windows 2003 and 802 1x secure wireless deployments n.
Download
Skip this Video
Download Presentation
Windows 2003 and 802.1x Secure Wireless Deployments

Loading in 2 Seconds...

play fullscreen
1 / 10

Windows 2003 and 802.1x Secure Wireless Deployments - PowerPoint PPT Presentation


  • 154 Views
  • Uploaded on

Windows 2003 and 802.1x Secure Wireless Deployments. Challenge of Wireless. Impressions that wireless is insecure Early implementations lacked security WEP shared secret, mac address filtering Difficult to administer and manage Need to protect network integrity Need to secure data

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Windows 2003 and 802.1x Secure Wireless Deployments' - merrill


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
challenge of wireless
Challenge of Wireless
  • Impressions that wireless is insecure
    • Early implementations lacked security
    • WEP shared secret, mac address filtering
    • Difficult to administer and manage
  • Need to protect network integrity
  • Need to secure data
  • Prevent unauthorized network access
  • Must be able to trust an access point
  • Prevent credential theft
  • Security without excess complexity
secure wireless with windows 2003

Wireless

Secure Wireless with Windows 2003

All connections are authenticated and secured:

  • Directory Enabled Networking
  • Secure 802.1x Wireless Support
  • Effortless PKI Services
  • Password or certificate-based access

Active Directory

IAS

RADIUS

Checks for valid x509 Certificate

Via RADIUS to AD

PKI

PEAP

EAP/TLS

  • PKI Deployment Optional
  • Passwords can be used w/ Trusted 3rd party Cert.
  • Integrated 802.1x Support
  • PKI integrated with Active Directory
  • Auto enrollment of certificates
  • Integrated 802.1x Support
  • Integrated EAP Security
why use 802 1x
Why use 802.1X ?
  • Eases manageability by centralizing
    • Authentication decisions
    • Authorization decisions
  • Distributes keys for data encryption and integrity to the wireless client computer
  • Minimizes Access Point cost by moving expensive authentication to AD
  • Supports both WPA and WEP
why peap vs eap tls
Why PEAP vs. EAP/TLS ?
  • Organizations may not ready for PKI
  • Managing user certificates stored on computer hard drives has challenges
    • Some personnel might roam among computers
    • Smartcards solve this
      • Technical and sociological issues can delay or prevent deployment
  • PEAP enables secure wireless now
    • Leverages existing domain credentials
    • Allows easy migration to certificates and smartcards later
peap security and ease of deployment advantages
PEAP Security and Ease of Deployment Advantages
  • PEAP is an open standard
  • PEAP offers end-to-end negotiation protection.
  • PEAP uses mutual authentication.
  • PEAP offers highly secure keys for data encryption.
  • PEAP does not require the deployment of a full PKI or client certificates.
  • PEAP can be used efficiently with roaming wireless devices.
  • User's credentials are not exposed to brute force password attacks.
windows 2003 wireless
Windows 2003 Wireless
  • Security
    • Native support for IEEE 802.1X
  • Complete with all required infrastructure
    • IAS: RADIUS Server and Proxy
    • Windows Certificate Server : PKI
    • AD: User and Computer account and Certificate repository
    • Same infrastructure used w/ RAS dial-up and VPN authentication
  • Native interop. w/ Windows XP Client: (WinXP SP-1)
  • Down-level client support (PPC2002, W2K, NT4, 9x)
windows 2003 improvements
Windows 2003 Improvements
  • Windows 2003 Active Directory
    • Auto Certificate enrollment and renewal for machines and users
    • Performance enhancements when using certificate deployment
    • Group Policy support of Wireless settings
  • Internet Authentication Service
    • Enhanced logging
    • Allows easier deployment of multiple authentication types
    • Scaling up
      • Load Balancing
      • RADIUS Proxy
    • Configuration export and restore
    • Registering AP’s with RADIUS servers
      • Large number of AP’s in wireless deployment
      • Requires Server 2003 Enterprise Edition
system requirements
System Requirements
  • Client: Windows XP service pack 1
  • Server: Windows Server 2003 IAS
    • Internet Authentication Service—our RADIUS server
    • Certificate on IAS computer
  • Backporting to Windows 2000
    • Client and IAS must have SP3
    • No zero-config support in the client
    • See KB article 313664
    • Supports only TLS and MS-CHAPv2
      • Future EAP methods in XP and 2003 might not be backported
802 1 x setup
802.1 x Setup
  • Build Windows Server 2003 IAS server
  • Join to domain
  • Enroll computer certificate
  • Register IAS in Active Directory
  • Configure RADIUS logging
  • Add AP as RADIUS client
  • Configure AP for RADIUS and 802.1x
  • Create wireless client access policy
  • Configure clients
    • Don’t forget to import CA root
ad