Designing Wireless Network For VSU Vancouver: Security Requirements, 802.1x Implementation, Ethical Implications (Essay).

Design the network as specified in the above scenario from scratch. You have to submit a group report and specify each individual group member’s contribution on the front page. You should address the following tasks in your report: 
For this assignment, you need to complete the following tasks: 
• Design the wireless network of VSU according to given specification in the given case study (In this design you will plan a design for the network and frame that using software with configuration details. Diagrams can be designed using MS Visio or any other available network design software). 
• Detail all the security requirements for wireless network of VSU-Vancouver stated in the case study.  
• Expand further on 802.1x authentication mechanism required wireless network of VSU Report, step by step procedure of implementing 802.1x for VSU wireless network. 
• Discuss ethical implication on VSU secured Wireless LAN design.

Group Members' Contributions

Remote associations will not just permit an entire arrangement of new applications as guaranteed, yet they will likewise present some new risks. Remote systems administration innovation is rapidly changing the way organized PCs impart. The comfort offered by the capacity to associate with systems utilizing portable processing gadgets has likewise presented numerous security issues that do not exist in the wired world. Understanding the decent variety of risks to remote systems will enable clients to act greater security cognizant.

This work will present conceivable risks that the client ought to know about when particularly remote systems are utilized. The objective of this work is not to look at these two very extraordinary remote systems administration innovations, yet to portray how they work, to comprehend their impediments in light of the security necessities for remote systems [5]. The risks on remote systems can be gotten from the risks on existing wired neighborhood (LANs), this work will present the general risks on LANs, to build up and order the fundamental risks on remote.

2. Work of Group members

2.1 Group member 1

This member was involved with identification of the security requirements of Vancouver State University (VSU) for protecting the campus network and the users. There are two fundamental issues that remote security arrangements tend to address. To begin with, since every single remote bundle is accessible to any individual who tunes in, security is expected to counteract listening stealthily and the second issue is confirmation.

In a remote system, 802.1x is utilized by an entrance point to actualize WPA. With a specific end goal to associate with the entrance point, a remote customer should first be validated utilizing WPA [7]. In a wired system, switches utilize 802.1x out of a wired system to actualize port-based confirmation. Prior to a switch advances bundles through a port, the joined gadgets must be verified. After the end client logs off, the virtual port being utilizing is changed back to the unapproved state.

2.2 Group member 2

This member was involved with analysis of the identified issues in context to the provided case study of Vancouver State University (VSU). Since it is difficult to physically keep individuals far from the WAP's, shy of raising a fence around your building, arrangements have a tendency to depend on encryption in some shape. Contingent upon what is actualized, this can incorporate a static shared key, a key produced from a static key, a progressively created key, or arranged keys [3]. With a wired system, a framework chairperson may figure out who produced certain movement in view of the physical port that the activity came in on.

By expecting that inbound activity on a specific port is continually originating from a specific source, there is no compelling reason to always check where the movement was originating. Notwithstanding, with remote systems administration, numerous clients can get to the system at a similar access point, making it more hard to outline did what. It is regularly alluring, along these lines, to enable clients to recognize their identity before letting them through the base station onto whatever remains of the system [2]. This counteracts unapproved utilization while having the special reward of having the capacity to track a specific client's action should the need emerge.

Designing the Wireless Network

3. Plan for implementation

3.1 Design of the wireless network

3.2 Security requirements for wireless network

WEP is a calculation that is utilized to shield remote interchanges from listening in and alteration. An auxiliary capacity of WEP is to counteract unapproved access to a remote system. It depends on a mystery key that is shared between a remote station and an entrance point. The mystery key is utilized to scramble bundles before they are transmitted and an uprightness check is utilized to guarantee the parcels are not changed in travel.

The 802.11 standard does not state how the common key is set up [1]. By and by, most establishments utilize a key that is shared between all stations and access focuses. WEP utilizes the RC4 encryption calculation. RC4 is a stream figure composed by (Ron) Rivest for RSA Data Security (now RSA Security). It is a variable key-estimate stream figure with byte-arranged operations. The calculation depends on the utilization of an arbitrary change. Examination demonstrates that the time of the figure is overwhelmingly liable to be more noteworthy than 10100.

Autonomous investigators have examined the calculation and it is viewed as secure. Open framework confirmation is the default validation convention for 802.11 [4]. Open framework verification verifies any individual who demands validation. It gives a NULL verification process. The confirmation administration outlines utilized by this convention are sent in clear content notwithstanding when WEP is empowered.

