Q The assignment is for MN603 Wireless Networks and Security-Design &implementation of secure enterprise wireless network Home, - MN603 Wireless Networks and Security MN603 Wireless Networks and Security Design and implementation of secure enterprise wireless network Introduction In the recent network design local area network having wireless access is very vital for connection of mobile devices to the network. So its security is essential to make the network reliable and secure from external attackers. IEEE802.11x and RADIUS server help the open wireless network administrator to control and monitor the network from illegal and unauthorized access to the network. In this report the wireless network design will have ethical implications that are described along with the security issues. The implementation of WPA2 and RADIUS server is done in Boson Netsim . The network is analyzed based on the network integrity, authentication, availability and confidentiality. Finally the simulated results along with the configuration is added which is proof of plan fro the secure wireless network design. Explore ethical implications The open wireless network are very unsafe for access of the network, as it is free and any person when authorized or unauthorized can access the network. The attackers can steal the username or password or inject viruses in the system. The WIFI routers when used without any key or password, becomes very dangerous as it can be used by criminals and attackers, which the network administrator have no control. While designing the secure wireless network there are some ethical implication which we need to take care, these are discussed below • Without permission of the network administrator never connect to open wireless network which is not your own. • WE should not use any personal information or share anything which will breach the security of the network. • Detecting the users of the network is legal for the own network. • The network administration of the organization can check the personal information of the users of the wireless network. • The open wireless network is free and very unsafe to use account of finance related information. • The bandwidth of the wireless network will be used by the unauthorized persons, which will make the network slow for the legitimate users. • Spam mails can be sent to the users of the wireless network by some unwanted person, which will waste the time and security issue will be caused. Analyze secure enterprise wireless network The secure wireless network of the university is designed using WPA2 and RADIUS server. Following aspects are considered in designing the network 1. Confidentiality 2. Integrity 3. Availability 4. Authentication 5. Authorization RSN concept is used in WPA2 in which IEEE 802.11 MAC protocol is used in large numbers. The authentication and key management in the network is done by WPA2. IEEE 802.11i protocol is used to improve the security which is not included in WEP, these are as follows: • Authentication • Data transfer • Key management In WAP2 architecture, single component is used for integrity and key management. This makes it different from WPA and WEP, thus WAP2 CCMP is based on AES i.e. Advanced Encryption Security. The CCMP has following functions: ? Counter mode is used to protect the data from unauthorized access. ? CBC-MAC to 802.1x network is needed for message integrity. ? EAP for 802.11i is performed for the authorization to improve security of WAP2. ? Dynamic key distribution is used by WAP2 and also compared to WEP it has new scheme for encryption. In EAP transport The RADIUS server is used in WPA protocol which is called as AAA protocol for the authentication of the wireless users. IT uses key distribution features to provide security to the new packets using EAP and RADIUS. WAP2 compared to WEP generates unique key which is used to encrypt the new packets in the wireless network which enhances the security features of the network. Unauthorized access is denied as the key needed to decrypt the packets are not available to them. The complex security features of WAP2 over WEP or WAP is as follows: ? AES provides enhanced security feature. ? Very strong and secure key management ? Two- way authentication decreases the external attacks to the wireless network. ? CBS –MAC protocol provides good message integrity. The complex encryption and decryption of data is used in WAP2, it CCMP is based on AES i.e. Advanced Encryption Security which enhances the security feature of the wireless network. The major disadvantage of WAP2 id the requirement of additional equipment’s and software’s to run the algorithm, thus it increases the cost of the network. Additional devices required for encryption and decryption also increases the network delay in the system. The pre-shared key is used in home network and 802.1x along with RADIUS server is used in enterprise wireless network. WAP2 can be easily used on previous WAP running devices by up gradation. The WAP2 and RADIUS server will give the control to the network administrator to guard the network from external unauthorized access to the network. Implementation of a secure enterprise wireless network using WPA2 and the RADIUS server Wireless network has some security issues are given below 1.The WPA/TKIP encryption maintained on the ensured frameworks made them helpless against potential strikes and dangerous development, as attempts for the TKIP tradition are by and by openly available and being adequately utilized. 2. The guest prisoner section mastermind had customer devices with auto interface enabled connecting with it, realizing truly fast IP resource weariness and degradation of system resources. This decreased the general comprehension for true blue customers. 