Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSC – Tieteen tietotekniikan keskus Oy CSC – IT Center for Science Ltd. WLAN Infrastructure Monitoring and Supplicants Workshop on Wireless Belgrade -

Published byDamian Holt Modified over 9 years ago

Similar presentations

Presentation on theme: "CSC – Tieteen tietotekniikan keskus Oy CSC – IT Center for Science Ltd. WLAN Infrastructure Monitoring and Supplicants Workshop on Wireless Belgrade -"— Presentation transcript:

1 CSC – Tieteen tietotekniikan keskus Oy CSC – IT Center for Science Ltd. WLAN Infrastructure Monitoring and Supplicants Workshop on Wireless Belgrade - 12.09.2011 Wenche Backman-Kamila

2 Agenda Supplicants in general –Windows7 (manual & automatic config) –Network manager and wpa_supplicant –Mac –WindowsXP Monitoring –Fixed part –Wireless part

3 SUPPLICANTS

4 Why supplicants? eduroam based on 802.1x –802.1x requires supplicants LOTS of different supplicants out there –all OSes have their own –iPhone, Android, Nokia etc. have their own –All differ but basic features are the same The bright side: Configure only ONCE –In web authentication credentials repeated

5 Supplicant details Basic features –Define EAP-method Supported methods depend on supplicant –Define certificate and server name If self-signed certificate, no server name required –Define encryption: WPA2-AES, WPA-TKIP –Define user name and password User name including @organisation.rs Anonymous identity might be supported

6 Supplicant best practices About certificates in PEAP and TTLS –If self-signed certificate Distribute it securely to your users –If public CA Ensure that the CA and the server name has been defined in the supplicant –If you use TLS you don’t have to worry about these recommendations Anonymous identity

7 Supplicants and supported EAP methods PEAP- MSCHAPv2 TTLS- MSCHAPv2 TTLS-PAPTLS Windows XP/Vista/7xx Network manager & wpa_supplicant xxxx Macxxxx

8 Windows7 manually 1/3

9 Windows7 manually 2/3

10 Windows7 manually 3/3

11 Windows7 – automatically 1/2 Installer creates XML file –XML file used to configure settings User only inputs credentials –requires admin rights Installer created with NSIS Win7 and Vista

12 Windows7 – automatically 2/2

13 Network manager/ wpa_supplicant

14 Mac supplicant 1/3

15 Mac supplicant 2/3

16 Mac supplicant 3/3

17 WinXP Configuration video available at http://cbt.geant2.net/repository/ eduroam_supplicants/setting_up_eduroam_ supplicants.html http://cbt.geant2.net/repository/ eduroam_supplicants/setting_up_eduroam_ supplicants.html

18 MONITORING

19 Monitoring

20 Monitoring methods for authentication Radius authentication radtest –standard command Input –Credentials –Server name and shared secret does not require a radius server for monitoring purposes doesn’t test EAP auth EAP authentication eapol_test –included in wpa_supplicant Additional input compared to radtest –Supported EAP methods (outer and inner) –Certificate Requires a radius server to carry out testing Imitates supplicant auth

21 More on eapol_test http://deployingradius. com/scripts/eapol_testhttp://deployingradius. com/scripts/eapol_test eapol_test –c peap-mschapv2.conf –a –s –M 22:44:66:00:00:00 –A check_eapauth rad_eap_test ( http://www.eduroam.cz/rad_eap_test/) http://www.eduroam.cz/rad_eap_test/

22 Monitoring authentication at campus Create username and password for montoring purposes Monitoring server –radtest –and/or eapol_test And additionally –ping latency, packet loss and opening of SSH connections

23 Monitoring at federation level Monitoring hierarchy –With credentials from each organisation –Results on web –Based on eapol_test –E.g. Checks every 10 th minute if OK –If problems every 3 rd minute

24 Monitoring the air interface Commercial products can be divided into three groups: –Products based on data from access points to the controllers –Products based on site survey –Solutions covering both the fixed LAN network and the air interface

25 Access point and controller data Cisco’s WCS –Control and monitor several controllers –Air interface data Signal strength and noise levels Channel allocation Transmit power AirWave’s Wireless Management Suite –multivendor environments

26 Site survey for monitoring purposes Lots of alternatives –Motorola’s AirDefense Mobile and SiteScanner –Airmagnet’s WiFi and VoFi Analyzers –WildPackets’s OmniPeek –Wireshark –Wi-Spy

