1 |
Network Admission Control (NAC)Securing end point devicesYusuf, Adewale, Lartey, Jerry, Wareus, Vilhelm January 2010 (has links)
<p>There have been remarkable growths in wireless communication networks in</p><p>recent years; this is because of its merits over the wired networks such as</p><p>Mobility and convenience. Wireless networks transmit the signal over the</p><p>open air via radio waves of different frequencies, this makes it to be</p><p>vulnerable to several attacks and anybody on the street can easily intercept the</p><p>wireless data or inject new data into the entire network. There has been</p><p>existence of wired equivalent privacy (WEP) protocol (IEEE 802.11i), which</p><p>was designed for wireless network security. There were concerns of security</p><p>vulnerabilities in WEP; this made it necessary for the implementation of</p><p>another solution to overcome the weaknesses of the previous wireless</p><p>network security. The IEEE 802.1X (port-based network admission control)</p><p>which is defined on Extensible Authentication protocol (EAP) provides</p><p>effective and efficient admission control to wireless and other networks</p><p>devices [8].</p><p>Our thesis investigates the efficiency of NAC (IEEE 802.1X) as a security</p><p>solution, access different vendor solutions, protocols supported and look into</p><p>the inter-operability of these various vendors. In as much as we support the</p><p>premise of NAC being an excellent solution, we will also make brilliant</p><p>recommendations in this thesis to be considered for future refinements of this</p><p>security solution as well as deployment scenarios for the university network.</p>
|
2 |
Network Admission Control (NAC)Securing end point devicesYusuf, Adewale, Lartey, Jerry, Wareus, Vilhelm January 2010 (has links)
There have been remarkable growths in wireless communication networks in recent years; this is because of its merits over the wired networks such as Mobility and convenience. Wireless networks transmit the signal over the open air via radio waves of different frequencies, this makes it to be vulnerable to several attacks and anybody on the street can easily intercept the wireless data or inject new data into the entire network. There has been existence of wired equivalent privacy (WEP) protocol (IEEE 802.11i), which was designed for wireless network security. There were concerns of security vulnerabilities in WEP; this made it necessary for the implementation of another solution to overcome the weaknesses of the previous wireless network security. The IEEE 802.1X (port-based network admission control) which is defined on Extensible Authentication protocol (EAP) provides effective and efficient admission control to wireless and other networks devices [8]. Our thesis investigates the efficiency of NAC (IEEE 802.1X) as a security solution, access different vendor solutions, protocols supported and look into the inter-operability of these various vendors. In as much as we support the premise of NAC being an excellent solution, we will also make brilliant recommendations in this thesis to be considered for future refinements of this security solution as well as deployment scenarios for the university network.
|
3 |
Audit podnikových WiFi sítí založených na standardu 802.1X / 802.1X Based Wireless Network Security AuditAntal, Lukáš January 2012 (has links)
This term project analyzes the security of 802.1X based wireless networks and presents the methodology for auditing these networks. The thesis describes various methods of the EAP authentication protocol used in wireless networks, security risks arising from their usage and recommendations for mitigating these risks. The paper also includes implementation of applications for 802.1X based wireless network audit focusing on the EAP protocol processing.
