Designing a Secure Wireless LAN with the HP-UX AAA RADIUS Server

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

Contents

Abstract .............................................................................................................................. 6

Chapter 1 Introduction..................................................................................................... 7

Chapter 2 The Secure WLAN Infrastructure........................................................................ 8

2.1 The Basic Wireless LAN............................................................................................. 8

2.2 Wireless LAN Network-Based Security ........................................................................ 9

2.2.1 MAC Address Filtering ....................................................................................... 9

2.2.2 WEP and Shared Secret Keys............................................................................. 9

2.3 The Next Step: AAA RADIUS User-Based Security ....................................................... 9

2.4 The Basic Wireless LAN Components........................................................................ 11

2.4.1 WLAN Hardware............................................................................................. 11

2.4.2 WLAN Software .............................................................................................. 11

Chapter 3 Making Sense of WLAN Standards.................................................................... 12

3.1 IEEE 802.11........................................................................................................... 12

3.2 IEEE 802.1X........................................................................................................... 12

3.3 Wired Equivalent Privacy - WEP............................................................................... 13

3.4 Wi-Fi Protected Access - WPA.................................................................................. 13

3.5 Extensible Authentication Protocol - EAP................................................................... 13

3.5.1 Message Digest 5 - MD5 ................................................................................. 14

3.5.2 Transport Layer Security - TLS......................................................................... 14

3.5.3 Tunneled Transport Layer Security - TTLS ........................................................ 15

3.5.4 Protected EAP - PEAP...................................................................................... 15

3.6 Layering the Standards ........................................................................................... 15

3.7 What’s Next? ......................................................................................................... 16

3.7.1 802.11i.......................................................................................................... 16

Chapter 4 Enterprise WLAN Security................................................................................ 17

4.1 The HP-UX AAA RADIUS Server in the Enterprise ...................................................... 17

4.1.1 Authentication and Access Control ................................................................... 17

4.1.2 Data Integrity and Privacy............................................................................... 18

4.1.3 Centralized Administration............................................................................... 18

4.2 AAA RADIUS and the User Authentication Database .................................................. 19

4.2.1 Flat File User Database ................................................................................... 20

4.2.2 LDAP Directory Server User Database............................................................... 20

4.2.3 Oracle User Database ..................................................................................... 21

4.2.4 Customized User-based Authentication............................................................. 21

4.3 VPN and WLAN ...................................................................................................... 21

Chapter 5 Configuration Examples................................................................................... 22

5.1 Rogue Access Point: No Security.............................................................................. 23

5.2 Configure WEP and MAC Filtering ............................................................................ 24

5.3 Configure AAA RADIUS ........................................................................................... 27

5.3.1 Supplicant (client) Configuration ...................................................................... 27

5.3.2 Authenticator (access point) Configuration........................................................ 30

5.3.3 Authentication Server (AAA RADIUS Server) Configuration ................................. 31

5.3.4 Adding Mutual Authentication .......................................................................... 39

5.3.5 Configure AAA RADIUS Summary..................................................................... 44

5.4 Configure AAA RADIUS with LDAP ........................................................................... 45

5.5 WLAN Configuration Example Progression ................................................................ 49

Chapter 6 Conclusion ..................................................................................................... 50