Solved

wireless network security

Posted on 2003-12-04
10
307 Views
Last Modified: 2013-12-04
hi, i am given a project on wireless network security, can i have more information about how RADIUS, VPN and IPsec works in the wireless environment? Does the three of them needs to be implemented together?
 thanks
0
Comment
Question by:phinie
  • 4
  • 3
10 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 9873445
Hi phinie,
Is this a homework question?

PeteL
0
 
LVL 10

Expert Comment

by:BloodRed
ID: 9879280
Strange question.  The wireless network is just the meduim over which the other protocols communicate.  VPN is how the system connects to the remote network, IPSec is how the systems authenticate to each other(AH) and how they encrypt data if that feature is enabled(ESP), and RADIUS authenticates the user and checks to ensure they're permitted by policy to establish a connection.  If this is a project on wireless security I'd think they'd be more interested in how WEP, 802.1x, and other vendor specifc security protocols can be implemented.

The three don't have to be implemented together, or at all.  
0
 
LVL 10

Expert Comment

by:KingHollis
ID: 9892522
I'm not sure that this is as strange a question as it looks on the surface.

Which type of networking technology can authenticate users coming from an untrusted space and encrypt their communication so that someone listening can't intercept it? The answer is a VPN.

A VPN solves wireless networking's current deficiencies [WEP]. Granted, getting connected becomes a bit more difficult for your users. But if you've already invested time in building a VPN infrastructure for your mobile users to access your organization's network, installing a VPN to authenticate wireless users is a relatively simple process.

First, picture this:

Wireless User-->AP-->VPN Server-->RADIUS Server, DHCP, DC, and rest of protected network.

1. Wireless users associate with the access point but are given a non-secure address [either from the AP or DHCP on the VPN server] for example 172.27.0.10 - 172.27.0.50. They will at this point be able to communicate with only the VPN server and other non authenticated wireless clients in the 172.27.0.0/24 subnet.

2. If the VPN server has an address of 172.27.0.1 then wireless clients could attempt a VPN connection to 172.27.0.1.
3. The VPN server could then authenticate the user against the DC or, if there are multiple access points and VPN servers, it could use the RADIUS server for centralized authentication.
4. Once authenticated, the internal network 10.10.100.0/24 could issue the wireless client a trusted address via DHCP or the VPN server could issue one from it's static pool. And voila the wireless user is authenticated and communicating securely through the VPN.
5. You could use IPSEC on the VPN server to filter out all requests other than VPN attempts.

To strengthen this security, you could use EAP-TLS which would allow you to authenticate the machine and the user, but would require using certificates.

So, to answer your question, no they don't all have to be implemented together. But to get the strongest and best solution, yes!

For other useful security measures, you can explore the topics mentioned by BloodRed.
0
 
LVL 10

Accepted Solution

by:
KingHollis earned 100 total points
ID: 10339528
phinie,

Did you get sorted out here? Do you still require assistance?
0
New! My Passport Wireless Pro Wi-Fi Mobile Storage

Portable wireless storage to offload, edit, and stream anywhere.

High-capacity, wireless mobile storage designed to accompany professional photographers and videographers in the field to easily offload, edit and stream captured photos and high-definition videos.

 
LVL 57

Expert Comment

by:Pete Long
ID: 11150707
Hello this question has been open a while please take the time to come back and clean it up.

Closing Questions
http://www.experts-exchange.com/help.jsp#hs5


Best Wishes

Pete
www.petenetlive.com
0
 
LVL 10

Expert Comment

by:KingHollis
ID: 11177117
Pete,

I gotta feel like I nailed this one.

Regards,

~KingHollis~
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11181806
NO arguments from me M8 :)
0
 
LVL 10

Expert Comment

by:KingHollis
ID: 11236665
Cheers!
0

Featured Post

Scale it in WD Gold

With up to ten times the workload capacity of desktop drives, WD Gold hard drives employ advanced technology to deliver among the best in reliability, capacity, power efficiency and performance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Microsoft CA 2012 R2 with 2008 R2 Issuing CA 3 54
Nessus Scan 1 69
suspending the anti virus 6 113
Server 2008-R2 lost password 19 97
As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now