Presentation is loading. Please wait.

Presentation is loading. Please wait.

High-quality Internet for higher education and research Federated network access with Klaas Wierenga SURFnet Ljubljana, April.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "High-quality Internet for higher education and research Federated network access with Klaas Wierenga SURFnet Ljubljana, April."— Presentation transcript:

1 High-quality Internet for higher education and research Federated network access with Klaas Wierenga SURFnet klaas.wierenga@surfnet.nl Ljubljana, April 4, 2006

2 High-quality Internet for higher education and research Contents From 802.1X to eduroam Policy Status of eduroam Joining eduroam

3 High-quality Internet for higher education and research From 802.1X to

4 High-quality Internet for higher education and research Wireless LANs are unsafe root@ibook:~# tcpdump -n -i eth1 19:52:08.995104 10.0.1.2 > 10.0.1.1: icmp: echo request 19:52:08.996412 10.0.1.1 > 10.0.1.2: icmp: echo reply 19:52:08.997961 10.0.1.2 > 10.0.1.1: icmp: echo request 19:52:08.999220 10.0.1.1 > 10.0.1.2: icmp: echo reply 19:52:09.000581 10.0.1.2 > 10.0.1.1: icmp: echo request 19:52:09.003162 10.0.1.1 > 10.0.1.2: icmp: echo reply ^C

5 High-quality Internet for higher education and research Users are mobile Access Provider Cable University A WLAN University B WLAN Access Provider ADSL International connectivity Access Provider WLAN Access Provider GPRS/ UMTS SURFnet backbone

6 High-quality Internet for higher education and research Requirements Identify users uniquely at the edge of the network –No session hijacking Enable guest usage Scalable –Local user administration and authentication Easy to install and use –At the most one-time installation by the user Open

7 High-quality Internet for higher education and research eduroam architecture Security based on 802.1X –Protection of credentials –Provides basis for new wireless security standards WPA and 802.11i –Different authentication mechanisms possible by using EAP (Extensible Authentication prototcol) Username/password X.509 certificates SIM-cards –Integration with VLAN assignment Roaming based on RADIUS proxying –Remote Authentication Dial In User Service –Transport-protocol for authentication information Trust fabric based on: –Technical: RADIUS hierarchy –Policy: Documents/contracts that define the responsibilities of user, institution, NREN and the eduroam federation

8 High-quality Internet for higher education and research Secure access to the network with 802.1X data signaling RADIUS server University A Internet Authenticator (AP or switch) User DB jan@student.university_a.nl Student VLAN Commercial VLAN Employee VLAN Supplicant 802.1X (VLAN assigment)

9 High-quality Internet for higher education and research eduroam RADIUS server University B RADIUS server University A SURFnet Central RADIUS Proxy server Authenticator (AP or switch) User DB Supplicant Gast piet@university_b.nl Student VLAN Commercial VLAN Employee VLAN data signalling Trust based on RADIUS plus policy documents 802.1X (VLAN assigment)

10 High-quality Internet for higher education and research The eduroam policy

11 High-quality Internet for higher education and research The European eduroam policy Mutual access Home institutions are/remain responsible for their users abroad Members are NRENs Members guarantee required security levels by their participants Members promote eduroam in their countries European eduroam may peer with other regions

12 High-quality Internet for higher education and research National policy Mutual access Members are connected institutions Home institution is/remains responsible for its users behaviour. Home institution is responsible for proper user management Home and visited institution must keep sufficient logdata Appropriate security levels

13 High-quality Internet for higher education and research The status of eduroam

14 High-quality Internet for higher education and research Status of eduroam Over 500 institutions in Europe, Australia and Taiwan USA, Japan, Korea will follow shortly New members: Lithuania Romania Hungary

15 High-quality Internet for higher education and research eduroam Provides global network roaming Strong technical foundation: –RADIUS –802.1X –Lingua Franca: EAP Needs ubiquity

16 High-quality Internet for higher education and research Joining eduroam

17 High-quality Internet for higher education and research Joining eduroam for an NREN Set up a server that proxies that: –Accept requests for *.cc-tld and forward to the right institution –Accept requests for non *.cc-tld and forward it to the European servers Send an (encrypted) e-mail to join@eduroam.org with:join@eduroam.org –FQDN of toplevel RADIUS-server(s) –IP-addresses of toplevel RADIUS-servers –Shared secret to use between European servers and national server(s). –URL of national eduroam website –Information about test-account –Contact details admin Sign the policy agreement

