SECURITY OF INFRASTRUCTURE MODE OF IEEE 802.11 WIRELESS NETWORK STANDARD

Bežične mreže sve se češće koriste i danas su postale standard u povezivanju računala nudeći pritom jednostavnu implementaciju uz smanjene troškove, zadovoljavajuće brzine mrežne propusnosti (eng. Bandwith) te veću mobilnost korisnika. Bežična komunikacija korisniku daje veću mobilnost, a samim time brži i lakši pristup izvoru informacija. Kada se govori o bežičnim lokalnim mrežama, kao posebno se važno nameće pitanje sigurnosti. Također, bežične mreže predstavljaju najnesigurniji dio u lokalnoj žičanoj mreži (LAN) zato što im je medij - nosioc zrak, čime mreža postaje dostupna i izvan organizacije u kojoj se koristi. Sigurnosni algoritmi (enkripcije) sprečavaju mogućnost neovlaštenog korištenja mreže, ali ne nude potpunu sigurnost. Ovaj rad dat će pregled sigurnosnih tehnologija infrastrukturnog načina rada bežične mreže (eng. wlan) i dati preporuke sigurnijeg načina rada. Rad nudi pregled metoda infrastrukturne sigurnosti wlan standarda IEEE 802.11.Wireless networks are increasingly used today and have become the de facto standard for connecting computers while at the same time offering simple implementation with reduced costs, satisfactory bandwidth speeds and greater mobility of users. Wireless communication provides users with greater mobility, and therefore faster and easier access to sources of information. When talking about wireless local area networks, a particularly important issue is that of security. Wireless networks are the least secure part of the wired local area network (LAN) because they use air as the medium for transmission, and in so doing the network becomes available outside the organization in which it is used. Security algorithms (encryption) prevent the possibility of unauthorized use of the network, but they do not offer one hundred percent security. This paper will present an overview of security technologies regarding infrastructure mode of wireless network and make recommendations for secure mode. The paper provides an overview of the methods of infrastructure security with regard to the IEEE 802.11 WLAN standard

THE RADIUS PROTOCOL

RADIUS protokol je kreiran na samim početcima 1990-ih godina. Kada se protokol pojavio, namjena mu je bila pružanje usluge autentikacije na distribuiranim dial in poslužiteljima. Danas se više koristi za autenticirani pristup VPN mrežama. Mnoge usluge na aplikacijskom sloju koriste RADIUS za centraliziranu autentikaciju, a također se događaju i stalne nadogradnje istog čime ga još uvijek čine nezamjenjivim autentikacijskim protokolom. RADIUS je standardiziran protokol implementiran u mrežnu opremu. Koristi se za autentikaciju, autorizaciju te administraciju. Transportno sredstvo RADIUS – a je UDP mrežni protokol niže razine. Kao i svaki protokol, RADIUS također sadrži sigurnosne propuste. Postoji nekoliko vrsta napada na tajni ključ, razne enkripcije i sl. TACACS, TACACS + , te Diameter su alternativni protokoli, no još uvijek nisu u potpunosti prepoznati.The RADIUS protocol was created in the early 1990s. When the protocol appeared, its purpose was to provide authentication service on distributed dial in servers. Today, it is more used for authenticated access to VPN networks. Many application layer services use RADIUS for centralized authentication, and there are ongoing updates to the application layer, which still make it an irreplaceable authentication protocol. RADIUS is a standardized protocol implemented in network equipment. It is used for authentication, authorization and administration. RADIUS is a lower level UDP network protocol. Like any protocol, RADIUS also contains security vulnerabilities. There are several types of secret key attacks, various encrypts, etc. TACACS, TACACS +, and Diameter are alternate protocols, but not yet fully recognized

On the design of a Wi-Fi network infrastructure for the public parking space at the Seve Ballesteros – Santander Airport

