wireless network security

hi, i am given a project on wireless network security, can i have more information about how RADIUS, VPN and IPsec works in the wireless environment? Does the three of them needs to be implemented together?
 thanks
phinieAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Pete LongTechnical ConsultantCommented:
Hi phinie,
Is this a homework question?

PeteL
0
Justin CAWS Solutions ArchitectCommented:
Strange question.  The wireless network is just the meduim over which the other protocols communicate.  VPN is how the system connects to the remote network, IPSec is how the systems authenticate to each other(AH) and how they encrypt data if that feature is enabled(ESP), and RADIUS authenticates the user and checks to ensure they're permitted by policy to establish a connection.  If this is a project on wireless security I'd think they'd be more interested in how WEP, 802.1x, and other vendor specifc security protocols can be implemented.

The three don't have to be implemented together, or at all.  
0
KingHollisCommented:
I'm not sure that this is as strange a question as it looks on the surface.

Which type of networking technology can authenticate users coming from an untrusted space and encrypt their communication so that someone listening can't intercept it? The answer is a VPN.

A VPN solves wireless networking's current deficiencies [WEP]. Granted, getting connected becomes a bit more difficult for your users. But if you've already invested time in building a VPN infrastructure for your mobile users to access your organization's network, installing a VPN to authenticate wireless users is a relatively simple process.

First, picture this:

Wireless User-->AP-->VPN Server-->RADIUS Server, DHCP, DC, and rest of protected network.

1. Wireless users associate with the access point but are given a non-secure address [either from the AP or DHCP on the VPN server] for example 172.27.0.10 - 172.27.0.50. They will at this point be able to communicate with only the VPN server and other non authenticated wireless clients in the 172.27.0.0/24 subnet.

2. If the VPN server has an address of 172.27.0.1 then wireless clients could attempt a VPN connection to 172.27.0.1.
3. The VPN server could then authenticate the user against the DC or, if there are multiple access points and VPN servers, it could use the RADIUS server for centralized authentication.
4. Once authenticated, the internal network 10.10.100.0/24 could issue the wireless client a trusted address via DHCP or the VPN server could issue one from it's static pool. And voila the wireless user is authenticated and communicating securely through the VPN.
5. You could use IPSEC on the VPN server to filter out all requests other than VPN attempts.

To strengthen this security, you could use EAP-TLS which would allow you to authenticate the machine and the user, but would require using certificates.

So, to answer your question, no they don't all have to be implemented together. But to get the strongest and best solution, yes!

For other useful security measures, you can explore the topics mentioned by BloodRed.
0
ON-DEMAND: 10 Easy Ways to Lose a Password

Learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees in this on-demand webinar. We cover the importance of multi-factor authentication and how these solutions can better protect your business!

KingHollisCommented:
phinie,

Did you get sorted out here? Do you still require assistance?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Pete LongTechnical ConsultantCommented:
Hello this question has been open a while please take the time to come back and clean it up.

Closing Questions
http://www.experts-exchange.com/help.jsp#hs5


Best Wishes

Pete
www.petenetlive.com
0
KingHollisCommented:
Pete,

I gotta feel like I nailed this one.

Regards,

~KingHollis~
0
Pete LongTechnical ConsultantCommented:
NO arguments from me M8 :)
0
KingHollisCommented:
Cheers!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.