zxing qr code generator sample c# Exercise 1: Design a Secure Wireless Network in C#

Generator QR Code in C# Exercise 1: Design a Secure Wireless Network

Exercise 1: Design a Secure Wireless Network
QR Code Generation In C#
Using Barcode generator for .NET framework Control to generate, create QR Code JIS X 0510 image in .NET applications.
www.OnBarcode.com
Scan Denso QR Bar Code In Visual C#
Using Barcode recognizer for .NET Control to read, scan read, scan image in Visual Studio .NET applications.
www.OnBarcode.com
Answer the following questions. 1. How will you design the wireless network Sketch a design, and describe the ele ments that you will put into place.
Making Bar Code In Visual C#
Using Barcode creation for .NET framework Control to generate, create bar code image in Visual Studio .NET applications.
www.OnBarcode.com
Barcode Recognizer In Visual C#.NET
Using Barcode scanner for .NET framework Control to read, scan read, scan image in .NET framework applications.
www.OnBarcode.com
Summary and Exam Highlights 12-37
QR Code JIS X 0510 Generator In VS .NET
Using Barcode generation for ASP.NET Control to generate, create QR Code 2d barcode image in ASP.NET applications.
www.OnBarcode.com
QR Code Drawer In .NET
Using Barcode creation for Visual Studio .NET Control to generate, create QR-Code image in Visual Studio .NET applications.
www.OnBarcode.com
2. How will this design support the future wireless access needs of the museum
QR-Code Creation In VB.NET
Using Barcode creator for .NET framework Control to generate, create QR Code image in .NET framework applications.
www.OnBarcode.com
UPC-A Supplement 5 Drawer In C#.NET
Using Barcode creation for .NET Control to generate, create UPC-A Supplement 2 image in .NET applications.
www.OnBarcode.com
Summary
Linear 1D Barcode Drawer In C#.NET
Using Barcode generator for VS .NET Control to generate, create Linear 1D Barcode image in Visual Studio .NET applications.
www.OnBarcode.com
Drawing Barcode In C#.NET
Using Barcode creation for .NET framework Control to generate, create bar code image in .NET framework applications.
www.OnBarcode.com
Wireless networks that rely on an 802.11 infrastructure alone are difficult to secure at all. Adding 802.1x improves the authentication and encryption processes and makes the wireless network securable. Rogue wireless APs present a strong challenge to the security of the network. Efforts both in policy awareness and rigorous detection and elimination of rogue APs must be undertaken.
Paint Denso QR Bar Code In C#.NET
Using Barcode maker for .NET Control to generate, create QR Code image in Visual Studio .NET applications.
www.OnBarcode.com
Leitcode Printer In C#
Using Barcode generation for .NET framework Control to generate, create Leitcode image in Visual Studio .NET applications.
www.OnBarcode.com
12-38
Generating Code 128C In None
Using Barcode generator for Font Control to generate, create Code128 image in Font applications.
www.OnBarcode.com
Drawing Code 128 Code Set C In None
Using Barcode printer for Word Control to generate, create ANSI/AIM Code 128 image in Office Word applications.
www.OnBarcode.com
12
Printing Code 128B In Java
Using Barcode drawer for Java Control to generate, create Code 128B image in Java applications.
www.OnBarcode.com
Printing Barcode In Objective-C
Using Barcode encoder for iPhone Control to generate, create bar code image in iPhone applications.
www.OnBarcode.com
Designing Security for Wireless Networks
DataMatrix Generator In None
Using Barcode creator for Microsoft Excel Control to generate, create Data Matrix ECC200 image in Excel applications.
www.OnBarcode.com
Making Data Matrix 2d Barcode In None
Using Barcode generation for Online Control to generate, create DataMatrix image in Online applications.
www.OnBarcode.com
Exam Highlights
UCC-128 Generator In None
Using Barcode maker for Online Control to generate, create UCC-128 image in Online applications.
www.OnBarcode.com
Printing Bar Code In Java
Using Barcode creation for Java Control to generate, create bar code image in Java applications.
www.OnBarcode.com
Before taking the exam, review these key points and terms. You need to know this information.
Key Points
PEAP-EAP-MSCHAPv2 authentication is a good choice for small networks and for networks in which a PKI is not in place because only a server certificate is required. Authentication on the client side will require only user passwords. In addition, secure key exchange and rekeying is possible. EAP-TLS is the authentication method of choice where high security is required. It will, however, require PKI because both server and client certificates are neces sary. Client authentication is accomplished with the use of computer certificates. EAP-MD5 is not considered a good authentication choice. Mutual authentication and rekeying is not possible. While authentication does follow a secure challenge and response protocol, the password material is subject to capture and dictionary attacks. 802.11 wireless networks that do not support 802.1x are subject to attacks on the WEP encryption. If enough data can be captured, the keys can be deduced.
