Professional Documents
Culture Documents
EnggRoom Code SECURE WIRELESS NETWORK PROJECT
EnggRoom Code SECURE WIRELESS NETWORK PROJECT
EnggRoom Code SECURE WIRELESS NETWORK PROJECT
NETWORK
IN IŞIK UNIVERSITY
ŞİLE CAMPUS
Designed by VOLKAN MUHTAROĞLU
WLAN(Wirelass LAN)
We introduced at 1986 for use in barcode
scanning .
A properly selected and installed Wi-Fi or
wireless fidelity.
802.11a, 802.11b, 802.11g technologies,
802.11g is the latest technology. These are
IEEE standard.
GENERAL TOPOGOLY OF
WLAN
THE PROJECT
The problem is, how can three different users
access over an access point to different type of
data with securily in our campus.
As another word, if we choose there people
such as; student, university staff and data
processing center worker can access different
type of data or they have different rights when
access from the access point by securily.
THREE DIFFERENT USER
1) Student
2) University Staff
3) Data Processing Center Worker
COMPONENTS OF SECURE
WIRELESS NETWORK
I. Cisco Aironet 1100 Series Access Point
II. Radius Server
III. Two Switch(One of them is Managable Switch,
the other one is Backbone Switch)
IV. Vlan
V. Cisco PIX Firewall
VI. WEP & LEAP
VII. Database Server
VIII. Intranet Web Server
Cisco Aironet 1100 Series Access
Point
It is a wireless LAN transceiver.
1100 series is cheaper than the others and its
performances is really efficient.
It is also managable easily and common all
over the world.
RADIUS SERVER
RADIUS is a distributed client/server system
that secures networks against unauthorized
access.
Use RADIUS in these network environments,
which require access security
This server also called AAA Server which
means Audit, Authentication and Accounting.
In my project Radius Server will provide
Authentication and Mac filtering.
SWITCHES
Managable Switch
Backbone Switch
STUDENT
ACCESS
POINT
STUDENT TOPOLOGY-2
STUDENT SWITCH
SSID TSUNAMI
BACKBONE
SWITCH
STUDENT GENERAL
TOPOLOGY
BROADCASTING SSID (TSUNAMI)
STUDENT SWITCH
SSID TSUNAMI
ACCESS
POINT
Student takes 10.0.x.x IP
and comes Vlan 1
BACKBONE
SWITCH FIREWALL INTERNET
UNIVERSITY STAFF
TOPOLOGY-1
NOT BROADCASTING SSID
(PRIVATE)
UNIVERSITY
STAFF
ACCESS
POINT
UNIVERSITY STAFF
TOPOLOGY-2
NOT BROADCASTING SSID
(PRIVATE)
UNIVERSITY
STAFF
PRIVATE
SSID&AUTHENTICATION RADIUS
&MAC FILTERING ACCESS SWITCH SERVER
POINT
University Staff takes
10.50.x.x IP and comes Vlan 2
UNIVERSITY STAFF
TOPOLOGY-3
NOT BROADCASTING SSID
(PRIVATE)
SWITCH
UNIVERSITY
STAFF
PRIVATE
SSID&AUTHENTICATION RADIUS
&MAC FILTERING ACCESS SERVER
POINT
University Staff takes
10.50.x.x IP and comes Vlan 2
BACKBONE
SWITCH
INTRANET
WEB SERVER
UNIVERSITY STAFF GENERAL
TOPOLOGY
NOT BROADCASTING SSID
(PRIVATE)
SWITCH
UNIVERSITY
STAFF
PRIVATE
SSID&AUTHENTICATION
RADIUS
&MAC FILTERING ACCESS SERVER
POINT INTERNET
University Staff takes
10.50.x.x IP and comes Vlan 2
BACKBONE
SWITCH FIREWALL
INTRANET
WEB SERVER
DATA PROCESSING CENTER
WORKER TOPOLOGY-1
NOT BROADCASTING SSID
(PRIVATE)
DATA
PROCESSING
CENTER
WORKER ACCESS
POINT
DATA PROCESSING CENTER
WORKER TOPOLOGY-2
NOT BROADCASTING SSID
(PRIVATE)
DATA
PROCESSING
CENTER
WORKER
RADIUS
PRIVATE ACCESS SWITCH SERVER
SSID&AUTHENTICATION POINT
&MAC FILTERING
SWITCH
DATA
PROCESSING
CENTER
WORKER
RADIUS
PRIVATE ACCESS BACKBONE SERVER
SSID&AUTHENTICATION POINT SWITCH
&MAC FILTERING
INTRANET
DATABASE WEB SERVER
SERVER
DATA PROCESSING CENTER
WORKER GENERAL
TOPOLOGY
NOT BROADCASTING SSID
(PRIVATE)
SWITCH
DATA
PROCESSING
CENTER
WORKER
RADIUS
PRIVATE ACCESS BACKBONE SERVER
SSID&AUTHENTICATION POINT SWITCH INTERNET
&MAC FILTERING
INTRANET
DATABASE WEB SERVER
SERVER
SECURITY POLICY
The purpose of this policy is to provide
guidance for the secure operation and
implementation of wireless local area
networks (WLANs).
AUTHENTICATION
University Staff and Data Processing Center
Worker have to authenticate the system if they
want to have different kind of rights.
For authentication, username and password
authentication is used so users must use strong
passwords (alphanumeric and special character
string at least eight characters in length).
Shared secret (or shared key) authentication
must be used to authenticate to the WLAN
ENCRYPTION & ACCESS CONTOL