190 likes | 281 Vues
Security Enhancement For An Infrastructure Wireless Domain. Ganesan S/O Muniandy August 2003. Agenda & Objective. Wireless LAN Understand and Address Wireless Domain Security Issues Protection and Security Enhancement. Introduction - Background. Background Exist since 1996
E N D
Security Enhancement For An Infrastructure Wireless Domain Ganesan S/O Muniandy August 2003
Agenda & Objective • Wireless LAN • Understand and Address Wireless Domain Security Issues • Protection and Security Enhancement
Introduction - Background • Background • Exist since 1996 • Slow Growth Rate • Doubt about security and performance • Minimum Setup: • Access Points • Wireless Interface Card • Basic Network Setup – Ad hoc and Infrastructure
Security Concerns • Hottest issues found today is concerning securities • More hacking tools are available in the internet • Hacking issues concerning • Theft of information • Illegal access • Method of hacking • Policy violations • Identity theft (SSID and MAC address) • Man in middle attack • Denial of service -DOS
Customer Requirement – (Case Study) • Low cost implementation • Reliable and flexible solution • Manageability • Expandability
Existing Wireless Connection Flow Wireless LAN NetID 1 Private LAN NetID 1 - User Authentication - Same Network ID
Proposed Solution Wireless Connection Flow Wireless LAN Netid 1 Act as Firewall and VPN Gateway Wireless LAN Netid 3 Server VPN Tunnel Private LAN Netid 2 SSH & WWW Server Remote Site
Proposed Solution - Details • A server act as firewall and VPN gateway: • Block port level • Divide network into 2 portion • Configurable to allow specific protocol • SSH, WWW or Others • Secure VPN Tunnelling
System Requirement • Minimum Hardware Requirement • CPU: 300MHz • Memory: 128MB • Hard disk: 2GB • NIC: 2 • CDRom: 1 • Floppy: 1
Conclusion • Suitable for SMI (Small Medium Industries) • Low cost of Implementation and Security • Manageability
References • Frank J. Derfler, Jr. and Les Freed, How Network Work, sixth edition, 2003 Que Corporation. • Robert C. Newman, Broadband Communications, 2002, Pearson Education, Inc. Upper Saddle River, New Jersey 07458. • Kurt Wall, Linux Programming Unleashed, second edition, 2001, Sam Publishing. • Computerworld, July, 2001 • Computerworld, August, 2002 • http://www.airdefense.net • http://www.sans.org/rr/wireless/IEEE.php • http://www.yolinux.com/HOWTO/IPCHAINS-HOWTO.html • http://www.yolinux.com/HOWTO/Net-HOWTO.html • 10. http://www.yolinux.com/HOWTO/ • Networking-Overview-HOWTO.html
References (cont) 11. http://www.redhat.com/docs/manuals/linux/ 12. http://en.tldp.org/HOWTO/Adv-Routing-HOWTO/ 13. http://www.yolinux.com/HOWTO/Ethernet-HOWTO.html 14. http://www.cisco.com/warp/public/cc/so/cuso/ epso/sqfr/safwl_wp.htm 15.http://www.cisco.com/en/US/products/hw/ wireless/ps430/prod_brochure09186a0080088829.html 16.http://www.oreillynet.com/pub/a/wireless/ 2001/02/23/wep.html 17. http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html 18. http://www.oreillynet.com/pub/a/wireless/ 2003/02/06/wifi_products.html 19. http://www.oreillynet.com/pub/a/wireless/ 2002/04/19/security.html 20. http://www.checkpoint.com 21. http://www.cisco.com.go.pix 22. Computerworld, May, 2002 23.ComputerWorld, Nov, 2002 24.http://www.symbol.com/solutions/education/ pace_university.html
Thank You • Q&A