implementing security for wireless networks n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Implementing Security for Wireless Networks PowerPoint Presentation
Download Presentation
Implementing Security for Wireless Networks

Loading in 2 Seconds...

play fullscreen
1 / 41

Implementing Security for Wireless Networks - PowerPoint PPT Presentation


  • 131 Views
  • Uploaded on

Implementing Security for Wireless Networks. Presenter Name Job Title Company. Session Prerequisites. Hands-on experience with Microsoft ® Windows ® server and client operating systems and Active Directory ® Basic understanding of wireless LAN technology

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

Implementing Security for Wireless Networks


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
implementing security for wireless networks

Implementing Security for Wireless Networks

Presenter Name

Job Title

Company

session prerequisites
Session Prerequisites
  • Hands-on experience with Microsoft® Windows® server and client operating systems and Active Directory®
  • Basic understanding of wireless LAN technology
  • Basic understanding of Microsoft® Certificate Services
  • Basic understanding of RADIUS and remote access protocols

Level 300

agenda
Agenda
  • Overview of Wireless Solutions
  • Securing a Wireless Network
  • Implementing a Wireless Network Using Password Authentication
  • Configuring Wireless Network Infrastructure Components
  • Configuring Wireless Network Clients
slide4

Identifying the Need to Secure a Wireless Network

  • When designing security for a wireless network consider:
    • Network authentication and authorization
    • Data protection
    • Wireless access point configuration
    • Security management
slide6

Common Security Threats to Wireless Networks

  • Security Threats Include:
    • Disclosure of confidential information
    • Unauthorized access to data
    • Impersonation of an authorized client
    • Interruption of the wireless service
    • Unauthorized access to the Internet
    • Accidental threats
    • Unsecured home wireless setups
    • Unauthorized WLAN implementations
understanding wireless network standards and technologies
Understanding Wireless Network Standards and Technologies

802.1X - a standard that defines a port-based access control mechanism of authenticating access to a network and, as an option, for managing keys used to protect traffic

wireless network implementation options
Wireless Network Implementation Options
  • Wireless network implementation options include:
    • Wi-Fi Protected Access with Pre-Shared Keys (WPA-PSK)
    • Wireless network security using Protected Extensible Authentication Protocol (PEAP) and passwords
    • Wireless network security using Certificate Services
agenda1
Agenda
  • Overview of Wireless Solutions
  • Securing a Wireless Network
  • Implementing a Wireless Network Using Password Authentication
  • Configuring Wireless Network Infrastructure Components
  • Configuring Wireless Network Clients
understanding elements of wlan security

Audit WLAN Access

Understanding Elements of WLAN Security
  • To effectively secure a wireless network consider:
    • Authentication of the person or device connecting to the wireless network
    • Authorization of the person or device to use the WLAN
    • Protection of the data transmitted over the WLAN
protecting wlan data transmissions
Protecting WLAN Data Transmissions
  • Wireless data encryption standards in use today include:
    • Wired Equivalent Privacy (WEP)
      • Dynamic WEP, combined with 802.1X authentication, provides adequate data encryption and integrity
      • Compatible with most hardware and software devices
      • (How is this a “wired equivalent”?! Trust me: WEP sucks)
      • http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html
    • Wi-Fi Protected Access (WPA)
      • Changes the encryption key with each packet
      • Uses a longer initialization vector
      • Adds a signed message integrity check value
      • Incorporates an encrypted frame counter
      • (WPA is only if you are serious about security)
alternative approaches to encrypt wlan traffic
Alternative Approaches to Encrypt WLAN Traffic
  • Alternatives used to protect WLAN traffic include the use of:
    • Virtual Private Network (VPN)
    • Internet Protocol Security (IPSec)
guidelines for securing wireless networks
Guidelines for Securing Wireless Networks
  • Require data protection for all wireless communications
  • Require 802.1X authentication to help prevent spoofing, wardrivers, and accidental threats to your network
  • Use software scanning tools to locate and shut down rogue access points on your corporate network
agenda2
Agenda
  • Overview of Wireless Solutions
  • Securing a Wireless Network
  • Implementing a Wireless Network Using Password Authentication
  • Configuring Wireless Network Infrastructure Components
  • Configuring Wireless Network Clients
design criteria for peap ms chap v2 solution
Design Criteria for PEAP-MS-CHAP v2 Solution
  • Security Requirements
  • Scalability
  • Availability
  • Platform Support
  • Extensibility
  • Standards Conformance
how 802 1x with peap and passwords works

1

Client Connect

2

Client Authentication

Server Authentication

Key Agreement

WLAN Encryption

Key Distribution

4

3

Authorization

5

How 802.1X with PEAPand Passwords Works

Wireless Client

Radius (IAS)

Wireless Access Point

Internal Network

identifying the services for the peap wlan network

LAN

Identifying the Servicesfor the PEAP WLAN Network

Branch Office

IAS/DNS/DC

Headquarters

Primary

Secondary

Access Points

Secondary

IAS/CA/DC

Access Points

LAN

Primary

WLAN Clients

IAS/DNS/DC

  • Domain Controller (DC)
  • RADIUS (IAS)
  • Certification Authority (CA)
  • DHCP Services (DHCP)
  • DNS Services (DNS)

