www.funk.com - PowerPoint PPT Presentation

1 / 17

About This Presentation

Title:

www.funk.com

Description:

Number of Views:85

Avg rating:3.0/5.0

Slides: 18

Provided by: MeganM54

Category:

Tags: com | funk | www

Transcript and Presenter's Notes

Title: www.funk.com

1
Securing Your WLAN Using 802.1X

2
Todays Goals

Overview of wireless LAN security issues
Introduction to 802.1X and how it addresses WLAN
security issues
Hidden issues in EAP protocol implementations,
and how they could affect your WLAN deployment
Beyond WEP New, stronger data security options
Advancements in 802.1X-based technologies offered
by Funk Software

3
Overview of WLAN Security Issues

From an infrastructure standpoint, WLAN access is
highly desirable however, security is still 1
concern
Two stages of WLAN access you must protect
Authentication
Are my network credentials secure over the
wireless link?
Am I connecting to the right network?
Session connection
Once connected, can my session data be
eavesdropped?
802.1X, plus strong WLAN protocol (TTLS, PEAP,
TLS), address these security issues

4
802.1X Overview

Provides a framework for wireless security
Mutual authentication
Establishment of keys for encryption
Provides for credential exchange between client
and network (RADIUS server)
Keys are exchanged between RADIUS server and AP
to allow AP and client to encrypt data
Its the standard
Widely adopted by equipment manufacturers
Wi-Fi Alliance
Deployed by major organizations

5
How 802.1X Works
RADIUS
CLIENT
AP
Authentication Database
EAPoL
RADIUS
EAP
Keys
Encrypted traffic
6
Protecting Credentials

TTLS
Permits secure use of password-based credentials
Encrypts authentication within a secure TLS
tunnel based on a trusted server certificate
Protects against attack on password
Allows user to connect anonymously to the network
Permits use of existing authentication databases
(Windows, LDAP, token systems) and legacy RADIUS
infrastructure via proxy
PEAP
Similar to TTLS in purpose and ability to protect
against password attack
In its current implementations, does not provide
as much flexibility in proxy, user anonymity, and
types of authentications supported
TLS
Requires use of client certificates most
appropriate where PKI infrastructure exists

7
Ensure Connection to Legal Network

RADIUS server and AP establish trust via shared
secret
Client and RADIUS server establish trust via
mutual authentication (server certificate)
RADIUS server establishes trust between Client
and AP and distributes keys for data connection

RADIUS
AP
CLIENT
Trust based on shared secret
Trust based on server certificate
Derived trust
8
Ensuring Session Data Privacy

802.1X uses WEP or Wi-Fi Protected Access (WPA)
to encrypt data and ensure privacy over the
wireless link
WPA is a significant advance over WEP
Adoption driven by Wi-Fi Alliance to meet
immediate market requirements
Uses TKIP for encryption/validation
Provides stronger over-the-airwaves data security
than WEP
Requires firmware upgrade to equipment and
support in 802.1X supplicant
IEEE working on 802.11i, which uses AES

9
New Advances in Data Security

802.1X security with WPA is strong, but may not
be enough
Data security stops at access point
Depends on security of different components and
proper implementation of protocols by variety of
vendors
Funk Software has developed an 802.1X-based WLAN
security solution that extends data security
deeper into the network and provides security
wrapper around all components
Odyssey Client
Odyssey Server/Advanced Security Edition

10
Odyssey Advanced Security Edition

Advanced data security features
IPsec tunneling
Identity-based VLAN assignment
Identity-based firewall
provide even stronger security for your network
Provides suspenders-with-your-belt protection
for security-conscious organizations
Extends data security beyond access point, deeper
into the network
Controls user access based on identity, not IP
address
Provides security wrapper around entire connection

11
Suspenders-With-Your-Belt Data Security

Uses IPsec, a mature, well-reviewed protocol
Uses state-of-the-art encryption algorithms,
including AES, the U.S. government standard for
advanced encryption
Extends data security deeper into your network,
to a physically secure endpoint

Odyssey Server/ASE
AP
Odyssey Client
WEP/WPA
IPsec
12
Controls User Access Based on Identity, Not IP
Address

Identity-based firewall lets you control each
users view of the network based on who he is,
not what his IP address is
Assigns users to appropriate VLAN, according to
identity-based policy
Protects corporate network from rogue clients,
and also protects clients from each other
All client-to-client traffic must pass through
firewall

13
Provides Security Wrapper Around Entire Connection

14
Offers the Configuration Convenience of 802.1X

15
Guidelines for Deployment

Choose the right product
Supports 802.1X standard
Implements strong EAP types (EAP-TTLS, PEAP,
EAP-TLS) so that WLAN users can be authenticated
against desired method (protocol and
infrastructure)
Fully meets your security requirements
Easily deployed across your network
Multi-vendor equipment support
Choose a vendor with technical expertise and
dedicated support

16
Funk Software

Complete suite of 802.1X-based WLAN solutions for
the enterprise satisfies all requirements
802.1X and WEP/WPA
Odyssey Client appropriate RADIUS server
(Odyssey Server, Steel-Belted Radius/Enterprise
Edition, Steel-Belted Radius/Global Enterprise)
802.1X and IPsec/firewall for advanced data
security requirements
Odyssey Client Odyssey Server/Advanced Security
Edition
Market and technical leadership
Frost Sullivan 2003 Market Engineering
Leadership Award for Standalone WLAN Security
Software
The 802.11 Report Fiercest 15
Paul Funk Co-author of EAP-TTLS WLAN security
protocol participant in IETF working groups
Thousands of enterprise customers worldwide