1 |
Network Admission Control (NAC)Securing end point devicesYusuf, Adewale, Lartey, Jerry, Wareus, Vilhelm January 2010 (has links)
<p>There have been remarkable growths in wireless communication networks in</p><p>recent years; this is because of its merits over the wired networks such as</p><p>Mobility and convenience. Wireless networks transmit the signal over the</p><p>open air via radio waves of different frequencies, this makes it to be</p><p>vulnerable to several attacks and anybody on the street can easily intercept the</p><p>wireless data or inject new data into the entire network. There has been</p><p>existence of wired equivalent privacy (WEP) protocol (IEEE 802.11i), which</p><p>was designed for wireless network security. There were concerns of security</p><p>vulnerabilities in WEP; this made it necessary for the implementation of</p><p>another solution to overcome the weaknesses of the previous wireless</p><p>network security. The IEEE 802.1X (port-based network admission control)</p><p>which is defined on Extensible Authentication protocol (EAP) provides</p><p>effective and efficient admission control to wireless and other networks</p><p>devices [8].</p><p>Our thesis investigates the efficiency of NAC (IEEE 802.1X) as a security</p><p>solution, access different vendor solutions, protocols supported and look into</p><p>the inter-operability of these various vendors. In as much as we support the</p><p>premise of NAC being an excellent solution, we will also make brilliant</p><p>recommendations in this thesis to be considered for future refinements of this</p><p>security solution as well as deployment scenarios for the university network.</p>
|
2 |
Network Admission Control (NAC)Securing end point devicesYusuf, Adewale, Lartey, Jerry, Wareus, Vilhelm January 2010 (has links)
There have been remarkable growths in wireless communication networks in recent years; this is because of its merits over the wired networks such as Mobility and convenience. Wireless networks transmit the signal over the open air via radio waves of different frequencies, this makes it to be vulnerable to several attacks and anybody on the street can easily intercept the wireless data or inject new data into the entire network. There has been existence of wired equivalent privacy (WEP) protocol (IEEE 802.11i), which was designed for wireless network security. There were concerns of security vulnerabilities in WEP; this made it necessary for the implementation of another solution to overcome the weaknesses of the previous wireless network security. The IEEE 802.1X (port-based network admission control) which is defined on Extensible Authentication protocol (EAP) provides effective and efficient admission control to wireless and other networks devices [8]. Our thesis investigates the efficiency of NAC (IEEE 802.1X) as a security solution, access different vendor solutions, protocols supported and look into the inter-operability of these various vendors. In as much as we support the premise of NAC being an excellent solution, we will also make brilliant recommendations in this thesis to be considered for future refinements of this security solution as well as deployment scenarios for the university network.
|
3 |
Non-binary Authentication : SupplicantZhang, Hengchong January 2009 (has links)
There are a number of authentication methods for wireless local area networks. The IEEE 802.1x standard is one such method. This standard specifies a port-based access control protocol. There are three entities involved: a supplicant (a device that wishes to have network access and perhaps other services), an Access Point (AP) or other port to which access is to be controlled, and an Authentication Server (AS). The goal of this project was to design, implement, and evaluate a prototype of a non-binary alternative to IEEE 802.1x authentication. This report focuses on the supplicant. Specifically it describes the design, implementation, and evaluation of a supplicant program to test and stress the authenticator, in order to evaluate a non-binary authentication process. Following, a brief introduction is given to the problem that is to be solved, a number of existing IEEE 802.1x supplicants are described and compared. Following this, a number of potential non-binary authentication processes are analyzed. The ability of a supplicant to send and receive packets before and after authentication is also examined. Based upon our implementation and evaluation of a supplicant and an emulation of the non-binary authentication process, we conclude that non-binary authentication is both feasible and valuable. Furthermore, the thesis evaluates why and how non-binary authentication is valuable from the viewpoint of a supplicant. Additional future work is suggested at the end of this thesis. / Det finns ett antal metoder för trådlösa lokala nätverk. IEEE 802.1x-standarden är en sådan metod. Denna standard anger en port-baserad passagekontroll protokollet. Det finns tre enheter som är inblandade: en supplikant (en enhet som vill ha tillträde till nät och kanske andra tjänster), ett Access Point (AP) eller annan hamn som tillgång är att vara kontrollerad, och en Authentication Server (AS). Målet med projektet var att utforma, genomföra och utvärdera en prototyp av en icke-binära alternativ till IEEE 802.1x-autentisering. Denna rapport fokuserar på supplikant. Specifikt beskrivs utformning, genomförande och utvärdering av en supplikant program för att testa och betona authenticator, för att utvärdera ett icke-binära autentiseringsprocessen. Efter en kort introduktion ges till de problem som ska lösas, ett antal befintliga IEEE 802.1x supplikants beskrivs och jämförs. Efter detta har ett antal potentiella icke-binära autentisering processer analyseras. Möjligheten för en supplikant att skicka och ta emot paket före och efter autentisering är också undersökas. Baserat på vårt genomförande och utvärdering av en supplikant och en emulering av den icke-binära autentisering kan vi dra slutsatsen att icke-binära autentisering är både möjligt och värdefullt. Dessutom, avhandlingen utvärderar varför och hur icke-binära autentisering är värdefull ur ett supplikant. Ytterligare framtida arbetet föreslås i slutet av denna uppsats.
