e gov security_tut_session_10_lab
DESCRIPTION
TRANSCRIPT
1PalGov © 2011
أكاديمية الحكومة اإللكترونية الفلسطينية
The Palestinian eGovernment Academy
www.egovacademy.ps
Security Tutorial
Session 10
LAB
2PalGov © 2011
About
This tutorial is part of the PalGov project, funded by the TEMPUS IV program of the
Commission of the European Communities, grant agreement 511159-TEMPUS-1-
2010-1-PS-TEMPUS-JPHES. The project website: www.egovacademy.ps
University of Trento, Italy
University of Namur, Belgium
Vrije Universiteit Brussel, Belgium
TrueTrust, UK
Birzeit University, Palestine
(Coordinator )
Palestine Polytechnic University, Palestine
Palestine Technical University, PalestineUniversité de Savoie, France
Ministry of Local Government, Palestine
Ministry of Telecom and IT, Palestine
Ministry of Interior, Palestine
Project Consortium:
Coordinator:
Dr. Mustafa Jarrar
Birzeit University, P.O.Box 14- Birzeit, Palestine
Telfax:+972 2 2982935 [email protected]
3PalGov © 2011
© Copyright Notes
Everyone is encouraged to use this material, or part of it, but should properly
cite the project (logo and website), and the author of that part.
No part of this tutorial may be reproduced or modified in any form or by any
means, without prior written permission from the project, who have the full
copyrights on the material.
Attribution-NonCommercial-ShareAlike
CC-BY-NC-SA
This license lets others remix, tweak, and build upon your work non-
commercially, as long as they credit you and license their new creations
under the identical terms.
4PalGov © 2011
Tutorial 5:
Information Security
Session 10: WIRELESS LAB
Session 8 Outline:•WEP
•WPA-Personal
•WPA-Enterprise
5PalGov © 2011
Tutorial 5:
Session 10: Wireless
This session will contribute to the following
ILOs:
• C: Professional and Practical Skills:
6PalGov © 2011
Personal WLAN Security
• MAC Address Filtering
• WEP
• WPA/WPA2 Personal (WPA-PSK)
Enterprise WLAN Security
• Wireless VLANs
• WPA/WPA2 Enterprise (WPA-802.1X)
WPA2 Enterprise
• WPA2 Enterprise requires an 802.1x authentication
server or RADIUS server.
• We will use Ubuntu 11.10 in setting up FreeRADIUS
server, currently at version 2.1.
• To setup this lab, we need:
– Wireless AP supporting WPA2 Enterprise authentication.
– RADIUS server for 802.1x authentication.
– Wireless device for testing such as Laptop.
Installing FreeRADIUS
• To install FreeRADIUS from the command-line run the following
command:
• sudo apt-get install freeradius
• Once the installation is complete the next step is to verify the
authentication server is running.
• Before doing that edit the file /etc/freeradius/users and add the
following line:
• testuser Cleartext-Password := “testpassword”
• To test the FreeRADIUS server by querying it directly with requests:
• radtest testuser testpassword 127.0.0.1 1812
testing123
• You should see Access-Accept. If it is Access-Reject then there is a
problem. To check the log start FreeRADIUS in debug mode.
Configuring FreeRADIUS
• To configure FreeRADIUS for 802.1x authentication, you will need to
configure EAP setting. Edit the file /etc/freeradius/eap.conf and
modify the following line:
• default_eap_type = peap
• Configure FreeRADIUS to accept the AP as a client. Edit the file
/etc/freeradius/clients.conf. Add the following text to the bottom of the
file:
• client 192.168.1.1/24 { (IP address of AP)
• secret = test (shared password)
• shortname = default (the SSID of AP)
• }
• The last step is to restart the FreeRADIUS server :
• sudo /etc/init.d/freeradius restart
• To start FreeRADIUS in debug mode, stop it and run:
• freeradius -X
Configuring AP
• For client testing, you will need to configure the AP to send requests
to the IP address of RADIUS server .
• Use the testuser and testpassword values in the file /etc/freeradius/users to connect to WLAN from the laptop.
12PalGov © 2011
Thanks
Eng. Ghannam Aljabary