Presentation is loading. Please wait.

Presentation is loading. Please wait.

SECURE WIRELESS NETWORK IN IŞIK UNIVERSITY ŞİLE CAMPUS.

Published byAmi Harmon Modified over 8 years ago

Similar presentations

Presentation on theme: "SECURE WIRELESS NETWORK IN IŞIK UNIVERSITY ŞİLE CAMPUS."— Presentation transcript:

1 SECURE WIRELESS NETWORK IN IŞIK UNIVERSITY ŞİLE CAMPUS

2 Designed by VOLKAN MUHTAROĞLU Designed by VOLKAN MUHTAROĞLU

3 WLAN(Wirelass LAN) We introduced at 1986 for use in barcode scanning. We introduced at 1986 for use in barcode scanning. A properly selected and installed Wi-Fi or wireless fidelity. A properly selected and installed Wi-Fi or wireless fidelity. 802.11a, 802.11b, 802.11g technologies, 802.11g is the latest technology. These are IEEE standard. 802.11a, 802.11b, 802.11g technologies, 802.11g is the latest technology. These are IEEE standard.

4 GENERAL TOPOGOLY OF WLAN

5 THE PROJECT THE PROJECT  The problem is, how can three different users access over an access point to different type of data with securily in our campus.  As another word, if we choose there people such as; student, university staff and data processing center worker can access different type of data or they have different rights when access from the access point by securily.

6 THREE DIFFERENT USER 1) Student 2) University Staff 3) Data Processing Center Worker

7 COMPONENTS OF SECURE WIRELESS NETWORK I. Cisco Aironet 1100 Series Access Point II. Radius Server III. Two Switch(One of them is Managable Switch, the other one is Backbone Switch) IV. Vlan V. Cisco PIX Firewall VI. WEP & LEAP VII. Database Server VIII. Intranet Web Server

8 Cisco Aironet 1100 Series Access Point  It is a wireless LAN transceiver.  1100 series is cheaper than the others and its performances is really efficient.  It is also managable easily and common all over the world.

9 RADIUS SERVER  RADIUS is a distributed client/server system that secures networks against unauthorized access.  Use RADIUS in these network environments, which require access security  This server also called AAA Server which means Audit, Authentication and Accounting.  In my project Radius Server will provide Authentication and Mac filtering.

10 SWITCHES Managable Switch Managable Switch Backbone Switch Backbone Switch  I will use three different type IP. Student will take 10.0.x.x, University Staff will take 10.50.x.x, Data Processing Center Worker will take 192.168.x.x.

11 VLAN VLAN is a switched network that is logically segmented. VLAN is a switched network that is logically segmented. I will use Vlan for having different kind of rights of these there different type of users on WLAN. I will use Vlan for having different kind of rights of these there different type of users on WLAN.

12 CISCO PIX FIREWALL I chose it because I have it.

13 DATABASE AND INTRANET WEB SERVER Database Server : Only Data Processing Center Worker can access these server. Intranet Web Server : Only University Staff and Only Data Processing Center Worker can access these server.

14 HOW WILL DESIGN BE?  Firstly; how will student, university staff and data processing center worker be on the different Vlan, how can I give different rights them.  The second thing is how these people come to these Vlan.  The third thing which is most important how I can provide security.

15 SSID(Service Set Identifer) When connect to WLAN you will see the name of WLAN, which is SSID. When connect to WLAN you will see the name of WLAN, which is SSID.

16 FOR VLAN 1 If we define two different SSID, one of them broadcasting, the other one is secret. If we define two different SSID, one of them broadcasting, the other one is secret.  For instance; our broadcasting SSID is tsunami; our not broadcasting(secret) SSID is Private. If you connect WLAN with access point everybody sees automatically tsunami SSID. Also when you connect this, you will come to Vlan 1 and this Vlan provides to access only Internet.

17 AUTHENTICATION If you are not student; you write the not broadcasting SSID name for accessing, at that time you will see the Username-Password Window for having different kind of rights. If you are not student; you write the not broadcasting SSID name for accessing, at that time you will see the Username-Password Window for having different kind of rights. When you enter the username-password, the information come to Radius Server. When you enter the username-password, the information come to Radius Server. And now; EAP (Extensible Authentication Protocol) uses. And now; EAP (Extensible Authentication Protocol) uses.

18 AUTHENTICATION TOPOLOGY

19 WEP(Wired Equivalent Privacy ) i. WEP is an encryption algorithm used by the Shared Key authentication process for authenticating users and for encrypting data payloads over only the wireless segment of the LAN. ii. The secret key lengths are 40-bit or 104-bit yielding WEP key lengths of 64 bits and 128 bits. iii. WEP key is an alphanumeric character string used in two manners in a wireless LAN. iv. WEP key can be used : Verify the identity of an authenticating station. Verify the identity of an authenticating station. WEP keys can be used for data encryption. WEP keys can be used for data encryption.

20 CRITERIA The 802.11 standard specifies the following criteria for security: Exportable Exportable Reasonably Strong Reasonably Strong Self-Synchronizing Self-Synchronizing Computationally Efficient Computationally Efficient Optional Optional WEP meets all these requirements. WEP supports the security goals of confidentiality, access control, and data integrity.

21 WEP KEY WEP key is an alphanumeric character string used in two manners in a wireless LAN. WEP key is an alphanumeric character string used in two manners in a wireless LAN. WEP key can be used : WEP key can be used : Verify the identity of an authenticating station. Verify the identity of an authenticating station. WEP keys can be used for data encryption. WEP keys can be used for data encryption.