3.3 Procedure of implementing 802.1x for VSU wireless network

IEEE 802.1X is an IEEE Standard for port-based Network Access Control. It gives confirmed system access to wired Ethernet systems and remote 802.11 systems. With a specific end goal to make a framework for confirmation, approval, and representing secured remote associations for an association, the accompanying advances should be finished:

1. Configure the certificate infrastructure.
2. Configure Active Directory for accounts and groups.
3. Configure the wireless Access Point.
4. Configure the NPS server on a computer.
5. Configure Wireless Network (IEEE 802.11) Policies Group Policy settings.
6. Configure wireless clients for EAP-TLS or PEAP-TLS.

3.4 Ethical implication on VSU secured Wireless LAN design

For a genuine systems administration standard like IEEE 802.11, a large number of the security prerequisites can be met by utilizing existing higher layer conventions and security ideas like VPNs, Firewalls and open key cryptography. In addition, taking a gander at the poor necessity fulfillment even before the new assault, this would have been suggested. For all the IEEE 802.11 systems that up to this point have not conveyed such extra strategies, I would prescribe doing as such quickly [6].

As the new assault permits finding the mystery WEP key by simply uninvolved listening in [54LM], IEEE 802.11 systems without extra safety efforts are totally unprotected. I expect that assaults in the coming months will uncover that organizations are too ease back to execute extra security, which as I would see it ought to have just been set up as a ton of security necessities were not fulfilled by IEEE 802.11.

An advantage of 802.1x is simply the switches and the entrance indicates needn't bother with know how to confirm the customer. Whatever they do is pass the verification data between the customer and the confirmation server. The validation server handles the genuine check of the customer's certifications. This lets 802.1x help numerous validation techniques, from straightforward client name and watchword, to equipment token, test and reaction, and computerized authentications.

4. Recommendations

As data transfer capacity restrictions and encryption calculations enhance, so will remote security. It is just a short time before somebody concocts a technique for giving confirmed access and ensured transmission, to the point where remote security is as an indistinguishable pace from wired security. Until at that point, organize managers should measure the advantages and disadvantages of each arrangement accessible, and trust that they can get their security set up before their system is posted on a war-dialing site as a decent place to get to the Internet.

5. Conclusion

At present, there is no flawless security arrangement. The main condition that can be unhesitatingly secured is one where all machines are about indistinguishable. For instance, a framework overseer would have less issues executing an IPSec arrangement if all PCs that needed to get to the system were utilizing a working framework with a consistent IPSec customer. A VPN arrangement ends up noticeably satisfactory if everybody on the system can be given a completely good VPN customer that chips away at the pre-orchestrated working framework.

Most security arrangements miss the mark when the arrangement needs to oblige excessively numerous sorts of conceivable customers. At that point, there is the issue of cost. Some impromptu remote systems are set up as opposed to having a wired system to maintain a strategic distance from the cost of wiring the building or structures where the system will be utilized. The cost of obtaining extra equipment and programming for security puts numerous arrangements distant.

References

• Chen, Lei. Wireless network security. New York, Higher Educational Press, 2013.
• Chorppath, Anil Kumar, Tansu Alpcan, and Holger Boche. "Bayesian mechanisms for wireless network security." In Communications (ICC), 2014 IEEE International Conference on, pp. 865-870. IEEE, 2014.
• Ermakov, Sergey Alexandrovich, Aleksey Sergeevich Zavorykin, Nikolai Sergeevich Kolenbet, Alexander Grigorievich Ostapenko, and Andrei Olegovich Kalashnikov. "Optimization of expert methods used to analyze information security risk in modern wireless networks." Life Sciences Journal23 (2014): 1239.
• Hu, Rose Qingyang, and Yi Qian. "An energy efficient and spectrum efficient wireless heterogeneous network framework for 5G systems." IEEE Communications Magazine52, no. 5 (2014): 94-101.
• Kahate, Atul. Cryptography and network security. Tata McGraw-Hill Education, 2013.
• Khan, S. and Pathan, A.K., 2013. Wireless networks and security. Berlin: Springer.
• Liang, Chengchao, and F. Richard Yu. "Wireless network virtualization: A survey, some research issues and challenges." IEEE Communications Surveys & Tutorials17, no. 1 (2015): 358-380.
• Mitchell, Robert, and Ray Chen. "A survey of intrusion detection in wireless network applications." Computer Communications42 (2014): 1-23.
• Pierson, Greg, and Jason DeHaan. "Network security and fraud detection system and method." U.S. Patent 9,203,837, issued December 1, 2015.
• Stallings, William, and Mohit P. Tahiliani. Cryptography and network security: principles and practice. Vol. 6. London: Pearson, 2014.