Lecture 6: Implementing Security for Wireless Networks with 2003 - PowerPoint PPT Presentation

lecture 6 implementing security for wireless networks with 2003 n.
Skip this Video
Loading SlideShow in 5 Seconds..
Lecture 6: Implementing Security for Wireless Networks with 2003 PowerPoint Presentation
Download Presentation
Lecture 6: Implementing Security for Wireless Networks with 2003

play fullscreen
1 / 27
Lecture 6: Implementing Security for Wireless Networks with 2003
Download Presentation
Download Presentation

Lecture 6: Implementing Security for Wireless Networks with 2003

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Lecture 6: Implementing Security for Wireless Networks with 2003

  2. Objectives • Overview of Active Directory • Overview of Certificate Services • How 802.1X with PEAP and Passwords Works • How 802.1X-EAP-TLS Authentication Works • Remote Access policies

  3. What Is Active Directory? Directory Service Functionality Centralized Management • Organize • Manage • Control • Single point of administration • Full user access to directory resources by a single logon Resources

  4. Active Directory Objects Objects Active Directory Printers Printer1 Attributes Printer Name Printer Location Printer2 Printers Printer3 Attribute Value Users Attributes Don Hall First Name Last Name Logon Name Suzan Fine Users • Objects Represent Network Resources • Attributes Store Information About an Object

  5. Active Directory Logical Structure • Domains • Organizational Units • Trees and Forests • Global Catalog

  6. Domains User1 User2 • A Domain Is a Security Boundary • A domain administrator can administer only within the domain, unless explicitly granted administration rights in other domains • A Domain Is a Unit of Replication • Domain controllers in a domain participate in replication and contain a complete copy of the directory information for their domain Windows 2000Domain Replication User1 User2

  7. Organizational Units Network Administrative Model Organizational Structure • Use OUs to Group Objects into a Logical Hierarchy That Best Suits the Needs of Your Organization • Delegate Administrative Control over the Objects Within an OU by Assigning Specific Permissions to Users and Groups Sales Vancouver Users Sales Computers Repair

  8. Trees and Forests contoso.msft (root) Two-Way Transitive Trust Forest nwtraders.msft asia. contoso.msft au. contoso.msft Tree asia. nwtraders.msft au. nwtraders.msft Two-Way Transitive Trusts Tree

  9. Global Catalog Subset of the Attributes of All Objects Domain Domain Domain Domain Global Catalog Domain Domain Global Catalog Server Queries Group membership when user logs on

  10. Domain Controllers Domain User1 User2 User1 User2 Replication Domain Controller Domain Controller • Domain Controllers: • Participate in Active Directory replication • Perform single master operations roles in a domain = A Writeable Copy of the Active Directory Database

  11. Delegating Administrative Control Domain OU1 Admin1 OU2 Admin2 OU3 Admin3 • Assign Permissions: • For specific OUs to other administrators • To modify specific attributes of an object in a single OU • To perform the same task in all OUs • Customize Administrative Tools to: • Map to delegated administrative tasks • Simplify interface design

  12. What Is a PKI? The combination of software and encryption technologies that helps to secure communication and business transactions

  13. Components of a PKI Certificate and CAManagement Tools Certification Authority AIA and CRLDistribution Points Certificate Template Digital Certificate Certificate Revocation List Public Key—EnabledApplications and Services

  14. What Is a Certification Authority? A certification authority: • Verifies the identity of a certificate requestor • The mode of identification depends on the type of CA • Issues certificates • The certificate template or requested certificate determines the information in the certificate • Manages certificate revocation • The CRL ensures that invalid certificates are not used

  15. Roles in a Certification Authority Hierarchy Root CA Policy CA Issuing CA • A root CA is generally configured as a stand-alone CA and kept offline

  16. Certification Authority Hierarchies

  17. Offline Root CA Installation Settings OfflineRoot CA Database andLog Settings stand-aloneCA Policy Validity Period Computer Name Key Length CA Name CryptographicService Provider

  18. Wireless Network Authentication Options for WPA Wireless network authentication options include: • Wireless network security using Protected Extensible Authentication Protocol (PEAP) and passwords (802.1X with PEAP) • Wireless network security using Certificate Services (802.1X with EAP-TLS) • Wi-Fi Protected Access with Pre-Shared Keys (WPA-PSK)

  19. Guidelines for Choosing the Appropriate Wireless Network Solution

  20. How 802.1X with PEAP and Passwords Works Wireless Access Point Wireless Client RADIUS (IAS) 1 Client Connect 2 Client Authentication Server Authentication Mutual Key Determination 3 Key Distribution 4 WLAN Encryption Authorization 5 Internal Network

  21. How 802.1X-EAP-TLS Authentication Works Wireless Client Certification Authority 1 Certificate Enrollment Wireless Access Point 2 Client Authentication Server Authentication RADIUS (IAS) Mutual Key Determination 4 Key Distribution 5 Authorization WLAN Encryption 3 6 Internal Network

  22. Client, Server, and Hardware Requirements for Implementing 802.1X

  23. PKI Requirements for Wireless Network Security To prepare the PKI for wireless security: • Define certificate requirements • Design the certification authority hierarchy • Configure certificates • Create a certificate management plan

  24. Considerations for Creating Certificate Templates To create the certificates required for wireless security: • Define certificate parameters • Define certificate and key lifetimes • Define certificate clients and assurance level for each certificate holder

  25. Remote Access Connection Policies Specify connection criteria Specify connection restrictions • Remote access permission • Group membership • Type of connection • Time of day • Authentication methods • Idle timeout time • Maximum session time • Encryption strength • IP packet filters

  26. IAS Remote Access Policies Yes No Deny Allow Use Remote Access Policy Connection Allow Deny Connection Profile Evaluation Yes No ? Conditions Permissions Profile

  27. Lab D: Planning and Implementing Security for Wireless Networks • Exercise 1: Configuring Active Directory for Wireless Networks • Exercise 2: Configuring Certificate Templates and Certificate Autoenrollment • Exercise 3: Configuring Remote Access Policies for Wireless Devices • Exercise 4: Configuring Group Policy for Wireless Networks