3. Customers intended to use the eduroam organize at their home site i.e. Loughborough, were at times unfit to get to the eduroam orchestrate when visiting other informational frameworks in view of wrong outline. To address the above issues, an imperative decision as a component of an anomalous state group total was taken to organize the general course of action of remote to simply use the eduroam SSID regardless of what you look like at it for all customers over the school and simply encourage WPA2/AES as the security/encryption standard. The acquaint for this decision was with address clearly the three issue areas; moreover, it is definitely not hard to expand the structure in this setup to encourage all customers. As an element of the latest remote measures, predominantly 802.11i, it was extremely endorsed to help just WPA2/AES based encryption and it was agreed this would be achievable as all merchants presently support it. Finally, the guest prisoner door on the corporate framework ought to have been dispensed with as it offered unimportant security features and its gear was end of life. The WAP 2 devices compatible with previous WAP devices which can upgrade to WAP 2to support AES technique. The WAP 2 and RADIUS server configuration of any network which help to the network administrator can easily monitor and guard the network from unauthorized user to access the network. These two techniques are used to reduce the security attacks which includes DoS attacks in the network architecture. The WAP 2 and RADIUS server combination will help to secure the enterprise wireless network even though it is necessary to plan and implement above stated technologies based on requirements. The WAP 2 and RADIUS server configuration of any network which help to the network administrator can easily monitor and guard the network from unauthorized user to access the network. These two techniques are used to reduce the security attacks which includes DoS attacks in the network architecture. The WAP 2 and RADIUS server combination will help to secure the enterprise wireless network even though it is necessary to plan and implement above stated technologies based on requirements. Clients were permitted to move and the old SSID's were step by step resigned. Setup steps consolidated the going with: ? IP tending to organizing and game plan of DHCP augmentations to oblige additional customers. This would on a very basic level mean reallocating IP resources from the current corporate remote organization into a contiguous area space. ? Reconfigure SSID settings for eduroam to simply recognize WPA2/AES and reject some other tradition. • A self-stamped confirmation issued by the RADIUS servers is used by clients to orchestrate relationship with the RADIUS servers before help customer approval happens. ? Most of the system which starting at now existed for the eduroam advantage was broadened and used in this development method. The RADIUS settings were maintained just to recognize and endorse customers that have their outer area organized i.e. @lboro.ac.uk. This is to ensure the 802.1X profile plan is done precisely on the customer's machine, which would similarly help avoid issues while using eduroam at remote areas. ? A setup SSID was advanced for new customers which occupied customers to download the plan gadget to normally outline the client with the new settings. To ensure distinctive customers on grounds did not have conflicts while joining the remote framework, the past enormous business SSID used by customers on grounds was switched to concealed and simply used by legacy benefits that required it, for instance, machines organized by the XP Staff Desktop organizations. ? Centers on grounds that required a once simply record based remote organization for get-togethers and social occasions et cetera were out and out taught to use a particular SSID which is an open framework directed by a prisoner door kept to guests and visitors at specific zones. ? The endeavor was totally maintained by the IT Project Management Board. There were certain issues experienced as a component of the development technique. A part of the key’s ones were: ? Users with consistent hardware and unsupported remote devices were not capable interface with the remote framework. ? Users were having issues using the setup mechanical assembly basically in light of nonappearance of administrative advantages. Documentation was orchestrated and coursed on the most capable technique to address this issue. ? A continuous invigorate to Mac OS X 10.6.5 gave bugs remote frameworks organization which blended with the upgrade. Conclusion Secure enterprise wireless network to achieve authentication mechanism and prevent the network from vulnerability. Secure enterprise wireless local area networks LANs plays vital role in the modern network architecture which can support mobile devices. An enterprise wireless LAN network configure with IEEE802.11x and RADIUS server which help the network administrator can easily monitor the wireless network from illegal access and reduce the security attacks such as DoS attacks. This report discussed about the ethical implication to design and implement of wireless LAN network, design secure enterprise wireless network in Boson Netsim, Analysis the secure enterprise wireless network using WPA2 and RADIUS server in term of Integrity, Availability, Confidentiality, Authentication and Authorization, implement secure enterprise wireless network using WPA2 and RADIUS server and finally test the simulate wireless LAN network to check authentication, de-association , association and ping each terminal on the wireless LAN network.