Presentation is loading. Please wait.

Presentation is loading. Please wait.

Www.swan.ac.uk/lis. Wireless Authentication & 802.1X By Gareth Ayres.

Published byAshley Casey Modified over 9 years ago

Similar presentations

Presentation on theme: "Www.swan.ac.uk/lis. Wireless Authentication & 802.1X By Gareth Ayres."— Presentation transcript:

1 www.swan.ac.uk/lis

2 Wireless Authentication & 802.1X By Gareth Ayres

3 www.swan.ac.uk/lis Agenda 1.0Swansea’s Current Wireless System 2.0 Requirements of new 802.1X System 3.0Overview of new 801.1X Technologies 4.0Design of New 802.1X Wireless System 5.0802.1X Downfall's (So far) 6.0 Future Plans

4 www.swan.ac.uk/lis 1.0 The Current Wireless System Home made Wireless solution comprising of: –700 Cisco Aironet AP’s –12 Cisco WDS & 1 WLSE –10 RoamNodes –1 DNAC (Dirty Network Access Controller) –Radius & IAS

5 1.0 The Current Wireless System

6 www.swan.ac.uk/lis 1.1 RoamNodes Developed by Bristol University 250 users per RoamNode Works by: –First establishes a PPPoE connection –Then creates a PPTP VPN tunnel and gets a internet ip address

7 www.swan.ac.uk/lis 1.2 RoamNode Tunnel

8 www.swan.ac.uk/lis 1.3 Downfalls of Current System Bottleneck Issues Load Balancing Single point of failure Maximum Capacity Complicated Logging Complicated end user configuration Difficult User Management

9 www.swan.ac.uk/lis 1.4 Statistics from Current System 24 Hours (Wednesday 16th May) Weekly (8th May – 16th)

10 www.swan.ac.uk/lis 1.4 Statistics from Current System Yearly (2006-2007)

11 www.swan.ac.uk/lis 2.0 Requirements of New System Remove any bottlenecks Remove Capacity limits Better Logging Better Administration facilities Easy End User Configuration Segregation of Users Improved Security

12 www.swan.ac.uk/lis 3.0 Overview of 802.1X Technolgies 802.1x EAP EAPOW PEAP - Protected Extensible Authentication Protocol –Cisco, Microsoft and RSA –Credentails + Server Cert –TLS tunnel –EAP-MSCHAPv2

13 www.swan.ac.uk/lis 3.0 Overview of 802.1X Technolgies WPA - Wi-Fi Protected Access (WPA) –Replaces WEP technology –WPA = RC4 Stream cipher and TKIP –WPA2 = 802.11i = AES based algorithm CCMP The use of all the above technologies and protocols is widely referred to as a 802.1X based Wireless System.

14 www.swan.ac.uk/lis 4.0 Design of 802.1X Wireless System New and Old system will run together. Each system will run on a separate SSID: UNIROAM - SSID of the current RoamNode system and will be broadcast and open (no encryption). EDUROAM – SSID of the new 802.1x system. It will also be broadcast but will be encrypted with WPA(1&2).(JRS).

15 4.0 Design of 802.1X Wireless System

16 4.1 802.1X Tunnel

17 4.2 802.1X VLANs

18 4.3 802.1X VLAN allocation

19 www.swan.ac.uk/lis 5.0 802.1X Downfalls Supplicant Support Hardware Support Reactive not Preventative

20 www.swan.ac.uk/lis 6.0 Future Plans Develop a reactive traffic monitor NAC Product Integration (Preventative) Possibly integrate into campus wide wired network

21 www.swan.ac.uk/lis Thank You Gareth Ayres BSc (Hons) MIET g.j.ayres@swansea.ac.uk

Download ppt "Www.swan.ac.uk/lis. Wireless Authentication & 802.1X By Gareth Ayres."

Similar presentations

Www.swan.ac.uk/lis. 802.1X Deployment with SU1X By Gareth Ayres.

X Deployment with SU1X By Gareth Ayres.
Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June 22 2005 Licia Florio.

Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June Licia Florio.
1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.

1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.
Security in Wireless Networks Juan Camilo Quintero D. 1041718.

Security in Wireless Networks Juan Camilo Quintero D
IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
TF Mobility Group 22nd September 20031 A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.

TF Mobility Group 22nd September A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.
USRobotics Professional Access Point  Yosi Rafael.

USRobotics Professional Access Point  Yosi Rafael.
CSG357 Dan Ziminski & Bill Davidge 1 Effective Wireless Security – Technology and Policy CSG 256 Final Project Presentation by Dan Ziminski & Bill Davidge.

CSG357 Dan Ziminski & Bill Davidge 1 Effective Wireless Security – Technology and Policy CSG 256 Final Project Presentation by Dan Ziminski & Bill Davidge.
Security in IEEE 802.11 wireless networks Piotr Polak University Politehnica of Bucharest, December 2008.

Security in IEEE wireless networks Piotr Polak University Politehnica of Bucharest, December 2008.
Implementing Wireless LAN Security

Implementing Wireless LAN Security
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.

MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.

DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
Swansea: When eduroam doesn't fit By Gareth Ayres Gregynog Colloquium Conf 2011.

Swansea: When eduroam doesn't fit By Gareth Ayres Gregynog Colloquium Conf 2011.
© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-1 Security Olga Torstensson Halmstad University.

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-1 Security Olga Torstensson Halmstad University.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE

Similar presentations

Ads by Google