Download presentation
Presentation is loading. Please wait.
Published byCaitlin Webb Modified over 6 years ago
1
SECURE WIRELESS NETWORK IN IŞIK UNIVERSITY ŞİLE CAMPUS
2
Designed by VOLKAN MUHTAROĞLU
3
WLAN(Wirelass LAN) We introduced at 1986 for use in barcode scanning .
A properly selected and installed Wi-Fi or wireless fidelity. 802.11a, b, g technologies, g is the latest technology. These are IEEE standard.
4
GENERAL TOPOGOLY OF WLAN
5
THE PROJECT The problem is, how can three different users access over an access point to different type of data with securily in our campus. As another word, if we choose there people such as; student, university staff and data processing center worker can access different type of data or they have different rights when access from the access point by securily.
6
THREE DIFFERENT USER Student University Staff
Data Processing Center Worker
7
COMPONENTS OF SECURE WIRELESS NETWORK
Cisco Aironet 1100 Series Access Point Radius Server Two Switch(One of them is Managable Switch, the other one is Backbone Switch) Vlan Cisco PIX Firewall WEP & LEAP Database Server Intranet Web Server
8
Cisco Aironet 1100 Series Access Point
It is a wireless LAN transceiver. 1100 series is cheaper than the others and its performances is really efficient. It is also managable easily and common all over the world.
9
RADIUS SERVER RADIUS is a distributed client/server system that secures networks against unauthorized access. Use RADIUS in these network environments, which require access security This server also called AAA Server which means Audit, Authentication and Accounting. In my project Radius Server will provide Authentication and Mac filtering.
10
SWITCHES Managable Switch Backbone Switch
I will use three different type IP. Student will take 10.0.x.x, University Staff will take x.x, Data Processing Center Worker will take x.x.
11
VLAN VLAN is a switched network that is logically segmented.
I will use Vlan for having different kind of rights of these there different type of users on WLAN.
12
CISCO PIX FIREWALL I chose it because I have it.
13
DATABASE AND INTRANET WEB SERVER
Database Server : Only Data Processing Center Worker can access these server. Intranet Web Server : Only University Staff and Only Data Processing Center Worker can access these server.
14
HOW WILL DESIGN BE? Firstly; how will student, university staff and data processing center worker be on the different Vlan, how can I give different rights them. The second thing is how these people come to these Vlan. The third thing which is most important how I can provide security.
15
SSID(Service Set Identifer)
When connect to WLAN you will see the name of WLAN, which is SSID.
16
FOR VLAN 1 If we define two different SSID, one of them broadcasting, the other one is secret. For instance; our broadcasting SSID is tsunami; our not broadcasting(secret) SSID is Private. If you connect WLAN with access point everybody sees automatically tsunami SSID. Also when you connect this, you will come to Vlan 1 and this Vlan provides to access only Internet.
17
AUTHENTICATION If you are not student; you write the not broadcasting SSID name for accessing, at that time you will see the Username-Password Window for having different kind of rights. When you enter the username-password, the information come to Radius Server. And now; EAP (Extensible Authentication Protocol) uses.
18
AUTHENTICATION TOPOLOGY
19
WEP(Wired Equivalent Privacy )
WEP is an encryption algorithm used by the Shared Key authentication process for authenticating users and for encrypting data payloads over only the wireless segment of the LAN. The secret key lengths are 40-bit or 104-bit yielding WEP key lengths of 64 bits and 128 bits. WEP key is an alphanumeric character string used in two manners in a wireless LAN. WEP key can be used : Verify the identity of an authenticating station. WEP keys can be used for data encryption.
20
CRITERIA The standard specifies the following criteria for security: Exportable Reasonably Strong Self-Synchronizing Computationally Efficient Optional WEP meets all these requirements. WEP supports the security goals of confidentiality, access control, and data integrity.
21
WEP KEY WEP key is an alphanumeric character string used in two manners in a wireless LAN. WEP key can be used : Verify the identity of an authenticating station. WEP keys can be used for data encryption.
22
WEP KEY TABLE
23
EAP(Extensible Authentication Protocol )
This authentication type provides the highest level of security for your wireless network. Using the Extensible Authentication Protocol (EAP) to interact with an EAP-compatible RADIUS server. This is type of dynamic WEP key. There are five different type of EAP, I will use LEAP (Lightweight Extensible Authentication Protocol, designed by Cisco) which is the most secure.
24
LEAP TOPOLOGY
25
MAC(Media Access Control) ADDRESS FILTERING
Server checks the address against a list of allowed MAC addresses. If your MAC address is University Staff’s MAC address, you wil come to Vlan 2 and you will have thoose rights, if your MAC address is data processing center worker’s address, you will come Vlan 3 also you will have those rights.
26
MAC FILTERING TOPOLOGY
27
STUDENT TOPOLOGY-1
28
STUDENT TOPOLOGY-2
29
STUDENT GENERAL TOPOLOGY
30
UNIVERSITY STAFF TOPOLOGY-1
31
UNIVERSITY STAFF TOPOLOGY-2
32
UNIVERSITY STAFF TOPOLOGY-3
33
UNIVERSITY STAFF GENERAL TOPOLOGY
34
DATA PROCESSING CENTER WORKER TOPOLOGY-1
35
DATA PROCESSING CENTER WORKER TOPOLOGY-2
36
DATA PROCESSING CENTER WORKER TOPOLOGY-2
37
DATA PROCESSING CENTER WORKER GENERAL TOPOLOGY
38
SECURITY POLICY The purpose of this policy is to provide guidance for the secure operation and implementation of wireless local area networks (WLANs).
39
AUTHENTICATION University Staff and Data Processing Center Worker have to authenticate the system if they want to have different kind of rights. For authentication, username and password authentication is used so users must use strong passwords (alphanumeric and special character string at least eight characters in length). Shared secret (or shared key) authentication must be used to authenticate to the WLAN
40
ENCRYPTION & ACCESS CONTOL
Distinct WEP keys provide more security than default keys and reduce the risk of key compromise. SSID MAC(Media Access Control)
41
FIREWALL Firewall provide security based on ports.
42
PHYSICAL AND LOGICAL SECURITY
Access point must be placed in secure areas, such as high on a wall, in a wiring closet, or in a locked enclosure to prevent unauthorized physical access and user manipulation. Access point must have Intrusion Detection Systems (IDS) at designated areas on Campus property to detect unauthorized access or attack.
43
CONCLUSION With this design Student, University Staff and Data Processing Center Worker can access securily; wherever they want, don’t use extra devices or don’t make any adjusting.
44
QUESTION ?
45
REFERENCES Cisco Press Wireless Network Site Surveying and Installation book. Cisco Securing Wireless Networks handbook. Cisco Aironet 1100 Series Access Point Quick Start Guide. Certified Wireless Network AdministratorTM Official Study Guide. Wireless Network Solutions (Paul Williams)
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.