Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wireless RADIUS Access Susan Mulholland Joseph Paulowskey Joseph Woulfe.

Published byWhitney Caldwell Modified over 9 years ago

Similar presentations

Presentation on theme: "Wireless RADIUS Access Susan Mulholland Joseph Paulowskey Joseph Woulfe."— Presentation transcript:

1 Wireless RADIUS Access Susan Mulholland Joseph Paulowskey Joseph Woulfe

2 What is a Wi-Fi?  Stands for Wireless Fidelity  The wireless networking and networking is called 802.11  Can connect PC’s, notebooks, and PDAs to enable them to share internet connections, printers and documents  Can be up to 300 feet

3 Three kinds of 802.11  802.11b  The first version of 802.11b  Slowest  Least expensive  802.11a  The second version  Can handle up to 54 mega bits per second  Operates at 5 GHz  802.11g  The third version  Operates at 2.4 GHz  Has advantage of higher speeds

4 Advantages of Wi-Fi  Allows LANs to be deployed without cabling  Reduce the costs of network deployment and expansion.  Can host wireless LANs.  Networks support roaming  Wi-Fi client works in all different countries  A global set of standards

5 Disadvantages of Wi-Fi  Power consumption is high  Concerns about battery life and heat  Has limited range.  Access points could be used to steal personal information transmitted from Wi-Fi users.  Wired Equivalent Privacy or WEP is easy to be breakable even when correctly configured. WPA2 Wired Protected Access is improved and better than WEP.

6 Wi-Fi Security  If a hotspot is open, then anyone with a Wi-Fi card can access the hotspot. The original standard was 64-bit encryption that was easily broken.  If it is secure using 128-bit encryption, then the user needs to know a WEP key to connect. Using a hotspot at your house, you need a WEP 128-bit encryption preventing intruders into your network.

7 Wi-Fi network in your home  802.11b  Is slightly less expensive and the slowest of the three 802.11. For home use, 802.11g costs just a little more, but is up to 5 times faster. If you will be doing a lot of file transfers between computers in your home, 802.11g is definitely the way to go.  802.11g  Costs just a little more,  Up to 5 times faster. If you do a lot of file transfers between computers in your home, then 802.11g is the best the way to go.

8 Two kinds of Wi-Fi  Commerical Wi-Fi  Services are available such as Internet cafes, Borders bookstore, and more. T-Mobile has many hotspots in all Borders and Starbucks.  Free Wi-Fi  Many members of local governments have joined with local community groups to help expand free Wi-Fi networks. Some community groups built their Wi-Fi networks based on volunteer efforts and donations.

9 About Wi-Fi revolution  Consultants from Pyramid Research predicted that more Americans would use Wi-Fi than cellular networks by 2007.  Last year, approximately 30.2 million Americans used Wi-Fi, according to Pyramid comparing with 213 million mobile-phone customers.  Demand for Wi-Fi is increasing. However, the pace shows signs of slowdown.

10 RADIUS Stands for: Remote Dial In User Service The Certificates are used to authenticate the user’s computer and to authenticate the RADIUS server.

11 Deployment Diagram This diagram shows how the user’s wireless device will connect through the wireless access point. The credentials will then be sent from the access point to the radius server which will verify the user information using the Network Information Service (NIS) server. Upon verification in the NIS server the user acceptance will be passed back up to the RADIUS server then back up to the access point which will put the user back on the network. The user will then be allowed to do a DHCP request for an IP address and the DHCP server will respond.

12 Architectural Design

13 Radiusd.conf The radiusd.conf file is the main configuration file for the FreeRadius Server radiusd.conf file. Port =1812 #sets the port to listen on to 1812 Log_auth = yes #sets the server to log authentication requests

14 Clients.conf The clients.conf file is a configuration file for the FreeRadius server that establishes what clients can connect to the radius server. The following are the lines that were modified in the client.conf file to allow for the single test access point to be a client as well as the local host to be a client for testing. client [134.198.161.212]{ secret = cmps354 shortname = WAP354 } client localhost{ secret = cmps354 shortname = lh }

15 Eap.conf The eap.conf file is a file that handles the configuration for the EAP protocols in FreeRadius. The following lines have to be adjusted. default_eap_type = tls #tls is the authentication form that is being used #The following is from the tls module private_key_password = private_key_file = ${raddbdir}/certs/serverkey_cert.pem certificate_file = ${raddbdir}/certs/serverkey_cert.pem CA_file = /usr/local/openssl/cmpsCA/cacert.pem dhfile = /dev/null #link to a built in null location random_file = /dev/urandom #link to a built in random number generator #The following is from the ttls module #default_eap_type = copy_request_to_tunnel = yes use_tunnled_reply = yes

16 Installing OpenSSL OpenSSL by default is installed onto the FreeBSD 5.4 system After installing OpenSSL the administrator has to go to the directory that contains the configuration files for OpenSSL. By default on FreeBSD the path is /usr/local/openssl/. From there you can find the file openssl.cnf this file has a number of lines that should be edited for ease of use.

17 openssl.cnf lines that should be edited for ease of use. # These are some of the lines that should be modified [ CA_default ] dir =./cmpsCA # Where the CA is kept#further downcountryName_default = US stateOrProvinceName_default =Pennsylvania 0.organizationName_default = Computing Science Department

18 xpextensions After editing the defaults of the openssl.cnf file another file must be created because these certificates are going to be used on Microsoft Windows XP computers. The file should be created and named xpextensions.