DHCP

WLAN Clients

agenda3
Agenda
  • Overview of Wireless Solutions
  • Securing a Wireless Network
  • Implementing a Wireless Network Using Password Authentication
  • Configuring Wireless Network Infrastructure Components
  • Configuring Wireless Network Clients
preparing the environment
Preparing the Environment
  • Install the WLAN Scripts using:
    • Microsoft WLAN-PEAP.msi
  • Install the additional tools on the IAS servers:
    • Group Policy Management Console
    • CAPICOM
    • DSACLs.exe
  • The .MSI is on the DVD you’ll get today!
slide24

Preparing the Environment

  • Creating Security Groups
  • Installing CAPICOM

demo

configuring the network certification authority
Configuring the Network Certification Authority
  • The CA is used to issue Computer Certificates to the IAS Servers
  • To install Certificate Services, log on with an account that is a member of:
    • Enterprise Admins
    • Domain Admins
  • Consider that Certificate Services in Window Server 2003 Standard Edition does not provide:
    • Auto enrollment of certificates to both computers and users
    • Version 2 certificate templates
    • Editable certificate templates
    • Archival of keys
reviewing the certification authority installation parameters
Reviewing the Certification Authority Installation Parameters
  • Certificate Templates Available: Computer (Machine)
  • Drive and path of CA request files: C:\CAConfig
  • Length of CA Key: 2048 bits
  • Validity Period: 25 years
  • Validity Period of Issued Certificates: 2 years
  • CRL Publishing Interval: 7 days
  • CRL Overlap Period: 4 days
installing the certification authority
Installing the Certification Authority
  • Run MSSsetup CheckCAenvironment
  • Run MSSsetup InstallCA
  • Run MSSsetup VerifyCAInstall
  • Run MSSsetup ConfigureCA
  • Run MSSSetup ImportAutoenrollGPO
  • Run MSSsetup VerifyCAConfig

(*You can do all this in the GUI….but why?)

slide28

Configuring the Certification Authority

      • Configuring Post-Installation Settings
      • Importing the Automatic Certificate Request GPO
      • Verifying the Configuration

demo

configuring internet authentication services ias
Configuring InternetAuthentication Services (IAS)

IAS uses Active Directory to verify and authenticate client credentials and makes authorization decisions based upon configured policies.

  • IAS configuration categories include:
    • IAS Server Settings
    • IAS Access Policies
    • RADIUS Logging
reviewing ias configuration parameters
Reviewing IAS Configuration Parameters
  • IAS parameters that are to be configured include:
    • IAS Logging to Windows Event Log
    • IAS RADIUS Logging
    • Remote Access Policy
    • Remote Access Policy Profile
installing the ias server
Installing the IAS Server
  • Run MSSsetup CheckIASEnvironment
  • Run MSSsetup InstallIAS
  • Register the IAS server into Active Directory
  • Restart server to automatically enroll the IAS server certificate
  • Configure logging and the remote access policy
  • Export IAS settings to be imported to another server
slide32

Configuring the IAS Server

      • Validating the IAS Environment
      • Verifying IAS Server Certificate Deployment
      • Post-Installation Configuration Tasks
      • Modifying the WLAN Access Policy Profile Settings
      • Verifying the Connection Request Policy for WLAN
      • Exporting the IAS Settings

demo

configuring wireless access points
ConfiguringWireless Access Points
  • Run MssTools AddRadiusClient
  • Run MssTools AddSecRadiusClients
  • Configure the Wireless Access Points
wireless access point configuration parameters
Wireless Access PointConfiguration Parameters
  • Configure the basic network settings such as :
    • IP configuration of the access point
    • Friendly name of the access point
    • Wireless network name (SSID)
  • Typical Settings for a Wireless Access Point include:
    • Authentication parameters
    • Encryption parameters
    • RADIUS authentication
    • RADIUS accounting
slide35

Wireless Access Point Configuration

      • Adding Access Points to the Initial IAS Server
      • Configuring Wireless Access Points

demo

agenda4
Agenda
  • Overview of Wireless Solutions
  • Securing a Wireless Network
  • Implementing a Wireless Network Using Password Authentication
  • Configuring Wireless Network Infrastructure Components
  • Configuring Wireless Network Clients
controlling wlan access using security groups
Controlling WLAN AccessUsing Security Groups

IAS enables you to control access to the wireless network using Active Directory security groups that are linked to a specific remote access policy

configuring windows xp wlan clients
Configuring Windows XPWLAN Clients
  • Install required patches and updates
  • Create the WLAN client GPO using GPMC
  • Deploy the WLAN settings
slide40

Creating the WLAN Client Settings GPO

      • Create a WLAN Client GPO Using the GPMC

demo

session summary
Session Summary
  • There are bad people out there who want your WLAN, but you can deploy this securely!
  • Determine your organization’s wireless requirements
  • Require 802.1X authentication
  • Implement the PEAP and Passwords solution for organizations that do not utilize a PKI infrastructure
  • Use the scripts provided by the PEAP and Passwords solution
  • Use security groups and Group Policy to control WLAN client access