Implementation of federated authentication€¦ · Proxy Radius Infrastructure LDAP Directory...

Post on 06-Jun-2020

17 views 0 download

Preview:

Click to see full reader
Report this document
SHARE

transcript

© Politecnico di Torino 2-3-4 March 2005EuroCAMP

PolitoPolitoWiWi--FiFiGroupGroup

Implementation of Implementation of federated federated authenticationauthentication

Cesar PachecoCesar Pacheco

Politecnico di TorinoPolitecnico di Torino

Polito WiPolito Wi--Fi Case study Fi Case study

© Politecnico di Torino EuroCAMP 2-3-4 March 2005

PolitoPolitoWiWi--FiFiGroupGroup

Working Working GroupGroupThe Polito Wi-Fi members come from Departments of Politecnico, ISPs, Research Institute and ICT companiesCe.S.I.T. (ICT Project and mangement resources)

Group coordinator Marcello Maggiora, Cesar Pacheco, Antonio LantieriDAUIN (Control and Computer Engineering)

Antonio LioyDELEN (Electronics)

TLC Group - Fabio NeriGESD (Student Support Services)

Enrico VenutoISMB (Istituto Superiore Mario Boella – Research Institute)

Daniele Mazzocchi, Daniele BreviTelecom Italia

Marco BoassoHewlett-Packard – external supportCisco Systems – external support

© Politecnico di Torino EuroCAMP 2-3-4 March 2005

PolitoPolitoWiWi--FiFiGroupGroup

OverviewOverview

Politecnico di Torino CampusPolito Wi-Fi projectPolitecnico User databasesAuthentication methodsWLAN Network InfrastructureCisco ACS ImplementationProxy Radius InfrastructureProxy Radius configuration for Eduroam and Telecom Italia roaming

© Politecnico di Torino EuroCAMP 2-3-4 March 2005

PolitoPolitoWiWi--FiFiGroupGroup

Politecnico di TorinoPolitecnico di Torino CampusCampus

725 teachers, 600 technical and administrative employees27,000 students1000 courses for 70,000 hours/year of classes17 campuses in Piemonte10,000 fixed network points

© Politecnico di Torino EuroCAMP 2-3-4 March 2005

PolitoPolitoWiWi--FiFiGroupGroup

Torino: 10AlessandriaAostaBiellaChivassoIvreaVercelliMondovì

Politecnico di Torino Politecnico di Torino CampusesCampuses

17

© Politecnico di Torino EuroCAMP 2-3-4 March 2005

PolitoPolitoWiWi--FiFiGroupGroup

Polito WiPolito Wi--Fi projectFi project

The Polito WiFi Project at Politecnico di Torino started in 2003 as an initiative to implement a scalable WLAN network for the geographically dispersed campus ofPolitecnico di Torino.Features:

Centralized management of the covered radio areasCentralized authentication Centralized access control.

© Politecnico di Torino EuroCAMP 2-3-4 March 2005

PolitoPolitoWiWi--FiFiGroupGroup

PolitecnicoPolitecnico User databasesUser databases

Politecnico Student DatabaseHP Enterprise Directory Server (X.500)40,000 usersuser@studenti.polito.it

Personal and Teacher DatabaseStalker Communigate Pro V 4.18 (LDAP Directory)3,000 usersuser@polito.it

mailto:user@studenti.polito.it
mailto:user@polito.it

© Politecnico di Torino EuroCAMP 2-3-4 March 2005

PolitoPolitoWiWi--FiFiGroupGroup

Authentication methodsAuthentication methods

Likewired polito

UsersHigh-Low

ClientCertificate

ServerCertificate

Lab. test802.1x

EAP/TLS-WPA

Likewired polito

UsersHighHighLow in

MS-PEAP

ClientPassword

ServerCertificate

Field test802.1xWPA-TKIP

Likewired polito

UsersHighHighHighClient

PasswordEnabledAll areasTunnel VPN

InternetBrowsing

Secure Apps

Not atnetwork

levelHighHigh

ClientPassword

ServerCertificate

EnabledAll areas

Open HTTPSSSL3

DataProt.

PasswordProt.

UsernameProt.

Autent.Mutual

Suggestedactivities

Security level (air)StatusAuth.

Models

SECURITY

© Politecnico di Torino EuroCAMP 2-3-4 March 2005

PolitoPolitoWiWi--FiFiGroupGroup

WLAN Network InfrastructureWLAN Network Infrastructure

UTILSTAT

DUPLEXSPEED

SYSTEMRPS

LINE PWR

CATALYST 3550IN LINE P OWER

2

1

3

4

5

6

7

8

9

10

11

12

1

2

15

16

17

18

19

20

21

22

23

24

13

14

POE Switch

ACS Radius Server

Radio Management

DHCP Server

InternetInternetVPN Concentrator

WLAN

802.1x

WLAN Open

Athen Backbone

Access Point 802.11 a/b/g

SSID1SSID2

Firewall

Captive Portal

Informative Portal

© Politecnico di Torino EuroCAMP 2-3-4 March 2005

PolitoPolitoWiWi--FiFiGroupGroup

Cisco ACS ImplementationCisco ACS Implementation

For students databaseODBC connection to X.500Supports MS-CHAP authentication methods like PEAP-EAP-MSCHAPLimitations for digital certificates comparison