19 xpextensions The following lines should be added to xpextensions: [ xpclient_ext]extendedKeyUsage = 1.3.6.1.5.5.7.3.2 [ xpserver_ext ]extendedKeyUsage = 1.3.6.1.5.5.7.3.1

20 Creating a Certificate Authority To create a certificate authority you must edit the CA.sh file in the openssl/misc directory CATOP=./cmpsCA #this path should match the dir specified in #openssl.cnf

21 Creating and Signing Certificates The first step for creating the server certificates is to make a certificate request with this command: $ openssl req -new -nodes -keyout server_key.pem -out server_req.pem -days 730 -config./openssl.cnf After making the request it will prompt the user to enter some organization information then the request will be created under the file server_req.pem This server request now has to be signed by your created certificate authority and the xpextensions needs to be added to the certificate. This can be done with the command: $ openssl ca -config./openssl.cnf \-policy policy_anything - out server_cert.pem \-extensions xpserver_ext -extfile./xpextensions \-infiles./server_req.pem

22 Creating and Signing Certificates client_req.pem The client certificate follows the same process as the server certificate First you must create a signing request. $ openssl req -new -keyout client_key.pem \ -out client_req.pem -days 730 -config./openssl.cnf Then you sign the request with the same certificate authority $ openssl ca -config./openssl.cnf \-policy policy_anything -out client_cert.pem \-extensions xpclient_ext -extfile./xpextensions \-infiles./client_req.pem

23 Creating and Signing Certificates Finally after you have created your signed certificate in the client_cert.pem you have to convert it to a.p12 file for windows machines. You can do that with this command openssl pkcs12 -export -in client_cert.pem \-inkey client_key.pem - out client_cert.p12 -clcerts

24 Wireless Access Points The Wireless Access points need to be configured for the network Set static IP IP address should be reflected in the clients.conf file of the radius directory The SSID needs to be modified to “CMPS”

25 Wireless Access Points

26 User Interface Design SecureW2 Supplicant The SecureW2 client is a WPA supplicant that installs onto the users Windows XP computer. This is used to authenticate the user through the RADIUS server using the TTLS protocol.

27 SecureW2 Installation The SecureW2 client can be downloaded from http://www.securew2.com/uk/download/i ndex.htm

28 SecureW2 Installation

29

30 Configuration SecureW2 allows for PAP authentication SecureW2 also allows you to input a user id and password combination for quick reconnecting to the network This can be used on a personal computer The configuration of the SecureW2 Client is shown below

31

32

33 Resources  http://en.wikipedia.org/wiki/WiFi http://en.wikipedia.org/wiki/WiFi  http://www.wi-fihotspotlist.com/ http://www.wi-fihotspotlist.com/  http://www.wififreespot.com/pa.html http://www.wififreespot.com/pa.html  http://www.wifimaps.com/ http://www.wifimaps.com/  http://www.cs.scranton.edu/%7Etjm2f/sc hool/cmps490/SystemDocumentation.do c#_Toc121278389

Download ppt "Wireless RADIUS Access Susan Mulholland Joseph Paulowskey Joseph Woulfe."

Similar presentations

Network Security.

Network Security.
Security in Wireless Networks Juan Camilo Quintero D. 1041718.

Security in Wireless Networks Juan Camilo Quintero D
WiFi VS Cellular “Bringing Secure Payment to the Point Of Service”

WiFi VS Cellular “Bringing Secure Payment to the Point Of Service”
1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.

1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.
Presentation viewer : _ Mahmoud matter. Ahmed alasy Dr: Rasha Atallah.

Presentation viewer : _ Mahmoud matter. Ahmed alasy Dr: Rasha Atallah.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Implementing Security for Wireless Networks Presenter Name Job Title Company.

Implementing Security for Wireless Networks Presenter Name Job Title Company.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
802.1x EAP Authentication Protocols

802.1x EAP Authentication Protocols
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.

Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.
Wireless Security Focus on Encryption Steps to secure a Wi-Fi Network.

Wireless Security Focus on Encryption Steps to secure a Wi-Fi Network.
Securing Home Networks (including WiFi and Servers) By Dr. Rafael Azuaje, Sul Ross State University, Alpine, TX Home networks (wire/wireless) are becoming.

Securing Home Networks (including WiFi and Servers) By Dr. Rafael Azuaje, Sul Ross State University, Alpine, TX Home networks (wire/wireless) are becoming.
Wi-Fi the 802.11 Standard and Security. What is Wi-Fi? Short for wireless fidelity. It is a wireless technology that uses radio frequency to transmit.

Wi-Fi the Standard and Security. What is Wi-Fi? Short for wireless fidelity. It is a wireless technology that uses radio frequency to transmit.
Using RADIUS Within the Framework of the School Environment Charles Bolen Systems Engineer December 6, 2011.

Using RADIUS Within the Framework of the School Environment Charles Bolen Systems Engineer December 6, 2011.
802.1X in Windows Tom Rixom Alfa & Ariss. Overview 802.1X/EAP 802.1X in Windows Tunneled Authentication Certificates in Windows WIFI Client in Windows.

802.1X in Windows Tom Rixom Alfa & Ariss. Overview 802.1X/EAP 802.1X in Windows Tunneled Authentication Certificates in Windows WIFI Client in Windows.

Similar presentations

Ads by Google