Download Microsoft Solutions for Security

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
Document related concepts
no text concepts found
Transcript 
Securing Wireless LANs
A Windows Server 2003
Certificate Services Solution
Ian Hellen – Principal Consultant
Stirling Goetz – Principal Consultant
Agenda






Introduction to Solutions for Security
Wireless LAN Security – selecting the right
option
Solution Architecture
RADIUS Design
PKI Design
Solution Guidance
Trustworthy Computing

Microsoft is committed to Trustworthy
Computing:




Security
Privacy
Reliability
Business Integrity

Trustworthy computing can only be
achieved through partnership & teamwork

Trustworthy Computing is a journey with a
long term vision and highlights and
obstacles along the road
Trustworthy Computing
Security


Privacy


Reliability




Business Integrity

Resilient to attack
Protects confidentiality, integrity,
availability and data
Individuals control personal data
Products and Online Services adhere to
fair information principles
Dependable
Available when needed
Performs at expected levels
Vendors provide quality products
Product support is appropriate
Microsoft Solutions for
Security (MSS)





Aimed at complex or difficult problem
areas
Prescriptive guidance
– “one good way”
Based on experience in field and from
MS internal deployments
Built and Tested in MS Labs
Modular (PKI and RADIUS)
Wireless LANs

Benefits of WLANs
Increased staff productivity
 Mobility and flexible working
 Information access with lower cost


Problems
Early security standards had issues
 Some people don’t even take basic
precautions
 Proliferation of solutions cause confusion

Solution Options

802.1X with WLAN protection



VPN or IPsec
Don’t deploy WLANs


The native route
But prepare for rogue WLANs
Use basic 802.11 security

…and hope for the best
802.1X with WLAN protection

802.1X



EAP-TLS




Ratified by the IEEE
Embraced by the WLAN vendor community
Strong credentials
Mutual authentication
WLAN encryption key generation
WLAN security


WEP (128 bit) and WPA (TKIP)
Pending: TGi work on RSN (802.11i)
Solution Architecture
WLAN
RADIUS
PKI
WLAN Component
RADIUS Component
PKI Component
WIRELESS ACCESS POINT
IAS - RADIUS
Network Authentication and
Authorization
CERTIFICATE SERVICES
Certification Authority
Enroll
Certificate
Authenticate
Authenticate
WIRELESS CLIENT
Enroll Certificate
Client
Certificate
Publishing
Authenticate/
Authorize
Infrastructure Services
Infrastructure
Services
VLAN
Capable
Switch
Management
Monitor
DNS
Name
Resolution
DNS
DHCP
IP Address
Management
IP subnet
IIS
Web Server
ACTIVE DIRECTORY
Domain
Solution
Design
Head
Office
Branch
Office
Scaling & Extension
Scale Up
Scale Down
VPN
Wired
802.1X
RADIUS Architecture
RADIUS
Server
RADIUS
Server Group
RADIUS
Server Group
y
Prim
ar
nd
a ry
Se
co
nd
co
ar
Se
P rim
Wireless
Access Point
RADIUS
Server
a ry
RADIUS
Server
y
RADIUS
Server
RADIUS
Server
RADIUS
Proxy
RADIUS
Proxy
Wireless
Access Point
Wireless
Access Point
RADIUS
Proxy
RADIUS
Proxy
Wireless
Access Point
Wireless
Access Point
Wireless
Access Point
802.11
Wireless Network
802.11
Wireless Network
802.11
Wireless Network
Wireless Client
Wireless Client
Wireless Client
Scale up or out
RADIUS Placement
Secondary Sites
1330 secondary site users
(19 sites @ 70 users each)
57 WAPs
New York
5,000 users
IAS servers support:
6330 total users
257 RADIUS Clients
IAS Server
W2K3 Enterprise Edition
200 WAPs
IAS Server
W2K3 Enterprise Edition
WAN
London
5,200 users
IAS server support:
6742 total users (with Johannesburg IAS down)
274 RADIUS Clients (with Johannesburg IAS down)
Tokyo
500 users
IAS servers support:
2042 total users (With Sydney IAS down)
86 RADIUS Clients (With Sydney IAS down)
20 WAPs
IAS Server
IAS Server
W2K3 Enterprise Edition
W2K3 Enterprise Edition
208 WAPs
IAS Server
W2K3 Enterprise Edition
IAS Server
W2K3 Enterprise Edition
Secondary Sites
1330 secondary site users
(19 sites @ 70 users each)
Johannesburg Site
212 users
Secondary Sites
1330 secondary site users
(19 sites @ 70 users each)
Sydney Site
212 users
9 WAPs
9 WAPs
IAS Server
W2K3 Standard Edition
57 WAPs
57 WAPs
IAS Server
W2K3 Standard Edition
PKI Architecture
Out of scope functions
Offline Root CA
Enterprise
Root CA
Computer
Computer
+
certs
Low
value user
certs
User certs
- Employee
Implemented
Cert Types
Certificate
types
Certificate
types
Consuming
application
Certificate
application
Low-Med Value Certs
VPN
IPSec
VPN
IPSec
VPN Client
VPN
VPN Client
Server
VPN
Server
802.1x
Server
Auth
(SSL)
802.1x
Domain
Controller
Client
Authn
IAS Server
Domain
Controller
WLAN
Client
WLAN
Client
Server
Domain
Controller
Domain
Controller
Web Client
Future CA
PKI
Future CAs and Certificate Types
User certs
- External
Possible
Cert Types
Med Value
High
Low Value
Med Value Certs
Smartcard
Enrollment Certs
Certs
EFS
Logon
Agent
Server
Authn
(SSL)
Nondomain
VPN
IAS
clients
Server
EFS
Email
S/MIME
Smartcard
Logon
Unsupported
Cert Types
High Value Certs
Email
S/MIME
$10k
Purchase
Approval
High Value
Cert
Code
Sign
High
Assurance
Cert
Securing Wireless LANs Guidance






