Enterprise wireless LAN deployments have skyrocketed in recent years, evolving from guest access in conference rooms, to limited hot zones of connectivity within the enterprise to full coverage throughout the organization. Unfortunately, many of these deployments are still insecure, leaving opportunities for the just plain curious or malicious hackers to try and access confidential enterprise information. Securing a wireless LAN is not hard – industry advances in technology and vendor innovation makes this easier than ever.
Default settings for most access points do not include any form of security being enabled. This is the most common reason that wireless LANs are hacked or used by unauthorized personnel. When deployed, immediately turn a method of over-the-air security on.
For enterprises, it is recommended that the most secure over-the-air encryption and authentication method be used – either IEEE 802.11i or a VPN. IEEE 802.11i, also known as WPA2 when the access point is certified by the Wi-Fi Alliance, uses IEEE 802.1x for mutual authentication between the client and the network and AES for data encryption.
Its predecessor was WPA, an interim form of security certified by the Wi-Fi Alliance while the 802.11i standard was still being ratified. WPA also uses 802.1x for authentication, but TKIP for encryption. While AES is considered the stronger encryption method, it is worth noting that WPA has never been cracked. 802.11i, WPA2 and WPA require the use of a RADIUS server to provide the unique, rotating encryption keys to each client.
This assignment requires the students to design and implement a secure enterprise wireless network, considering the ethical implications. The students are required to complete the following tasks and submit.
1. Explore the ethical implications in the design and implementation of a secure enterprise wireless network.
2. Design a secure enterprise wireless network, employing Boson Netsim.
3. Analysis of a secure enterprise wireless network using WPA2 and the RADIUS server, considering the following aspects:
d. Network eavesdropping prevention
4. Implementation of a secure enterprise wireless network using WPA2 and the RADIUS server.
5. Demonstration in Week 11 during the Lab.