|
4 |
Evaluation of EAP Authentication Methods in Wired and Wireless Networks / Utvärdering av EAP-autentisering Metoder i Fasta och Trådlösa NätverkKothaluru, Tirumala Rao, Mecca, Mohamed Youshah Shameel January 2012 (has links)
In any networking environment, security, connection time and scalability of the network are the major concerns to keep network safe, faster and stable. Administrators working within the networking environment need to have complete account of manageability, scalability and security of the network, so that the organizational data can be kept confidential and maintain integrity. There are different authentication methods used by network administrators for accessing network in wired and wireless environments. As network usage and attacks on network increases, a secure, scalable and standard network protocol is needed for accessing and to keep data safe in both wired and wireless networks. IEEE 802.1x is an IEEE standard used to provide authentication and authorization to the devices over LAN/WLAN. The framework IEEE 802.1x uses EAP for authentication and authorization with a RADIUS server. In this report, an experimental analysis for different EAP authentication methods in both wired and wireless networks in terms of authentication time and the total processing time is presented. Wireshark is used to capture the network traffic on server and client ends. After analyzing each packet timestamps that are captured using Wireshark, it is seen that EAP-MD5 takes less time in both wired and wireless networks, if the number of users increases, there is not much difference in the network connection time. Concerning with security of the network, EAP-MD5 is vulnerable to many attacks so it is not used by many companies. The alternative methods with their strengths and weaknesses are discussed.
|
5 |
Åtkomst nekad : Autentisering och säkerhetsrutiner för lokala nätverk / Access denied : Authentication and security routines for local area networksWISTRÖM, EDVARD January 2022 (has links)
In the field of Cybersecurity, it is essential to know who is connected to your system. The functionality for Authentication of connecting users in the local area network is in the focus for this report. There exist various authentication protocols, however in this report IEEE 802.1X is covered since it is the protocol most suitable for wired local area networks. The IEEE 802.1X protocol is studied in theory with its architecture of Supplicator, Authenticator and Authentication server and the used communication protocols EAPOL and RADIUS. A practical test was then performed as a basic concept to learn more about pros and cons for utilizing these protocols where the fundamentals of protocol communications are observed and later the prerequisites for a larger scale implementation are described. The outcome from the test is proof of the relative difficulties involved with having to keep up with the pace of Cybersecurity evolution. In the test, older equipment where thought to be used, however due to incompatibility of gear and software the test needed to be revised to use other gear. The learning outcome from the test is that it is a complex task to set up authentication, competent staff are needed, as well as suitable equipment. The motivation for setting up IEEE 802.1X is found in larger organizations where the risks of an attack are high, the large number of users calls for centralized systems for the handling of users and network policies. Due to the trend of Bringing you own device, a policy for the handling of unauthorized users and devices is needed to be in place. The default behavior may be to just deny access for unauthorized devices, however with authentication systems implemented the unauthorized user may instead benefit from being automatically referred to a guest network in a secured manner and the authorized user gains flexibility to access the network thru any available network port. For the improvement and maintenance of Cybersecurity administration an Information Security Management System is found useful, the organization can thereby continuously improve their work and document the system features and routines. In case of a security breach that system gives support for immediate action upon the problem, and even stronger preparation for the Cyber defense in the form of good backup routines and monitoring the normal state activities where all devices are either authorized or unauthorized and placed into their proper network according to network policies. / <p>Examensarbete för högskoleingenjörsexamen i nätverksteknik</p>
|
6 |
Adding bandwidth specification to a AAA SeverZhou, Jia January 2008 (has links)
Authentication, authorization, and accounting (AAA) are key elements in network security. In many networks, clients can use resources only after they have been authenticated by an authentication server and authorized to use these resources. In some cases the server will also maintain accounting records in order for an operator (a provider of resources) to charge the account/subscriber for using the service. There are four main AAA protocols being used today. Of these RADIUS is the mostly widely used. This thesis starts with an introduction to AAA protocols, and then goes in the details of RADIUS. In order to perform a practical evaluation of how the AAA could be improved, FreeRADIUS was selected as the base code for this project; because this implementation is one of the most widely used RADIUS servers. A proposal for how to improve AAA performance is introduced and the implementation steps needed to realize these improvements are shown. Additionally, some experiments have been conducted to show both the correct functioning of the resulting implementation and to examine if there is a performance improvement. Following this some conclusions are drawn based upon a comparison with a traditional AAA server. A key element of the change in AAA which is proposed is the use of a non-binary IEEE 802.1x process. This new non-binary solution introduces a new type of AAA server and requires the re-thinking of a number of traditional AAA design decisions. It is expected that this change will have a significant impact, but will require some time for exposure, implementation by others, and a more extensive evaluation that was possible during the period of this thesis project. One of the most important conclusions drawn during this thesis is the difficulty of making a change in authentication and authorization, because of the large amount of interaction between both the various protocols and the standards which have been developed for these protocols. Thus one of the difficult aspects of the task is how to introduce a change in a protocol while maintaining backward compatibility for others who have not adopted this change -- without requiring the addition of a protocol version field. A second important conclusion is that doing this implementation in three separate parts with different students being responsible for the different parts revealed just how complex the interaction of protocol design decisions are. While a working version of the entire set of changes proved to be impossible, it was observed that the different parts could be decoupled more than initially expected.
|
7 |
Zabezpečení bezdrátových sítí / Wireless Network SecuritySedlák, Břetislav January 2009 (has links)
Master thesis focuses on wireless network security. The thesis is divided in two parts. First part describes today’s used standards and their components, topology and security methods as stealth SSID, MAC addresses filtration, WEP, WPA and WPA2. The last three methods are described in detail. In second part there are realized attacks on above described methods of security. There are described attacks on WEP as KoreK chopchop attack, fragment attack, attack FMS, KoreK and attack PTW. Then is described the dictionary attack on passphrase by WPA/WPA2 with PreShared Key authentication obtaining, precomputed hash tables for faster passphrase finding and for using more core procesors during dictionary browsing. The last attack describes obtaining of keystream used for encrypting of frames by WPATKIP and then sending custom data to client. It is described how to carry out each attack and how to protect against them.
|
Page generated in 0.0382 seconds