1. Integrating multiple wireless access control schemes at NTUA Spiros Papageorgiou, Christos Siaterlis NOC/NTUA

2. NTUA infrastructure: Vlan based network LDAP backend FreeRadius AAA PKI deployment scheduled in 2004 Encrypted Passwords in LDAP Problem Description Guidelines: OpenSource Solutions Preferred HW / Vendor independent solutions

3. Requirements User’s perspective Data Encryption Ease of Use, Optimum would be: –No extra SW installation –No setup needed Reliability Operator’s Perspective Authenticated Access Use PKI/Radius or PAP/Radius Accounting Scalability

4. Solution Novice user Web-based auth scheme Zero setup Secure Authentication with https No data encryption Average user VPN/IPSec tunnel Familiar setup (like a dialup connection) Encryption of data Client certificate Advanced user 802.1x Data Encyption Work in its home VLAN EAP- TLS/TTLS

7. Web authentication MAC/IP access control

8. VPN/IPSEC Simple setup of L2TP VPN connection @ Win2k, XP

9. VPN/IPSEC IPsec with certificates. Racoon + Kernel IPsec L2TPd PPPd with Radius support

10. 802.1x Windows XP support Client SecureW2 for TTLS/PAP Dynamic WEPkey rotation Compatible HW needed

12. Limitations Web login Login Webpage needs to refresh Users keep closing loginpage Most Handheld devices unsupported IE caches loginpage VPN/IPSEC Encryption overhead Need for Certificate Updated Win2k required Not available for guests Most Handheld devices unsupported 802.1x Compatible HW & drivers needed Not easy for guests Extra SW needed

13. Conclusions Web login Immediate Access Secure login No setup Best for guests! VPN/IPSEC Strong encryption Useful as a network service beyond WIFI Standard Windows setup 802.1x The future! Handhelds Supported No encryption overhead Selection of VLAN per user User isolation

14. Thank you! Questions?