secure wireless network in i ik university le campus n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
SECURE WIRELESS NETWORK IN IŞIK UNIVERSITY ŞİLE CAMPUS PowerPoint Presentation
Download Presentation
SECURE WIRELESS NETWORK IN IŞIK UNIVERSITY ŞİLE CAMPUS

Loading in 2 Seconds...

  share
play fullscreen
1 / 45
jackson-daniel

SECURE WIRELESS NETWORK IN IŞIK UNIVERSITY ŞİLE CAMPUS - PowerPoint PPT Presentation

134 Views
Download Presentation
SECURE WIRELESS NETWORK IN IŞIK UNIVERSITY ŞİLE CAMPUS
An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. SECURE WIRELESS NETWORKIN IŞIK UNIVERSITY ŞİLE CAMPUS

  2. Designed by VOLKAN MUHTAROĞLU

  3. WLAN(Wirelass LAN) • We introduced at 1986 for use in barcode scanning . • A properly selected and installed Wi-Fi or wireless fidelity. • 802.11a, 802.11b, 802.11g technologies, 802.11g is the latest technology. These are IEEE standard.

  4. GENERAL TOPOGOLY OF WLAN

  5. THE PROJECT • The problem is, how can three different users access over an access point to different type of data with securily in our campus. • As another word, if we choose there people such as; student, university staff and data processing center worker can access different type of data or they have different rights when access from the access point by securily.

  6. THREE DIFFERENT USER • Student • University Staff • Data Processing Center Worker

  7. COMPONENTS OF SECURE WIRELESS NETWORK • Cisco Aironet 1100 Series Access Point • Radius Server • Two Switch(One of them is Managable Switch, the other one is Backbone Switch) • Vlan • Cisco PIX Firewall • WEP & LEAP • Database Server • Intranet Web Server

  8. Cisco Aironet 1100 Series Access Point • It is a wireless LAN transceiver. • 1100 series is cheaper than the others and its performances is really efficient. • It is also managable easily and common all over the world.

  9. RADIUS SERVER • RADIUS is a distributed client/server system that secures networks against unauthorized access. • Use RADIUS in these network environments, which require access security • This server also called AAA Server which means Audit, Authentication and Accounting. • In my project Radius Server will provide Authentication and Mac filtering.

  10. SWITCHES • Managable Switch • Backbone Switch • I will use three different type IP. Student will take 10.0.x.x, University Staff will take 10.50.x.x, Data Processing Center Worker will take 192.168.x.x.

  11. VLAN • VLAN is a switched network that is logically segmented. • I will use Vlan for having different kind of rights of these there different type of users on WLAN.

  12. CISCO PIX FIREWALL • I chose it because I have it.

  13. DATABASE AND INTRANET WEB SERVER • Database Server : Only Data Processing Center Worker can access these server. • Intranet Web Server : Only University Staff and Only Data Processing Center Worker can access these server.

  14. HOW WILL DESIGN BE? • Firstly; how will student, university staff and data processing center worker be on the different Vlan, how can I give different rights them. • The second thing is how these people come to these Vlan. • The third thing which is most important how I can provide security.

  15. SSID(Service Set Identifer) • When connect to WLAN you will see the name of WLAN, which is SSID.

  16. FOR VLAN 1 • If we define two different SSID, one of them broadcasting, the other one is secret. • For instance; our broadcasting SSID is tsunami; our not broadcasting(secret) SSID is Private. If you connect WLAN with access point everybody sees automatically tsunami SSID. Also when you connect this, you will come to Vlan 1 and this Vlan provides to access only Internet.

  17. AUTHENTICATION • If you are not student; you write the not broadcasting SSID name for accessing, at that time you will see the Username-Password Window for having different kind of rights. • When you enter the username-password, the information come to Radius Server. • And now; EAP (Extensible Authentication Protocol) uses.

  18. AUTHENTICATION TOPOLOGY

  19. WEP(Wired Equivalent Privacy ) • WEP is an encryption algorithm used by the Shared Key authentication process for authenticating users and for encrypting data payloads over only the wireless segment of the LAN. • The secret key lengths are 40-bit or 104-bit yielding WEP key lengths of 64 bits and 128 bits. • WEP key is an alphanumeric character string used in two manners in a wireless LAN. • WEP key can be used : • Verify the identity of an authenticating station. • WEP keys can be used for data encryption.

