1 / 45

SECURE WIRELESS NETWORK IN IŞIK UNIVERSITY ŞİLE CAMPUS

SECURE WIRELESS NETWORK IN IŞIK UNIVERSITY ŞİLE CAMPUS. Designed by VOLKAN MUHTAROĞLU. WLAN(Wirelass LAN). We introduced at 1986 for use in barcode scanning . A properly selected and installed Wi-Fi or wireless fidelity.

Télécharger la présentation

SECURE WIRELESS NETWORK IN IŞIK UNIVERSITY ŞİLE CAMPUS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. SECURE WIRELESS NETWORKIN IŞIK UNIVERSITY ŞİLE CAMPUS

  2. Designed by VOLKAN MUHTAROĞLU

  3. WLAN(Wirelass LAN) • We introduced at 1986 for use in barcode scanning . • A properly selected and installed Wi-Fi or wireless fidelity. • 802.11a, 802.11b, 802.11g technologies, 802.11g is the latest technology. These are IEEE standard.

  4. GENERAL TOPOGOLY OF WLAN

  5. THE PROJECT • The problem is, how can three different users access over an access point to different type of data with securily in our campus. • As another word, if we choose there people such as; student, university staff and data processing center worker can access different type of data or they have different rights when access from the access point by securily.

  6. THREE DIFFERENT USER • Student • University Staff • Data Processing Center Worker

  7. COMPONENTS OF SECURE WIRELESS NETWORK • Cisco Aironet 1100 Series Access Point • Radius Server • Two Switch(One of them is Managable Switch, the other one is Backbone Switch) • Vlan • Cisco PIX Firewall • WEP & LEAP • Database Server • Intranet Web Server

  8. Cisco Aironet 1100 Series Access Point • It is a wireless LAN transceiver. • 1100 series is cheaper than the others and its performances is really efficient. • It is also managable easily and common all over the world.

  9. RADIUS SERVER • RADIUS is a distributed client/server system that secures networks against unauthorized access. • Use RADIUS in these network environments, which require access security • This server also called AAA Server which means Audit, Authentication and Accounting. • In my project Radius Server will provide Authentication and Mac filtering.

  10. SWITCHES • Managable Switch • Backbone Switch • I will use three different type IP. Student will take 10.0.x.x, University Staff will take 10.50.x.x, Data Processing Center Worker will take 192.168.x.x.

  11. VLAN • VLAN is a switched network that is logically segmented. • I will use Vlan for having different kind of rights of these there different type of users on WLAN.

  12. CISCO PIX FIREWALL • I chose it because I have it.

  13. DATABASE AND INTRANET WEB SERVER • Database Server : Only Data Processing Center Worker can access these server. • Intranet Web Server : Only University Staff and Only Data Processing Center Worker can access these server.

  14. HOW WILL DESIGN BE? • Firstly; how will student, university staff and data processing center worker be on the different Vlan, how can I give different rights them. • The second thing is how these people come to these Vlan. • The third thing which is most important how I can provide security.

  15. SSID(Service Set Identifer) • When connect to WLAN you will see the name of WLAN, which is SSID.

  16. FOR VLAN 1 • If we define two different SSID, one of them broadcasting, the other one is secret. • For instance; our broadcasting SSID is tsunami; our not broadcasting(secret) SSID is Private. If you connect WLAN with access point everybody sees automatically tsunami SSID. Also when you connect this, you will come to Vlan 1 and this Vlan provides to access only Internet.

  17. AUTHENTICATION • If you are not student; you write the not broadcasting SSID name for accessing, at that time you will see the Username-Password Window for having different kind of rights. • When you enter the username-password, the information come to Radius Server. • And now; EAP (Extensible Authentication Protocol) uses.

  18. AUTHENTICATION TOPOLOGY

  19. WEP(Wired Equivalent Privacy ) • WEP is an encryption algorithm used by the Shared Key authentication process for authenticating users and for encrypting data payloads over only the wireless segment of the LAN. • The secret key lengths are 40-bit or 104-bit yielding WEP key lengths of 64 bits and 128 bits. • WEP key is an alphanumeric character string used in two manners in a wireless LAN. • WEP key can be used : • Verify the identity of an authenticating station. • WEP keys can be used for data encryption.

