not for use or disclosure outside of GroundWork Open Source,

© 2009 GroundWork Open Source, Inc. PROPRIETARY INFORMATION: Information contained herein is not for use or disclosure outside of GroundWork Open Source,
Deploying and Managing Active Directory Certificate Services

Deploying and Managing Active Directory Certificate Services
15.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 15: Configuring a Windows.

15.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 15: Configuring a Windows.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
CSC – Tieteen tietotekniikan keskus Oy CSC – IT Center for Science Ltd. WLAN Infrastructure Monitoring and Supplicants Workshop on Wireless Belgrade -

CSC – Tieteen tietotekniikan keskus Oy CSC – IT Center for Science Ltd. WLAN Infrastructure Monitoring and Supplicants Workshop on Wireless Belgrade -
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.

Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
VoiceXML Builder Arturo Ramirez ACS 494 Master’s Graduate Project May 04, 2001.

VoiceXML Builder Arturo Ramirez ACS 494 Master’s Graduate Project May 04, 2001.
Building service testbeds on FIRE D5.2.5 Virtual Cluster on Federated Cloud Demonstration Kit August 2012 Version 1.0 Copyright © 2012 CESGA. All rights.

Building service testbeds on FIRE D5.2.5 Virtual Cluster on Federated Cloud Demonstration Kit August 2012 Version 1.0 Copyright © 2012 CESGA. All rights.
Module 14: Configuring Print Resources and Printing Pools.

Module 14: Configuring Print Resources and Printing Pools.
Mobile search engine for a smart phone / navigation system can be used to search and compare hundreds of stores and their products in seconds. © 2001 –

Mobile search engine for a smart phone / navigation system can be used to search and compare hundreds of stores and their products in seconds. © 2001 –
Large Scale Broadband Measurement Activities within the IETF, Broadband Forum and EU Leone project Trevor Burbridge, 16 th May 2013 The research leading.

Large Scale Broadband Measurement Activities within the IETF, Broadband Forum and EU Leone project Trevor Burbridge, 16 th May 2013 The research leading.
Global Public Inclusive Infrastructure: Making Progress Cognitive WAI March 2014.

Global Public Inclusive Infrastructure: Making Progress Cognitive WAI March 2014.
Internationalisation and Localisation Agenda Overview Configuration Language Packages Dictionary Files Default Tool Content Right to Left Support Translation.

Internationalisation and Localisation Agenda Overview Configuration Language Packages Dictionary Files Default Tool Content Right to Left Support Translation.
1 Apache. 2 Module - Apache ♦ Overview This module focuses on configuring and customizing Apache web server. Apache is a commonly used Hypertext Transfer.

1 Apache. 2 Module - Apache ♦ Overview This module focuses on configuring and customizing Apache web server. Apache is a commonly used Hypertext Transfer.
CSE 548 Advanced Computer Network Security Document Search in MobiCloud using Hadoop Framework Sayan Cole Jaya Chakladar Group No: 1.

CSE 548 Advanced Computer Network Security Document Search in MobiCloud using Hadoop Framework Sayan Cole Jaya Chakladar Group No: 1.
Market Health Health-2-Market Final Conference 1st July 2015, The Hotel, Brussels, Belgium Health-2-Market mobile application Krisztina Toth, Project Manager,

Market Health Health-2-Market Final Conference 1st July 2015, The Hotel, Brussels, Belgium Health-2-Market mobile application Krisztina Toth, Project Manager,
1 Chapter Overview Publishing Resources in Active Directory Service Redirecting Folders Using Group Policies Deploying Applications Using Group Policies.

1 Chapter Overview Publishing Resources in Active Directory Service Redirecting Folders Using Group Policies Deploying Applications Using Group Policies.
SecureLocation Abhinav Tyagi. What is SecureLocation? SecureLocation demonstrate use of BluetoothLE based beacons for securing a region. The application.

SecureLocation Abhinav Tyagi. What is SecureLocation? SecureLocation demonstrate use of BluetoothLE based beacons for securing a region. The application.

Similar presentations

Ads by Google