RESUMEN: En el mundo del transporte de personas y mercancías, los aeropuertos juegan un papel crucial hoy en día. Lejos quedaron los años en los que los pocos aeródromos y aeropuertos estaban destinados, en su gran mayoría, a fines militares. Actualmente, la mayor parte de los viajes y trayectos de transporte en los cuales la distancia es considerable (entiéndase envíos postales entre países lejanos, por ejemplo), son llevados a cabo utilizando aeronaves. Es por ello por lo que los aeropuertos, a su vez, también han adquirido una gran notoriedad en los últimos años. Debido a la gran demanda de tráfico aéreo, los aeropuertos necesitan llevar a cabo modificaciones y ampliaciones en su infraestructura con el fin de dar el mejor servicio posible a cada vez más pasajeros. Entre dichos servicios destaca el uso de las TIC como herramienta para la gestión aeroportuaria y para la mejora de la prestación del servicio a los pasajeros. Específicamente y sólo el año actual, la tasa de crecimiento de usuarios en Internet es del 9,1 %, lo que significa que más de cuatro mil millones de usuarios se conectan a la red a diario. Por ello, la empresa AENA necesita y considera primordial esta ampliación en su infraestructura de red por diferentes causas, entre las que pueden encontrarse la comodidad de los pasajeros para acceder a Internet desde cualquier punto del recinto del aeropuerto o la mejora en la organización y gestión de los distintos trabajos llevados a cabo por parte del personal de AENA. Debido a ello, el objetivo de este Trabajo Fin de Máster es afrontar el estudio, diseño y propuesta de la infraestructura Wi-Fi necesaria para realizar su implantación en el aparcamiento público del aeropuerto, hasta ahora inexistente, y como complemento al servicio Wi-Fi ya existente en el interior del edificio terminal. Se partirá de un estudio de cobertura, utilizando una herramienta software específica, con la que se establecerán los puntos en los que se deberían situar los puntos de acceso para garantizar un nivel adecuado de señal. Posteriormente se llevará a cabo un estudio de los elementos que sería necesario desplegar, así como la infraestructura de red a utilizar: cableado, etc. El resultado final del TFM sería, por tanto, un proyecto completo para afrontar el despliegue de la red Wi- Fi en la zona de interés, incluyendo una valoración económica preliminar del mismo.ABSTRACT: Nowdays, in the world of passenger and freight transport, airports play a crucial role. Those years when the few airfields and airports were destined for the most part on military purposes seem to be so far today. At present, most of the people’s travels and transport journeys in which the distance is considerable (i.e. postal consignments between distant countries), are carried out using aircraft. It is for this reason that airports, in turn, have also gained a great deal of notoriety in recent years. Due to the high demand for air traffic, airports need to carry out modifications and expansions in their infrastructure in order to provide the best possible service to more and more services claimers. Between these services, the use of ICTs as a tool for airport management and for improving the provision of services to passengers are highlighted. Specifically, and just for the current year, the rate of growth of Internet users is 9.1%, which means that more than four billion users connect to the network on a daily basis. For this reason, AENA needs and primarily considers this expansion in its network infrastructure for different reasons, among which may be the comfort of passengers to access the Internet from anywhere in the airport or the improvement in the organization and management of the various work carried out by AENA staff. Due to this, the objective of this Master's End Project is to deal with the study, design and proposal of the Wi-Fi infrastructure (which until now did not exist) needed to carry on the implementation it in the public car park at the airport and as a complement to the existing Wi-Fi service inside the terminal building. The starting point will be a coverage study, using a specific software tool, which will establish the points where the access points should be located to ensure an adequate level of coverage. Subsequently, a study of the elements that would need to be deployed will be carried out, as well as the network infrastructure to be used: cabling, etc. The final result of the TFM would therefore be a complete project to tackle the deployment of the Wi-Fi network in the area of interest, including a preliminary economic assessment.Máster en Ingeniería de Telecomunicació