  20. CRITERIA The 802.11 standard specifies the followingcriteria for security: • Exportable • Reasonably Strong • Self-Synchronizing • Computationally Efficient • Optional WEP meets all these requirements. WEP supports the security goals of confidentiality, accesscontrol, and data integrity.

  21. WEP KEY • WEP key is an alphanumeric character string used in two manners in a wireless LAN. • WEP key can be used : • Verify the identity of an authenticating station. • WEP keys can be used for data encryption.

  22. WEP KEY TABLE

  23. EAP(Extensible Authentication Protocol ) • This authentication type provides the highest level of security for your wireless network. • Using the Extensible Authentication Protocol (EAP) to interact with an EAP-compatible RADIUS server. • This is type of dynamic WEP key. • There are five different type of EAP, I will use LEAP (Lightweight Extensible Authentication Protocol, designed by Cisco) which is the most secure.

  24. LEAP TOPOLOGY

  25. MAC(Media Access Control) ADDRESS FILTERING • Server checks the address against a list of allowed MAC addresses. • If your MAC address is University Staff’s MAC address, you wil come to Vlan 2 and you will have thoose rights, if your MAC address is data processing center worker’s address, you will come Vlan 3 also you will have those rights.

  26. MAC FILTERING TOPOLOGY

  27. STUDENT TOPOLOGY-1

  28. STUDENT TOPOLOGY-2

  29. STUDENT GENERAL TOPOLOGY

  30. UNIVERSITY STAFF TOPOLOGY-1

  31. UNIVERSITY STAFF TOPOLOGY-2

  32. UNIVERSITY STAFF TOPOLOGY-3

  33. UNIVERSITY STAFF GENERAL TOPOLOGY

  34. DATA PROCESSING CENTER WORKER TOPOLOGY-1

  35. DATA PROCESSING CENTER WORKER TOPOLOGY-2

  36. DATA PROCESSING CENTER WORKER TOPOLOGY-2

  37. DATA PROCESSING CENTER WORKER GENERAL TOPOLOGY

  38. SECURITY POLICY • The purpose of this policy is to provide guidance for the secure operation and implementation of wireless local area networks (WLANs).

  39. AUTHENTICATION • University Staff and Data Processing Center Worker have to authenticate the system if they want to have different kind of rights. • For authentication, username and password authentication is used so users must use strong passwords (alphanumeric and special character string at least eight characters in length). • Shared secret (or shared key) authentication must be used to authenticate to the WLAN

  40. ENCRYPTION & ACCESS CONTOL • Distinct WEP keys provide more security than default keys and reduce the risk of key compromise. • SSID • MAC(Media Access Control)

  41. FIREWALL • Firewall provide security based on ports.

  42. PHYSICAL AND LOGICAL SECURITY • Access point must be placed in secure areas, such as high on a wall, in a wiring closet, or in a locked enclosure to prevent unauthorized physical access and user manipulation. • Access point must have Intrusion Detection Systems (IDS) at designated areas on Campus property to detect unauthorized access or attack.

  43. CONCLUSION • With this design Student, University Staff and Data Processing Center Worker can access securily; wherever they want, don’t use extra devices or don’t make any adjusting.

  44. QUESTION ?

  45. REFERENCES • Cisco Press 802.11 Wireless Network Site Surveying and Installation book. • Cisco Securing 802.11 Wireless Networks handbook. • Cisco Aironet 1100 Series Access Point Quick Start Guide. • Certified Wireless Network AdministratorTM Official Study Guide. • Wireless Network Solutions (Paul Williams) • http://www.cisco.com/en/US/tech/tk722/tk809/tk723/tsd_technology_support_sub-protocol_home.html • http://www.cisco.com/en/US/tech/tk722/tk809/tsd_technology_support_protocol_home.html • http://www.webopedia.com/TERM/M/MAC_address.html • http://searchnetworking.techtarget.com/originalContent/0,289142,sid7_gci843996,00.html

More Related