27 Both LAN and air interface Active measures –Attach –Authentication –DHCP-server –HTTP and FTP upload and download –VoIP-test with MOS Passive measures –Signal strength and SNR 7signal’s Sapphire

28 Monitoring at campuses in Finland Access points are monitored –All known APs connected to controller –APs correctly configured –Radios on –Users per AP Means for AP monitoring –SSH skript –perl –Airwave

29 References and contact info Main reference –WLAN infrastructure BPD http://www.terena.org/campus-bp/bpd.html Other references –Monitoring and ensuring WLAN performance http://www.terena.org/campus-bp/reports.html Wenche.Backman-Kamila@csc.fi

Download ppt "CSC – Tieteen tietotekniikan keskus Oy CSC – IT Center for Science Ltd. WLAN Infrastructure Monitoring and Supplicants Workshop on Wireless Belgrade -"

Similar presentations

Authentication.

Authentication.
RadSec – A better RADIUS protocol

RadSec – A better RADIUS protocol
Wireless Connectivity at Pace University Wireless Connectivity is: Available at every Pace location Note: In NY 55 John St. & St. George have wireless.

Wireless Connectivity at Pace University Wireless Connectivity is: Available at every Pace location Note: In NY 55 John St. & St. George have wireless.
Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June 22 2005 Licia Florio.

Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June Licia Florio.
Wireless LAN  Setup & Optimizing Wireless Client in Linux  Hacking and Cracking Wireless LAN  Setup Host Based AP ( hostap ) in Linux & freeBSD  Securing.

Wireless LAN  Setup & Optimizing Wireless Client in Linux  Hacking and Cracking Wireless LAN  Setup Host Based AP ( hostap ) in Linux & freeBSD  Securing.
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved AOS & CPPM INTEGRATION CONFIGURATION & TESTING EAP TLS & EAP PEAP by Abilash Soundararajan.

CONFIDENTIAL © Copyright Aruba Networks, Inc. All rights reserved AOS & CPPM INTEGRATION CONFIGURATION & TESTING EAP TLS & EAP PEAP by Abilash Soundararajan.
Filtering and Security By Mohammad Shanehsaz June 2004.

Filtering and Security By Mohammad Shanehsaz June 2004.
CSC – Tieteen tietotekniikan keskus Oy CSC – IT Center for Science Ltd. WLAN Information Security Workshop on Wireless Belgrade - 12.09.2011 Wenche Backman-Kamila.

CSC – Tieteen tietotekniikan keskus Oy CSC – IT Center for Science Ltd. WLAN Information Security Workshop on Wireless Belgrade Wenche Backman-Kamila.
Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference 2006 9 th November, 2006.

Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference th November, 2006.
CSG357 Dan Ziminski & Bill Davidge 1 Effective Wireless Security – Technology and Policy CSG 256 Final Project Presentation by Dan Ziminski & Bill Davidge.

CSG357 Dan Ziminski & Bill Davidge 1 Effective Wireless Security – Technology and Policy CSG 256 Final Project Presentation by Dan Ziminski & Bill Davidge.
Connect communicate collaborate RADIUS and WLAN Infrastructure Monitoring Jovana Palibrk, AMRES NA3 T2, Sofia, 19.06.2014.

Connect communicate collaborate RADIUS and WLAN Infrastructure Monitoring Jovana Palibrk, AMRES NA3 T2, Sofia,
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
High-quality Internet for higher education and research Federated network access with Klaas Wierenga SURFnet Ljubljana, April.

High-quality Internet for higher education and research Federated network access with Klaas Wierenga SURFnet Ljubljana, April.
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Wireless Technologies Networking for Home and Small Businesses – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Wireless Technologies Networking for Home and Small Businesses – Chapter.
Coursework 2: getting started (4) – using PhoneGap to build mobile applications (optional) Chris Greenhalgh G54UBI / 2011-02-24.

Coursework 2: getting started (4) – using PhoneGap to build mobile applications (optional) Chris Greenhalgh G54UBI /
Swansea: When eduroam doesn't fit By Gareth Ayres Gregynog Colloquium Conf 2011.

Swansea: When eduroam doesn't fit By Gareth Ayres Gregynog Colloquium Conf 2011.
802.1x EAP Authentication Protocols

802.1x EAP Authentication Protocols
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
Protected Extensible Authentication Protocol

Protected Extensible Authentication Protocol

Similar presentations

Ads by Google