Planning guide
Build guide
Operations guide
Test guide
Delivery guide
Tools and Templates
More Information…

Download Securing Wireless LANs from:
http://go.microsoft.com/fwlink/?LinkId=14843

Microsoft Solutions:
http://www.microsoft.com/business/solutions/

For a copy of this presentation visit:
http://www.microsoft.com/uk/security

For regular information subscribe at:
http://register.microsoft.com/subscription/
subscribeMe.asp?lcid=1033&id=155

For the MS security resource toolkit visit:
http://www.microsoft.com/uk/security
Additional URLs




www.microsoft.com/management/
www.microsoft.com/windows2000/windowsupdate/sus
www.microsoft.com/solutions/msm
http://www.microsoft.com/technet/treeview/default.asp
?url=/technet/itsolutions/msm/swdist/pmsmsog.asp
Microsoft - Stand 670

Firewall and VPN

Identity Management

Securing Windows

Windows Server 2003 Security

Wireless LAN Security
Microsoft Security Seminars
TIME APRIL 29
APRIL 30
MAY 1
10:15
Trustworthy Computing –
One Year Later
Microsoft’s Security Roadmap
Identity Management –
Strategy & Solution
11:00
Securing Wireless Networks
with Windows Server 2003
Securing Wireless Networks
with Windows Server 2003
Securing Wireless Networks
with Windows Server 2003
11:45
Application-layer Firewalling
Application-layer Firewalling
Application-layer Firewalling
12:30
Web Services Security
Web Services Security
Web Services Security
13:15
Best Practices for Security
and Patch Management
Best Practices for Security and
Patch Management
Best Practices for Security
and Patch Management
14:00
Microsoft Security Products
and Features
Identity Management –
Strategy & Solution
Microsoft Security Products
and Features
14:45
Microsoft Security Solutions
for Small Business
Microsoft ISA Server – ‘Chalk
and Talk’ Session
Microsoft Security Solutions
for Small Business
15:30
Unisys
Fujitsu
Lynx
16:15
Aspelle
DNS
Call to action
1. For a copy of this presentation visit:
www.microsoft.com/uk/security
2. For regular information subscribe at:
register.microsoft.com/subscription/subscribeMe.asp?lcid=1033&id=155
3. For the Microsoft security resource toolkit visit:
www.microsoft.com/uk/security
Questions?
Visit the Microsoft stand.
We’ll be there for 1 hour
after this session.
Thank You!
Trustworthy Computing
Stirling Goetz – Principal Consultant
Ian Hellen – Principal Consultant
Related documents