Supporting reseach materials can be found in the following resources:
Windows Server 2003 Deployment Kit, Chapter 11, "Deploying a Wireless LAN"
(Entire book downloadable here.) This Adobe format document describes the Windows 2003 Server networking services needed to deploy a secure and manageable wireless local area network (WLAN) infrastructure within an enterprise environment.
Internet Authentication Service Operations Guide for Windows 2003 Server
The Internet Authentication Service (IAS) Operations Guide provides administration information for IAS in the Windows Server 2003 and Windows Server 2003 with Service Pack 1 (SP1) operating systems. IAS is the Microsoft implementation of the Remote Authentication Dial-In User Service (RADIUS) protocol, and can be configured to act as a RADIUS server and proxy, providing centralized network access management. You can also configure IAS to perform authorization locally while forwarding authentication requests to a remote RADIUS server group. In addition, you can customize the processing of accounting requests, processing them locally or forwarding them to other RADIUS servers.
Step-by-Step Guide for Secure Wireless Deployment for Small Office/Home Office or Small Organization Networks This whitepaper presents two deployment methods for secure wireless access, one for small office/home office (SOHO) networks and one for small organization that are domain-based networks, built using Windows Server 2003 technologies. This paper contains information you can be use to determine the preferred method for deploying secure wireless access in existing SOHO networks or small organization networks. The topic also provides step-by-step instructions for setting up secure wireless connections, after the preferred deployment method has been determined. Additionally, if you are planning a new network with wireless access or considering changing to a different type of network with wireless access, this paper provides information that can assist you in determining which type of deployment best suits your needs.
Although wireless LAN networks provide freedom of movement, they also require you to address security issues that are not as prevalent on a private cabling system for a wired LAN technology such as Ethernet. The main security issues are the authentication of wireless clients and the encryption and data integrity of wireless LAN frames. This article discusses the security issues of IEEE 802.11 wireless networks and shows how Microsoft Windows operating systems can be used to make 802.11 wireless networks as secure as the current set of 802.11-related technologies allow.
Deployment of IEEE 802.1X for Wired Networks Using Microsoft Windows This article describes how to deploy IEEE 802.1X authentication for wired networks using authenticating switches, wired client computers running Microsoft Windows XP, Windows Server 2003, or Windows 2000, and a wired authentication infrastructure consisting of Windows Server 2003 or Windows 2000 Active Directory directory service domain controllers, certification authorities, and Internet Authentication Service servers.
Obtaining and Installing a VeriSign WLAN Server Certificate for PEAP-MS-CHAP v2 Wireless Authentication Protected Extensible Authentication Protocol-Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MS-CHAP v2) provides secure wireless authentication using passwords. To use PEAP-MS-CHAP v2, the Internet Authentication Service (IAS) Remote Authentication Dial-In User Service (RADIUS) servers performing wireless authentication need a computer certificate and wireless clients need to trust the computer certificate of the IAS server. VeriSign, Inc. has partnered with Microsoft to allow mutual customers to easily obtain and install a VeriSign WLAN Server Certificate, a computer certificate for IAS servers performing PEAP-MS-CHAP v2 authentication.
Activity 2.2: Setting Up a RADIUS Server for Linux
SuSE Professional
The students will research the details of a RADIUS
server and try to setup a RADIUS server for Linux SuSE Professional
9.3. They will be using FreeRADIUS, an open source RADIUS server.The
steps for this activity are contained in the following document:
Activity 2.3: Investigate the Design of a Secure Wireless System (Optional)
Students can investigate the design of a secure wireless system, the possibility of using SNMPv3 for monitoring, or setting up a RADIUS server inside a router.
Designing a secure wireless system.
NIST_SP_800-48 has several checklists to be used in the design of a wireless system. Students will discuss the merits of these options in teams and in a Q&A session with the instructor.
Microsoft TECH NET's WPA Personal document describes the need for one wireless router or access point, and a computer with a wireless NIC (external or internal) that supports WPA. In some cases flashing the firmware will allow the hardware to support WPA. Additional information can be found in the documents WPA Security Enhancements and 802.11_WEP_Concepts_Vulnerability.
78) Line of Sight (LOS) and High-Gain Antennas, and
85) Fresnel zone details.
Research TinyPEAP, a RADIUS server that can run inside a WRT54GL router. No external servers are needed.
Many APs simply provide internal logs, but there are some that support SNMP. The site SNMPLink.org provides links to free tools for SNMP management. The student should download and install one of those tools. The tools link is identified by the icon.