|
4 |
Non-binary Authentication : SupplicantZhang, Hengchong January 2009 (has links)
There are a number of authentication methods for wireless local area networks. The IEEE 802.1x standard is one such method. This standard specifies a port-based access control protocol. There are three entities involved: a supplicant (a device that wishes to have network access and perhaps other services), an Access Point (AP) or other port to which access is to be controlled, and an Authentication Server (AS). The goal of this project was to design, implement, and evaluate a prototype of a non-binary alternative to IEEE 802.1x authentication. This report focuses on the supplicant. Specifically it describes the design, implementation, and evaluation of a supplicant program to test and stress the authenticator, in order to evaluate a non-binary authentication process. Following, a brief introduction is given to the problem that is to be solved, a number of existing IEEE 802.1x supplicants are described and compared. Following this, a number of potential non-binary authentication processes are analyzed. The ability of a supplicant to send and receive packets before and after authentication is also examined. Based upon our implementation and evaluation of a supplicant and an emulation of the non-binary authentication process, we conclude that non-binary authentication is both feasible and valuable. Furthermore, the thesis evaluates why and how non-binary authentication is valuable from the viewpoint of a supplicant. Additional future work is suggested at the end of this thesis. / Det finns ett antal metoder för trådlösa lokala nätverk. IEEE 802.1x-standarden är en sådan metod. Denna standard anger en port-baserad passagekontroll protokollet. Det finns tre enheter som är inblandade: en supplikant (en enhet som vill ha tillträde till nät och kanske andra tjänster), ett Access Point (AP) eller annan hamn som tillgång är att vara kontrollerad, och en Authentication Server (AS). Målet med projektet var att utforma, genomföra och utvärdera en prototyp av en icke-binära alternativ till IEEE 802.1x-autentisering. Denna rapport fokuserar på supplikant. Specifikt beskrivs utformning, genomförande och utvärdering av en supplikant program för att testa och betona authenticator, för att utvärdera ett icke-binära autentiseringsprocessen. Efter en kort introduktion ges till de problem som ska lösas, ett antal befintliga IEEE 802.1x supplikants beskrivs och jämförs. Efter detta har ett antal potentiella icke-binära autentisering processer analyseras. Möjligheten för en supplikant att skicka och ta emot paket före och efter autentisering är också undersökas. Baserat på vårt genomförande och utvärdering av en supplikant och en emulering av den icke-binära autentisering kan vi dra slutsatsen att icke-binära autentisering är både möjligt och värdefullt. Dessutom, avhandlingen utvärderar varför och hur icke-binära autentisering är värdefull ur ett supplikant. Ytterligare framtida arbetet föreslås i slutet av denna uppsats.
|
5 |
Zabezpečený přístup k lokální počítačové síti / Secure access to local area networkKočiš, Jan January 2016 (has links)
This master's thesis deals with the field of secure access to the local area computer network. The main aim of the thesis is to characterize theoretical background of controlled access to computer networks, which includes security principles, recommended practices, authentication methods, network protocols and related processes. This thesis also includes practical usage of acquired knowledge by implementing secure access to local area network in a real environment.
The first part characterize the theoretical principles underlying the design and implementation of the entire system.
The practical part deals with the implementation of specific secure access to the local area computer network solution in the engineering company. The first part introduces the company, its environment and requirements. The following section describes performed analysis of the original state and based on the obtained information summarizes the proposed solution. Implementation of the comprehensive system of the controlled access to the local area network is described in detail in the next section. Description of the system deployment into production operation process, the definition of acceptance tests and recommendations for solving of potential issues are part of this work as well. Conclusion chapter contains summary of the system's economic aspects and the potential impacts on information systems operation in the company.
Final evaluation summarizes the thesis, highlights the benefits of the implemented system and analyses its weak points, with recommendations for further development. It finds the designed secure access to the local network as a suitable, secure and practical way to control access to local network resources.
|
6 |
Autentizace síťových portů pomocí protokolu 802.1X ve firemním prostředíMalinka, Tomáš January 2014 (has links)
This thesis describes the draft and implementation of a new security with 802.1x in the corporate environment. The work is divided into two parts. The first part outlines the topic theoretically and the second part solves specific draft using 802.1x and its implementation in the corporate environment. The implementation is outlined with configuration of end clients, switches including RADIUS server and settings in AD. During the implementation, there is also described the authentication of devices by Mac Authentication Bypass.
|
7 |
Security and Authentication for 802.11 Wireless NetworksGetraide, Michel 21 May 2004 (has links)
Wireless Networks is a very growing market. However, the security measures are not strong enough; the WEP security protocol is flawed. The 802.11 Task Group I is working on new security measures in order to strengthen the access control of users, the privacy and the integrity of data. We will describe the WEP flaws and the new security measures of 802.11 Task Group I. Finally, we will propose a new architecture to improve user identification for the wireless network of our department.