22 WEP KEY TABLE

23 EAP(Extensible Authentication Protocol )  This authentication type provides the highest level of security for your wireless network.  Using the Extensible Authentication Protocol (EAP) to interact with an EAP-compatible RADIUS server.  This is type of dynamic WEP key.  There are five different type of EAP, I will use LEAP (Lightweight Extensible Authentication Protocol, designed by Cisco) which is the most secure.

24 LEAP TOPOLOGY

25 MAC(Media Access Control) ADDRESS FILTERING Server checks the address against a list of allowed MAC addresses. Server checks the address against a list of allowed MAC addresses. If your MAC address is University Staff’s MAC address, you wil come to Vlan 2 and you will have thoose rights, if your MAC address is data processing center worker’s address, you will come Vlan 3 also you will have those rights. If your MAC address is University Staff’s MAC address, you wil come to Vlan 2 and you will have thoose rights, if your MAC address is data processing center worker’s address, you will come Vlan 3 also you will have those rights.

26 MAC FILTERING TOPOLOGY

27 STUDENT TOPOLOGY-1

28 STUDENT TOPOLOGY-2

29 STUDENT GENERAL TOPOLOGY

30 UNIVERSITY STAFF TOPOLOGY-1

31 UNIVERSITY STAFF TOPOLOGY-2

32 UNIVERSITY STAFF TOPOLOGY-3

33 UNIVERSITY STAFF GENERAL TOPOLOGY

34 DATA PROCESSING CENTER WORKER TOPOLOGY-1

35 DATA PROCESSING CENTER WORKER TOPOLOGY-2

36

37 DATA PROCESSING CENTER WORKER GENERAL TOPOLOGY

38 SECURITY POLICY   The purpose of this policy is to provide guidance for the secure operation and implementation of wireless local area networks (WLANs).

39 AUTHENTICATION   University Staff and Data Processing Center Worker have to authenticate the system if they want to have different kind of rights.   For authentication, username and password authentication is used so users must use strong passwords (alphanumeric and special character string at least eight characters in length).   Shared secret (or shared key) authentication must be used to authenticate to the WLAN

40 ENCRYPTION & ACCESS CONTOL   Distinct WEP keys provide more security than default keys and reduce the risk of key compromise.  SSID  MAC(Media Access Control)

41 FIREWALL   Firewall provide security based on ports.

42 PHYSICAL AND LOGICAL SECURITY   Access point must be placed in secure areas, such as high on a wall, in a wiring closet, or in a locked enclosure to prevent unauthorized physical access and user manipulation.   Access point must have Intrusion Detection Systems (IDS) at designated areas on Campus property to detect unauthorized access or attack.

43 CONCLUSION With this design Student, University Staff and Data Processing Center Worker can access securily; wherever they want, don’t use extra devices or don’t make any adjusting.

44 QUESTION ? QUESTION ?

45 REFERENCES Cisco Press 802.11 Wireless Network Site Surveying and Installation book. Cisco Press 802.11 Wireless Network Site Surveying and Installation book. Cisco Securing 802.11 Wireless Networks handbook. Cisco Securing 802.11 Wireless Networks handbook. Cisco Aironet 1100 Series Access Point Quick Start Guide. Cisco Aironet 1100 Series Access Point Quick Start Guide. Certified Wireless Network AdministratorTM Official Study Guide. Certified Wireless Network AdministratorTM Official Study Guide. Wireless Network Solutions (Paul Williams) Wireless Network Solutions (Paul Williams) http://www.cisco.com/en/US/tech/tk722/tk809/tk723/tsd_technol ogy_support_sub-protocol_home.html http://www.cisco.com/en/US/tech/tk722/tk809/tk723/tsd_technol ogy_support_sub-protocol_home.html http://www.cisco.com/en/US/tech/tk722/tk809/tsd_technology_su pport_protocol_home.html http://www.cisco.com/en/US/tech/tk722/tk809/tsd_technology_su pport_protocol_home.html http://www.webopedia.com/TERM/M/MAC_address.html http://www.webopedia.com/TERM/M/MAC_address.html http://searchnetworking.techtarget.com/originalContent/0,289142,sid 7_gci843996,00.html http://searchnetworking.techtarget.com/originalContent/0,289142,sid 7_gci843996,00.html

Download ppt "SECURE WIRELESS NETWORK IN IŞIK UNIVERSITY ŞİLE CAMPUS."

Similar presentations

Security in Wireless Networks Juan Camilo Quintero D. 1041718.

Security in Wireless Networks Juan Camilo Quintero D
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Configure a Wireless Router LAN Switching and Wireless – Chapter 7.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Configure a Wireless Router LAN Switching and Wireless – Chapter 7.
How secure are 802.11b Wireless Networks? By Ilian Emmons University of San Diego.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Wireless Technologies Networking for Home and Small Businesses – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Wireless Technologies Networking for Home and Small Businesses – Chapter.
Security Awareness Chapter 5 Wireless Network Security.

Security Awareness Chapter 5 Wireless Network Security.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.

Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security.
Chapter 8: Configuring Network Connectivity. Installing Network Adapters Network adapter cards connect a computer to a network. Installation –Plug and.

Chapter 8: Configuring Network Connectivity. Installing Network Adapters Network adapter cards connect a computer to a network. Installation –Plug and.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Chapter Extension 8 Understanding and Setting up a SOHO Network © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 8 Understanding and Setting up a SOHO Network © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Top-Down Network Design Chapter Eight Developing Network Security Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Top-Down Network Design Chapter Eight Developing Network Security Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—3-1 Wireless LANs Understanding WLAN Security.

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—3-1 Wireless LANs Understanding WLAN Security.
Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.

Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.

Similar presentations

Ads by Google