Presentation is loading. Please wait.

Presentation is loading. Please wait.

SECURING WIRELESS LANS WITH CERTIFICATE SERVICES

Published byChristel Siegel Modified over 6 years ago

Similar presentations

Presentation on theme: "SECURING WIRELESS LANS WITH CERTIFICATE SERVICES"— Presentation transcript:

1 SECURING WIRELESS LANS WITH CERTIFICATE SERVICES
Microsoft Solution for Security (MSS) Group Presented by PHILIP HUYNH 2009

2 Purposes of the Report WLAN in the Organization: Benefits and Threats.
The design of solution for securing WLAN using 802.1x Certificate Based Authentication (EAP-TLS). 11/20/2018 PHILIP HUYNH

3 Wireless LAN Architecture
Need a Corporate WLAN picture! 11/20/2018 PHILIP HUYNH

4 The Benefits of WLAN Core Business Benefits
Mobile connection to corporation LAN Organizational flexibility Integration of new devices and applications into the corporate IT environment Operational Benefits The cost of provisioning network Easily scale the network to respond to different levels of demand Capital cost no longer is tied to building infrastructure 11/20/2018 PHILIP HUYNH

5 Main Security Threats for WLANs
Eavesdropping (disclosure of data) Interception and modification of transmitted data Spoofing Denial of Service (DoS) Free-loading (or resource theft) Accidental threats Rogue WLANs 11/20/2018 PHILIP HUYNH

6 Elements of WLAN Protecting
Authenticating the person (or device) connecting to the network Authorizing the person or device to use the WLAN Protecting the data transmitted on the network 11/20/2018 PHILIP HUYNH

7 IEEE 802.1x Protocol The 802.1x protocol is an IEEE standard
Authenticating access to a network Managing keys used to protect traffic. The 802.1x protocol involves The network user A network access (or gateway) device such as wireless AP An authentication and authorization service in form of a Remote Authentication Dial-In Service (RADIUS) server. 802.1x protocol relies on the Extensible Authentication Protocol (EAP) to carry out the authentication exchange between the client and the RADIUS server. 11/20/2018 PHILIP HUYNH

8 EAP-TLS Authentication Method
IETF standard (RFC 2716) Probably the most widely supported authentication method on both wireless clients and RADIUS servers in used today Uses public key certificates to authenticate both the wireless client and RADIUS server. Establishing an encrypted TLS session between client and server 11/20/2018 PHILIP HUYNH

9 The Benefits of 802.1X with WLAN Data Protection
High security Stronger encryption Transparent User and computer authentication Low cost High performance 11/20/2018 PHILIP HUYNH

10 Target Organization’s Network
11/20/2018 PHILIP HUYNH

11 802.1X EAP-TLS Strategy 11/20/2018 PHILIP HUYNH

12 802.1X EAP-TLS Strategy 11/20/2018 PHILIP HUYNH

13 802.1X EAP-TLS Strategy 11/20/2018 PHILIP HUYNH

14 802.1X EAP-TLS Strategy 11/20/2018 PHILIP HUYNH

15 802.1X EAP-TLS Strategy 11/20/2018 PHILIP HUYNH

16 802.1X EAP-TLS Strategy 11/20/2018 PHILIP HUYNH

17 Future Work Implement the solution
Public Key Infrastructure using MS Server Certificate Services RADIUS Infrastructure using MS Internet Authentication Service WLAN Security: Client and AP Testing and deriving the learning lessons 11/20/2018 PHILIP HUYNH

18 Related Work CS Master thesis of NIRMALA LUBUSU (2003)
Implementation and Performance Analysis of The Protected Extensible Authentication Protocol Different EAP method: What is PEAP? 1st stage: a TLS session is established between client and server, and allows the client to authenticate the server using the server’s digital certificate. 2nd stage: requires a second EAP method tunneled inside the PEAP session to authenticate the client to the RADIUS server. Different implementation PKI/Certificate Server using the OpenSSL RADIUS Server using FreeRADIUS / Linux OS 11/20/2018 PHILIP HUYNH

19 References IEEE Std 802.1X-2001 (2001) IEEE Standard for Local and metropolitan area network – Port based Network Access Control, The Institute of Electrical and Electronics Engineers, Inc. The Microsoft Solution for Security (MSS) group (2004) Securing Wireless LANs with Certificate Services Release 1.6, Microsoft Corporation. Nirmala Lubusu (2003) Implementation and Performance Analysis of The Protected Extensible Authentication Protocol, Department of Computer Science, UCCS. 11/20/2018 PHILIP HUYNH

20 Questions ? 11/20/2018 PHILIP HUYNH

Download ppt "SECURING WIRELESS LANS WITH CERTIFICATE SERVICES"

Similar presentations

Authentication.

Authentication.
Wireless LAN  Setup & Optimizing Wireless Client in Linux  Hacking and Cracking Wireless LAN  Setup Host Based AP ( hostap ) in Linux & freeBSD  Securing.

Wireless LAN  Setup & Optimizing Wireless Client in Linux  Hacking and Cracking Wireless LAN  Setup Host Based AP ( hostap ) in Linux & freeBSD  Securing.
Simple ways to secure Wireless Computers Jay Ferron, ADMT, CISM, CISSP, MCSE, MCSBA, MCT, NSA-IAM, TCI.

Simple ways to secure Wireless Computers Jay Ferron, ADMT, CISM, CISSP, MCSE, MCSBA, MCT, NSA-IAM, TCI.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Wireless Security without a VPN! Stirling Goetz, Microsoft Consulting Services.

Wireless Security without a VPN! Stirling Goetz, Microsoft Consulting Services.
802.1x EAP Authentication Protocols

802.1x EAP Authentication Protocols
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
Protected Extensible Authentication Protocol

Protected Extensible Authentication Protocol
WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,

WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,
Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.

Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Wireless Technologies Networking for Home and Small Businesses – Chapter 7.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Wireless Technologies Networking for Home and Small Businesses – Chapter 7.
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
By Alvin Tse.  FCC – Federal Communications Commission   IETF – Internet Engineering Task Force   IEEE –

By Alvin Tse.  FCC – Federal Communications Commission   IETF – Internet Engineering Task Force   IEEE –
Wireless Security Issues Implementing a wireless LAN without compromising your network Marshall Breeding Director for Innovative Technologies and Research.

Wireless Security Issues Implementing a wireless LAN without compromising your network Marshall Breeding Director for Innovative Technologies and Research.
Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.

Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University

Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University
EAP Overview (Extensible Authentication Protocol) Team Golmaal: Vaibhav Sharma Vineet Banga Manender Verma Lovejit Sandhu Abizar Attar.

EAP Overview (Extensible Authentication Protocol) Team Golmaal: Vaibhav Sharma Vineet Banga Manender Verma Lovejit Sandhu Abizar Attar.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.

Similar presentations

Ads by Google