|
8 |
Snabb och säker roaming i WLAN / Fast and Secure Roaming in WLANFalk, Magnus January 2004 (has links)
<p>This thesis investigates how Ericsson AB should do to achieve fast and secure handover when roaming in a WLAN. It also provides a security analysis of the system that the wireless access point is part of. The reason for this is that Ericsson is selling an access point called the ABS 2200 aimed at the public hotspot market. </p><p>The premise was that they wanted a standardized way of handling the roaming issue. At the outset the 802.11F standard looked like a good alternative (in fact the only standardized alternative). Towards last stages of the work though, it was discovered that the 802.11F standard is no longer supported by IEEE. </p><p>Despite this fact, the conclusion is that secure and fast roaming can be attained if 802.11F is combined with the security standard 802.11i. </p><p>The security analysis concludes that Denial Of Service is a major threat to WLAN hotspots. It also points out the link between the access point and authentication server is the weakest link in the system. The recommendation is that this link receives an additional layer of protection through IPsec withESP. The algorithm recommendations for ESP are AES for confidentiality and SHA-1 for integrity. </p><p>This thesis can also be used as a primer on security in WLAN and contains an extensive glossary making it useful as a reference when reading 802.11 standards.</p>
|
9 |
Implementering av 802.1x i trådbundna datanätverk / Implementation of 802.1x in wired computer networksForsman, Gustaf, Hult, Daniel January 2008 (has links)
<p>I dagsläget ligger oftast fokus för datasäkerhet hos de flesta företag och organisationer på att skydda gränsen mellan det egna interna datanätverket och det yttre publika. Detta kan leda till att skyddet på insidan försummas och öppna upp möjligheter för olika typer av obehörig användning.</p><p>Företag X har ett stort datanätverk med behov av skydd på insidan. Detta beror på att fysisk tillgång till nätverket är svår att begränsa på grund av att det till största del är placerat i öppna miljöer. Detta examensarbete behandlar en implementation av standarden 802.1x hos detta företag. 802.1x gör det möjligt att begränsa användandet av datanätverket baserat på vilka premisser ändutrustningen verifierar sig med. Åtkomst till nätverket sätts redan på den fysiska porten i nätverket där utrustningen kopplas in.</p><p>Kraven och önskemålen från företaget har varit att ta fram och genomföra test av en lösning som innehåller verifieringsmetoder för olika typer av ändutrustning. Kraven har inkluderat metoder för att verifiera ordinarie användare, besökare och övrig utrustning. Dessutom fanns krav på att lösningen inte skulle påverka nuvarande produktionssystem nämnvärt samt vara redundant för att garantera kontinuerlig tillgänglighet.</p><p>För att ta fram denna lösning utfördes laborationer i en miljö som motsvarar företagets produktionsmiljö. Lösningen som togs fram bygger i månt och mycket på befintliga komponenter i företagets datasystem. En radiusserver tar emot inloggningsförfrågningar från ändutrustning och verifierar mot katalogtjänsten. För att passa in i nuvarande system har FreeRADIUS använts för detta ändamål då funktionalitet finns för samarbete gentemot företagets befintliga katalogtjänst som är Novell eDirectory. Olika sorters användare och ändutrustning får sedan tillgång till rätt resurser dynamiskt beroende på deras förutbestämda rättigheter.</p> / <p>In today’s computer networks, the companies and organisations concerns of security mostly are about protecting the border between the internal and external networks. This can lead to neglecting the inside protection which creates opportunities for unauthorized usage of the companies resources.</p><p>The company that this thesis discusses have a large computer network with protection needed on the inside as physical access to the network is hard to limit due to open environments. This thesis focuses on an implementation of the 802.1x standard at the above mentioned company. 802.1x make it possible to limit usage of the computer network based on the credentials delivered from the connected devices. The devices get validated on the physical port that they connect to the network through.</p><p>The company requested a solution which included methods for authentication of different kinds of users and equipment. This could be regular users, visitors and other devices. Part from that there were demands of a minimal influence on the existing environment and redundancy to guarantee highest possible availability.</p><p>To reach the solution, a test setup was implemented in an environment corresponding to the company’s production system. The final solution was mainly built on components already existing at company’s site. Authentication requests made by users or devices are passed to a radius server which in turn asks the directory service for authentication validation. FreeRADIUS have been the solution of choice for this as it fits the requirements to cooperate with the company’s already existing Novell eDirectory. The end users and devices then dynamically get access to appropriate resources based on their assigned rights.</p>
|
10 |
Netzentwicklung im CSN / Network development at CSNSchade, Markus 10 September 2004 (has links) (PDF)
Das Chemnitzer StudentenNetz (CSN) verwaltet ein mittelgroßes Netzwerk in den Wohnheimen des Studentenwerkes Chemnitz-Zwickau. Mitarbeitern und Interessenten erhalten einen Überblick und Einblick in die vorhandene Netzstruktur und die Konfiguration der verwendeten Technik. Es wird auch auf mögliche Szenarien für zukünftige Entwicklungen eingegangen.
|
Page generated in 0.0164 seconds