Segurança em redes de comunicações de área local não-cabladas IEEE 802.11

Mestrado em Engenharia Electrónica e TelecomunicaçõesAs redes de comunicações de área local não-cabladas tornaram-se nos últimos anos bastante populares, sendo a sua utilização hoje em dia comum tanto em redes privadas como públicas. A mobilidade que é permitida aos utilizadores e a simplicidade de implementação são os principais factores que contribuíram para a sua massificação. No entanto, existem problemas de segurança inerentes à utilização das redes não-cabladas. Alguns destes riscos são similares aos encontrados nas redes cabladas convencionais; outros advém do carácter não-guiado do meio de transmissão. Os ataques à autenticação e os ataques de negação de serviço são os principais riscos de segurança associados às redes de comunicações não-cabladas. Esta dissertação aborda os aspectos de segurança das redes de comunicações de área local não-cabladas IEEE 802.11. Inicialmente faz-se uma introdução à problemática da segurança em redes de comunicações e descreve-se a norma IEEE 802.11, nomeadamente as diferentes camadas físicas e a sub-camada de controle de acesso ao meio. De seguida são estudados em detalhe os mecanismos de segurança incluídos nesta norma. Esta análise incluiu a validação em laboratório das várias vulnerabilidades conhecidas ao nível dos mecanismos de autenticação, confidencialidade e integridade das mensagens. São depois estudadas as tecnologias actualmente disponíveis para minimizar ou eliminar estas vulnerabilidades, nomeadamente os protocolos IEEE 802.1x e EAP (Extensible Authentication Protocol) para o processo de autenticação e o TKIP (Temporal Key Integrity Protocol) para o processo de confidencialidade, que em conjunto são conhecidos como especificação WPA (Wi-Fi Protected Access). O processo de autenticação foi também alvo de uma análise experimental. Finalmente são abordadas as tecnologias futuras actualmente em desenvolvimento por parte do grupo de trabalho IEEE 802.11i, para a implementação de segurança nas redes de comunicações não-cabladas IEEE 802.11. ABSTRACT: The wireless networks became, in the last years, very popular, being their utilization, nowadays, usual in the private and public areas. The mobility that is allowed to the user and the simplicity of implementation are the main factors that contributed to their massification. However, there are security problems related to the utilization of the wireless networks. Some of these risks are similar to those found in the conventional networks; others come from the widespread propagation of the radio waves. The attacks to the authentication and denial of service are the main problems of security related to the wireless networks. This dissertation refers to the security aspects of the IEEE 802.11 wireless networks. Initially, it is made an introduction to the problematic of security in the wireless networks and the standard IEEE 802.11 is described, namely the different physical layers and the sub-layer of medium access control. Then, the security mechanisms, included in this standard, are studied in detail. This analysis includes the validation, in laboratory, of the widely known vulnerabilities at the level of authentication mechanisms, confidentiality and integrity of the messages. The technologies, nowadays available to minimize and to remove these vulnerabilities, are then studied, more specifically, the protocols IEEE 802.1x and EAP (Extensible Authentication Protocol), to the authentication process, and TKIP (Temporal Key Integrity Protocol), to the confidentiality process, that are together known as WPA (Wi-Fi Protected Access) specification. Finally, the future technologies, now in development by group work IEEE 802. 11i, for the implementation of security in the IEEE 802.11 wireless networks are mentioned

OmniSwitch 7700/7800 OmniSwitch 8800 Network Configuration Guide

This configuration guide includes information about configuring the following features: • VLANs, VLAN router ports, mobile ports, and VLAN rules. • Basic Layer 2 functions, such as Ethernet port parameters, source learning, Spanning Tree, and Alcatel interswitch protocols (AMAP and GMAP). • Advanced Layer 2 functions, such as 802.1Q tagging, Link Aggregation, IP Multicast Switching, andServer Load Balancing. • Basic routing protocols and functions, such as static IP routes, RIP, DHCP Relay, Virtual Router Redundancy Protocol (VRRP), and IPX. • Security features, such as switch access control, Authenticated VLANs (AVLANs), authentication servers, and policy management. • Quality of Service (QoS) and Access Control Lists (ACLs) features, such as policy rules for prioritizingand filtering traffic, remapping packet headers, and network address translation. • Diagnostic tools, such as RMON, port mirroring, and switch logging.This OmniSwitch 7700/7800/8800 Network Configuration Guide describes how to set up and monitor software features that will allow your switch to operate in a live network environment. The software features described in this manual are shipped standard with your OmniSwitch 7700, 7800, or 8800. These features are used when setting up your OmniSwitch in a network of switches and routers