Key Terms
Open System Authentication An 802.11 wireless network identification scheme. This is not authentication at all, but merely identification. Rekeying The process of periodic changing of encryption keys during an encrypted session. Service Set Identifier (SSID) The name used to identify the wireless network. Shared Key Authentication An 802.11 wireless network authentication scheme. A shared secret is used.
Questions and Answers 12-39
Questions and Answers
Page 12-16
Lesson 1
Practice: Securing a Rogue Access Point
1. What five ideas for securing the rogue access point would you give to your boss Be sure to justify your ideas.
Answers may vary. Here are five recommended ideas:
Set up a VPN, and configure executive computers to use the VPN to access the wireless
network. This will ensure that only authorized users can access the network through the wireless AP and provide encryption for the data they send.
Use WEP. Encrypting message content will make it much more difficult for intruders to
determine the information within the messages. If a VPN is implemented, this might not be necessary.
Change the placement of the AP itself to minimize any signal leakage. If the signal can be
located only from within the executive suite, the opportunity for access from intruders is lessened.
Enter the MAC addresses of the executive computers, and allow only these computers to
connect. This limits connection unless someone is able to determine and then spoof the MAC address of an executive computer. Although this type of spoofing is possible, taking these measures does provide some protection.
Block administrative access via the AP s Web interface. Require access via a serial port. This will prevent a wireless connection from being able to change the AP configuration to favor the attackers.
Page 12-32
Lesson 2
Practice: Selecting Authentication Protocols
The following table provides the answers to this practice.
Table
Selecting Authentication Protocols Answer Key
Use This Authentication Protocol
EAP-TLS
Situation PKI is already deployed, and IAS is used for remote access.
Why
Certificate issuance is not a problem. Mutual authentication will occur. Passwords can be used. A large investment in PKI infrastructure is not needed.
PEAP-EAP-MSCHAPv2 PKI is not deployed. Budget funds are small, and IT personnel are scarce.
12-40
12
Designing Security for Wireless Networks
Table
Selecting Authentication Protocols Answer Key
Use This Authentication Protocol
EAP-TLS
Situation PKI is not deployed. Information is extremely sensitive, and the highest degree of security is required. Security policy states that rekeying must occur.
Why
A higher level of security can be obtained. No passwords are used.
EAP-TLS
Certificates are required to support rekeying.
Design Activity: Securing a Network from a Free Wireless Access Site
Page 12-36
Exercise 1: Design a Secure Wireless Network
1. How will you design the wireless network Sketch a design, and describe the ele ments that you will put into place.
Answer:
Internal Network
Delicatessen AP
Internet Firewall Firewall
An 802.1x wireless AP will be placed in the delicatessen area and physically secured. This AP will be one that can support both 802.11b and 802.11g wireless access cards and those cards that do not have 802.1x capabilities as well as those that can. The AP will be separated from the museum network by a firewall but allowed access to the Internet. A Microsoft IAS server will be deployed, and the wireless AP will be configured as a RADIUS client of the IAS server. The IAS server will be configured to allow guest access but will limit the hours of that access to public museum hours. A connection policy will be implemented on the IAS server to
Questions and Answers 12-41
prevent connections by rogue APs. Maximum logging will be configured both on the IAS server and inside the museum network. The logs will be filtered and reviewed to detect intrusion attempts and any possible successes. Although no museum computers currently have wireless network cards, a wireless policy will be developed and implemented in Group Policy at the domain level that restricts museum comput ers to authenticated, encrypted 802.1x access. If wireless cards are added to employee com puters, Group Policy will prevent them from using the wireless network unless the connection is authenticated and encrypted. PEAP-EAP-MSCHAPv2 will be implemented as the authentica tion choice because this will not require the implementation of PKI. A server certificate will be obtained to support protected employee use of the wireless network. A remote access policy will be implemented on the IAS server to enforce these constraints. The initial implementation will allow only wireless access to the Internet. Employee access via museum computers will require authentication and encryption between the client and IAS server to protect the client computer. A security policy will be written that bans any APs that are not authorized by IT and provides authority to scan, search for, and remove such APs.
Copyright © OnBarcode.com . All rights reserved.