Presentation is loading. Please wait.

Presentation is loading. Please wait.

802.1X Terry Simons Formerly of The University of Utah.

Published byBernard Shelton Modified over 9 years ago

Similar presentations

Presentation on theme: "802.1X Terry Simons Formerly of The University of Utah."— Presentation transcript:

1 802.1X Terry Simons Formerly of The University of Utah

2 University of Utah Background 28,000+ student campus EAP-TTLS 802.1X movement was “grass roots” –Proof of concept –Wireless Whitepaper RADIUS “Mesh” (More of a star topology) –“Give to get” mentality Initial Deployment on May 19, 2003 Campus Radiator Site License Initial Campus Meetinghouse Site License –Mac OS X 10.2.x, Win98se/Me/2k/XP/PPC 2002/2003 Now prefer SecureW2 TTLS WZC Plugin Chris Hessing is lead developer of Open1x

3 802.1X Problem Areas Certificate Validation Windows Zero Config/GINA The Supplicant Debacle EAP Type Selection Encryption

4 Certificate Validation No real CRL Support Deployment Difficulty –Mitigated in part by “smart installers” Mac OS X is too “easy to use” –I am a Mac user. :-} Man in the Middle Attacks Public Certificate Authorities –Mac OS X becomes vulnerable

5 Windows Zero Config/GINA Users expect it, especially in higher ed. AEGIS and Funk take over WZC/GINA –Users complain loudly Helpdesk gets swamped –GINA: “What did you do to my computer?!” Not so bad with current Meetinghouse releases Migration to SecureW2 fixed both issues.

6 The Supplicant Debacle Vendors bundle OEM’d Supplicants –Which quite often do not work properly IBM Thinkpad/Intel Centrino TTLS Problems –Usually based on Meetinghouse –Same crunchy WZC problems –Same bad aftertaste Most setup programs are self-extractable –Use a zip utility to extract only the driver

7 EAP Type Selection TLS, TTLS, or PEAP –Provisions for keying material TLS if an existing PKI is in place –Arguably the “most secure” EAP type TTLS for “strongly encrypted” backends –U of U uses Kerberos PEAP for Active Directory shops

8 Encryption CCMP is the “best” security currently –Doesn’t work with Mac OS X TKIP is the next best thing. –Watch out for “mixed mode” problems TKIP “Unicast” and WEP “Multicast” keys Specifically a problem with Mac OS X –Apple is aware of the problem. Dynamic WEP for “Legacy” devices Or use multiple SSIDs and run parallel security models.

9 Ending Comments It’s possible to allow multiple EAP types –Works well in Federated environments Vendor skepticism is encouraged Helpdesk Feedback Loop

10 Q&A

11 Resources http://wireless.utah.edu/global/support/WirelessWhitepaper-v1.03.pdf http://wireless.utah.edu/global/support/radius_mesh/RADIUS_Mesh_Long.pdf http://www.open1x.org/ http://www.open.com.au/radiator/ http://www.securew2.com/

Download ppt "802.1X Terry Simons Formerly of The University of Utah."

Similar presentations

Authentication.

Authentication.
Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June 22 2005 Licia Florio.

Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June Licia Florio.
Wireless LAN  Setup & Optimizing Wireless Client in Linux  Hacking and Cracking Wireless LAN  Setup Host Based AP ( hostap ) in Linux & freeBSD  Securing.

Wireless LAN  Setup & Optimizing Wireless Client in Linux  Hacking and Cracking Wireless LAN  Setup Host Based AP ( hostap ) in Linux & freeBSD  Securing.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
1 Network Authentication with PKI EDUCAUSE/Dartmouth PKI Summit July 27, 2005 Jim Jokl University of Virginia.

1 Network Authentication with PKI EDUCAUSE/Dartmouth PKI Summit July 27, 2005 Jim Jokl University of Virginia.
Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference 2006 9 th November, 2006.

Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference th November, 2006.
CSG357 Dan Ziminski & Bill Davidge 1 Effective Wireless Security – Technology and Policy CSG 256 Final Project Presentation by Dan Ziminski & Bill Davidge.

CSG357 Dan Ziminski & Bill Davidge 1 Effective Wireless Security – Technology and Policy CSG 256 Final Project Presentation by Dan Ziminski & Bill Davidge.
無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – 802.11b  Security Mechanisms in 802.11b  Security Problems in 802.11b  Solutions for 802.11b.

無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – b  Security Mechanisms in b  Security Problems in b  Solutions for b.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.

MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.

DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
802.1x EAP Authentication Protocols

802.1x EAP Authentication Protocols
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
Protected Extensible Authentication Protocol

Protected Extensible Authentication Protocol
Wireless LAN Security Framework Backend AAA Infrastructure RADIUS, TACACS+, LDAP, Kerberos TLSLEAPTTLSPEAPMD5 VPN EAP PPP 802.3802.5802.11 802.1x EAP API.

Wireless LAN Security Framework Backend AAA Infrastructure RADIUS, TACACS+, LDAP, Kerberos TLSLEAPTTLSPEAPMD5 VPN EAP PPP x EAP API.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,

WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,
Company LOGO WIRELESS DEPLOYMENT A successful solution to Campuswide role-based secure Wi-Fi deployment Andrea Di Fabio – Information Security Officer.

Company LOGO WIRELESS DEPLOYMENT A successful solution to Campuswide role-based secure Wi-Fi deployment Andrea Di Fabio – Information Security Officer.

Similar presentations

Ads by Google