18 High-quality Internet for higher education and research Joining eduroam for an institution Set-up your local 802.1X infrastructure –Accept requests for your-domain.cc-tld and process them –Proxy requests for non-local users to the national server Send an (encrypted) e-mail to your NREN with: –FQDN of toplevel RADIUS-server(s) –IP-addresses of toplevel RADIUS-servers –Shared secret to use between your and their server(s). –URL of your eduroam website –Information about test-account –Contact details admin Sign the policy document Or, in case your NREN doesn’t participate:

19 High-quality Internet for higher education and research Joining eduroam for an institution Make them do that!!!

20 High-quality Internet for higher education and research Conclusions

21 High-quality Internet for higher education and research Conclusions 802.1X provides secure, scalable access to the campus network Enabling eduroam is a easy once 802.1X is in place Many have already joined, so

22 High-quality Internet for higher education and research Join….

23 High-quality Internet for higher education and research More information eduroam in SURFnet –http://www.eduroam.nlhttp://www.eduroam.nl Usertracking –http://usertracking.surfnet.nl eduroam in Europe –http://www.eduroam.org TERENA TF-Mobility –http://www.terena.nl/mobilityhttp://www.terena.nl/mobility The unofficial IEEE802.11 security page –http://www.drizzle.com/~aboba/IEEEhttp://www.drizzle.com/~aboba/IEEE

Download ppt "High-quality Internet for higher education and research Federated network access with Klaas Wierenga SURFnet Ljubljana, April."

Similar presentations

eduroam Delegate Authentication System with Shibboleth SSO

eduroam Delegate Authentication System with Shibboleth SSO
Joining eduroam Wireless Roaming for Education and Research.

Joining eduroam Wireless Roaming for Education and Research.
Connect. Communicate. Collaborate eduroam: a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 NORDUnet 2008, Espoo,

Connect. Communicate. Collaborate eduroam: a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 NORDUnet 2008, Espoo,
Connect. Communicate. Collaborate eduroam: towards a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 Wi-Fi Workshop,

Connect. Communicate. Collaborate eduroam: towards a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 Wi-Fi Workshop,
Terena Mobility Taskforce update Klaas Wierenga SURFnet.

Terena Mobility Taskforce update Klaas Wierenga SURFnet.
Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June 22 2005 Licia Florio.

Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June Licia Florio.
Eduroam-ng TF-Mobility, Barcelona, 6 September 2005.

Eduroam-ng TF-Mobility, Barcelona, 6 September 2005.
Why eduroam sucks, and how to fix it.

Why eduroam sucks, and how to fix it.
TF Mobility Group 22nd September 20031 A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.

TF Mobility Group 22nd September A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.
SALSA-NetAuth SALSA-FWNA BoF Kevin Miller Duke University Internet2 Member Meeting May 2005.

SALSA-NetAuth SALSA-FWNA BoF Kevin Miller Duke University Internet2 Member Meeting May 2005.
Philippe Hanset ANYROAM LLC

Philippe Hanset ANYROAM LLC
10 October 2003 Internet2 members meeting 1 An update on the work of JANET Wireless Advisory Group & The Terena Mobility Taskforce James Sankar UKERNA.

10 October 2003 Internet2 members meeting 1 An update on the work of JANET Wireless Advisory Group & The Terena Mobility Taskforce James Sankar UKERNA.
Www.ja.net/roaming Copyright JNT Association 2006 The JANET Roaming Service.

Copyright JNT Association 2006 The JANET Roaming Service.
EduRoam ESA workshop 17 December 2004 Utrecht.

EduRoam ESA workshop 17 December 2004 Utrecht.
Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference 2006 9 th November, 2006.

Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference th November, 2006.
Connect communicate collaborate RADIUS and WLAN Infrastructure Monitoring Jovana Palibrk, AMRES NA3 T2, Sofia, 19.06.2014.

Connect communicate collaborate RADIUS and WLAN Infrastructure Monitoring Jovana Palibrk, AMRES NA3 T2, Sofia,
Network Access and 802.1X Klaas Wierenga SURFnet

Network Access and 802.1X Klaas Wierenga SURFnet
High-quality Internet for higher education and research eduroam EuroCAMP, Porto, November 9, 2005

High-quality Internet for higher education and research eduroam EuroCAMP, Porto, November 9, 2005
EduRoam: movilidad por Europa... y España Toledo, 29 de octubre de 2004

EduRoam: movilidad por Europa... y España Toledo, 29 de octubre de 2004
Deliverable H: the interoperability testbed design Klaas Wierenga SURFnet.

Deliverable H: the interoperability testbed design Klaas Wierenga SURFnet.

Similar presentations

Ads by Google