  20. CRITERIA The 802.11 standard specifies the followingcriteria for security: • Exportable • Reasonably Strong • Self-Synchronizing • Computationally Efficient • Optional WEP meets all these requirements. WEP supports the security goals of confidentiality, accesscontrol, and data integrity.

  21. WEP KEY • WEP key is an alphanumeric character string used in two manners in a wireless LAN. • WEP key can be used : • Verify the identity of an authenticating station. • WEP keys can be used for data encryption.

  22. WEP KEY TABLE

  23. EAP(Extensible Authentication Protocol ) • This authentication type provides the highest level of security for your wireless network. • Using the Extensible Authentication Protocol (EAP) to interact with an EAP-compatible RADIUS server. • This is type of dynamic WEP key. • There are five different type of EAP, I will use LEAP (Lightweight Extensible Authentication Protocol, designed by Cisco) which is the most secure.

  24. LEAP TOPOLOGY

  25. MAC(Media Access Control) ADDRESS FILTERING • Server checks the address against a list of allowed MAC addresses. • If your MAC address is University Staff’s MAC address, you wil come to Vlan 2 and you will have thoose rights, if your MAC address is data processing center worker’s address, you will come Vlan 3 also you will have those rights.

  26. MAC FILTERING TOPOLOGY

  27. STUDENT TOPOLOGY-1

  28. STUDENT TOPOLOGY-2

  29. STUDENT GENERAL TOPOLOGY

  30. UNIVERSITY STAFF TOPOLOGY-1

  31. UNIVERSITY STAFF TOPOLOGY-2

  32. UNIVERSITY STAFF TOPOLOGY-3

  33. UNIVERSITY STAFF GENERAL TOPOLOGY

  34. DATA PROCESSING CENTER WORKER TOPOLOGY-1

  35. DATA PROCESSING CENTER WORKER TOPOLOGY-2

  36. DATA PROCESSING CENTER WORKER TOPOLOGY-2

  37. DATA PROCESSING CENTER WORKER GENERAL TOPOLOGY

  38. SECURITY POLICY • The purpose of this policy is to provide guidance for the secure operation and implementation of wireless local area networks (WLANs).

  39. AUTHENTICATION • University Staff and Data Processing Center Worker have to authenticate the system if they want to have different kind of rights. • For authentication, username and password authentication is used so users must use strong passwords (alphanumeric and special character string at least eight characters in length). • Shared secret (or shared key) authentication must be used to authenticate to the WLAN

  40. ENCRYPTION & ACCESS CONTOL • Distinct WEP keys provide more security than default keys and reduce the risk of key compromise. • SSID • MAC(Media Access Control)

  41. FIREWALL • Firewall provide security based on ports.

  42. PHYSICAL AND LOGICAL SECURITY • Access point must be placed in secure areas, such as high on a wall, in a wiring closet, or in a locked enclosure to prevent unauthorized physical access and user manipulation. • Access point must have Intrusion Detection Systems (IDS) at designated areas on Campus property to detect unauthorized access or attack.

  43. CONCLUSION • With this design Student, University Staff and Data Processing Center Worker can access securily; wherever they want, don’t use extra devices or don’t make any adjusting.

  44. QUESTION ?

  45. REFERENCES • Cisco Press 802.11 Wireless Network Site Surveying and Installation book. • Cisco Securing 802.11 Wireless Networks handbook. • Cisco Aironet 1100 Series Access Point Quick Start Guide. • Certified Wireless Network AdministratorTM Official Study Guide. • Wireless Network Solutions (Paul Williams) • http://www.cisco.com/en/US/tech/tk722/tk809/tk723/tsd_technology_support_sub-protocol_home.html • http://www.cisco.com/en/US/tech/tk722/tk809/tsd_technology_support_protocol_home.html • http://www.webopedia.com/TERM/M/MAC_address.html • http://searchnetworking.techtarget.com/originalContent/0,289142,sid7_gci843996,00.html