Lecture 6: Implementing Security for Wireless Networks with 2003 - PowerPoint PPT Presentation

1 / 27

About This Presentation

Title:

Lecture 6: Implementing Security for Wireless Networks with 2003

Description:

Lecture 6: Implementing Security for Wireless Networks with 2003 Objectives Overview of Active Directory Overview of Certificate Services How 802.1X with PEAP and ... – PowerPoint PPT presentation

Number of Views:112

Avg rating:3.0/5.0

Slides: 28

Provided by: bwi74

Category:

more less

Transcript and Presenter's Notes

Title: Lecture 6: Implementing Security for Wireless Networks with 2003

1
Lecture 6 Implementing Security for Wireless
Networks with 2003
2
Objectives

Overview of Active Directory
Overview of Certificate Services
How 802.1X with PEAP and Passwords Works
How 802.1X-EAP-TLS Authentication Works
Remote Access policies

3
What Is Active Directory?
Directory Service Functionality
Centralized Management

Organize
Manage
Control

Single point of administration
Full user access to directory resources by a
single logon

Resources
4
Active Directory Objects

Objects Represent Network Resources
Attributes Store Information About an Object

5
Active Directory Logical Structure

Domains
Organizational Units
Trees and Forests
Global Catalog

6
Domains

A Domain Is a Security Boundary
A domain administrator can administer only within
the domain, unless explicitly granted
administration rights in other domains
A Domain Is a Unit of Replication
Domain controllers in a domain participate in
replication and contain a complete copy of the
directory information for their domain

Windows 2000Domain
Replication
User1 User2
7
Organizational Units
Organizational Structure
Network Administrative Model
Vancouver
Sales
Sales
Users
Repair
Computers

Use OUs to Group Objects into a Logical Hierarchy
That Best Suits the Needs of Your Organization
Delegate Administrative Control over the Objects
Within an OU by Assigning Specific Permissions to
Users and Groups

8
Trees and Forests
9
Global Catalog
Queries
Group membership when user logs on
10
Domain Controllers

Domain Controllers
Participate in Active Directory replication
Perform single master operations roles in a domain

A Writeable Copy of the Active Directory
Database
11
Delegating Administrative Control

Assign Permissions
For specific OUs to other administrators
To modify specific attributes of an object in a
single OU
To perform the same task in all OUs
Customize Administrative Tools to
Map to delegated administrative tasks
Simplify interface design

12
What Is a PKI?
The combination of software and encryption
technologies that helps to secure communication
and business transactions
Requirement PKI solutions
Confidentiality Data encryption
Integrity Digital signatures
Authenticity Hash algorithms, message digests, digital signatures
Nonrepudiation Digital signatures, audit logs
Availability Redundancy
13
Components of a PKI
14
What Is a Certification Authority?
15
Roles in a Certification Authority Hierarchy

A root CA is generally configured as a
stand-alone CA and kept offline

16
Certification Authority Hierarchies
Type of hierarchy Description
Root Enhances security and scalability Provides flexible administration Supports commercial CAs Supports most applications
Cross Certification Provides interoperability between businesses and between products Joins disparate PKI organizations Assumes complete trust of a foreign CA hierarchy
17
Offline Root CA Installation Settings
18
Wireless Network Authentication Options for WPA
Wireless network authentication options include

Wireless network security using Protected
Extensible Authentication Protocol (PEAP) and
passwords (802.1X with PEAP)
Wireless network security using Certificate
Services (802.1X with EAP-TLS)
Wi-Fi Protected Access with Pre-Shared Keys
(WPA-PSK)

19
Guidelines for Choosing the Appropriate Wireless
Network Solution
Wireless Network Solution TypicalEnvironment Additional Infrastructure Components Required Certificates Used for Client Authentication Passwords Usedfor Client Authentication Typical Data- Encryption Method
Wi-Fi Protected Access with Pre-Shared Keys (WPA-PSK) Small Office/Home Office (SOHO) None NO YES Uses WPA preshared key to authenticate to network WPA
Password-based wireless network security Small to medium organization Internet Authentication Service (IAS) Certificate required for the IAS server NO However, a certificate is issued to validate the IAS server YES WPA or Dynamic WEP
Certificate-based wireless network security Medium to large organization Internet Authentication Service (IAS) Certificate Services YES NO Certificates used but may be modified to require passwords WPA or Dynamic WEP
20
How 802.1X with PEAP and Passwords Works
Wireless Access Point
Wireless Client
RADIUS (IAS)
1
Client Connect
2
Client Authentication
Server Authentication
Mutual Key Determination
3
Key Distribution
4
WLAN Encryption
Authorization
5
Internal Network
21
How 802.1X-EAP-TLS Authentication Works
Wireless Client
Certification Authority
1
Certificate Enrollment
Wireless Access Point
2
Client Authentication
Server Authentication
RADIUS (IAS)
Mutual Key Determination
4
Key Distribution
5
Authorization
WLAN Encryption
3
6
Internal Network
22
Client, Server, and Hardware Requirements for
Implementing 802.1X
Components Requirements
Client computers Microsoft provides 802.1X clients for Windows 95, Windows 98, Windows NT 4.0, and Windows 2000 operating systems 802.1X is supported by default for Windows XP and Windows Server 2003 operating systems
RADIUS/IAS and certificate servers Dependent upon Windows Server 2003 Certificate Services and Windows Server 2003 IAS An IEEE-compliant 802.1X server can be used for RADIUS or Certificate Services
Wireless access points At a minimum, should support 802.1X and 128-bit WEP for encryption
23
PKI Requirements for Wireless Network Security
To prepare the PKI for wireless security