For teachers and employeesBind LDAP v3 to LDAP DirectorySAN or binary comparison for digital certificatesLimitations for MS-CHAP authentication methods like PEAP-EAP-MSCHAP

© Politecnico di Torino EuroCAMP 2-3-4 March 2005

PolitoPolitoWiWi--FiFiGroupGroup

Proxy Radius InfrastructureProxy Radius Infrastructure

LDAP Directory

Central Proxy Radius(handler for polito.it)

X.500

Students Radius

Proxy radius

InternetInternet

Athen Backbone

Proxy radius

ODBC

Bind LDAP v3

Oracle

Garr

Edu-Roam

TelecomItalia

© Politecnico di Torino EuroCAMP 2-3-4 March 2005

PolitoPolitoWiWi--FiFiGroupGroup

Proxy Radius Proxy Radius ConfigurationConfiguration

Radius Servers shared secret (Polito-Garr)

Proxy Distribution Tablepolito.it domains local proxywifiarea.it – Telecom Italiaother domains – Garr - Eduroam

© Politecnico di Torino 2-3-4 March 2005EuroCAMP

PolitoPolitoWiWi--FiFiGroupGroup

Questions Questions TimeTimePolito Polito WiWi--FiFi

http://http://wifiwifi.polito..polito.itit

Top related

RADIUS server User - Unieduroam.uni.net.th/eduroam-th/file_Uploads/4_3_20150416_093017.pdfRADIUS server University B RADIUS server University A SURFnet Central RADIUS Proxy server
Documents
Virtual Private - globalnetwork.support.att.com · using proxy RADIUS as long as your RADIUS server authenticates using CHAP. If the RADIUS server employed does not support this method
Documents
Application Security ReviewRADIUS Proxy, RADIUS: The VyprVPN Termination servers authenticate VyprVPN customers using the RADIUS protocol. The VPN Termination node use the RADIUS Proxy/Server
Documents
HTML (HyperText Markup Language)lioy/01mqp/html_en_2x.pdfHTML (HyperText Markup Language) Antonio Lioy < lioy@polito.it > enggylish version created by Marco D. Aime < m.aime@polito.it
Documents
WiFi Service Management Platform - winncom.com · Proxy AAA (WRIX compliant for roaming deals) Authentication lookup from external sources: RADIUS, LDAP, Active Directory, SOAP/XML
Documents
polito.it · Created Date: 6/1/2017 10:15:24 AM
Documents
Microsoft NPS Configuration GuideUK... · (RADIUS) server and proxy. NPS is a popular choice amongst organisations deploying eduroam due to its accessibility, familiar graphical user
Documents
RADIUS. 2 In This Presentation … Why Do We Need It? What is RADIUS? RADIUS Operation RADIUS Packets Operation Examples Attacks on RADIUS RADIUS ’ EAP.
Documents
The global free wi-fi Roaming Service · RADIUS Proxy Server Indian (ERNET) National RADIUS Proxy Server Australian (AARNET) National RADIUS Proxy ... Windows Server , RedHat, CentOS,
Documents
Novell RADIUS Services Administration Guide · with a RADIUS proxy server to authenticate remote users who are not in its local database. This concept is illustrated in Figure 1.
Documents
POLITECNICO DI TORINO Repository ISTITUZIONALE · Energy Department, Politecnico di Torino, Turin 10129, Italy (e-mail: malik.sajjad@polito.it; gianfranco.chicco@polito.it; roberto.napoli@polito.it).
Documents
HTML 5 Part IV - polito.it€¦ · HTML 5 – Part IV Drag & drop Laura Farinetti Dipartimento di Automatica e Informatica Politecnico di Torino laura.farinetti@polito.it 1
Documents
FortiAuthenticator RADIUS Accounting Proxy - …docs.fortinet.com/.../fortiauthenticator-radius-accounting-proxy... · FortiAuthenticator RADIUS Accounting Proxy Author: Carl Windsor
Documents
Blue Coat Proxy - SSL - Interception Proxy
Documents
How-To HTTP-Proxy Radius Authentication Windows IAS Server Settings-e 2
Documents
Mikrotik Most Wanted - · PDF file• Mikrotik dikenal sebagai Statefull Firewall yang melakukan ... VLAN, Firewall, Queue unlimited Proxy, Radius Client yes Dynamic Routing RB = yes
Documents
Blue Coat Systems Appliance - WikiLeaks · 2016-07-01 · Blue Coat® Systems SG ... Chapter 13: RADIUS Realm Authentication and Authorization Creating a RADIUS Realm ... proxy or
Documents
Securepoint Security System...How-to: HTTP-Proxy and Radius Authentication and Windows IAS Server settings Securepoint Version 2007nx page 11 2.2 create firewall rules For using a
Documents
Endian UTM SofTwarE - Telcomms...Web Security • HTTP & FTP proxies • HTTPS filtering • Transparent proxy support • URL blacklist • Authentication: Local, RADIUS, LDAP, Active
Documents
polito.it · Index Index ....................................................................................................................................................... 5
Documents

Copyright © 2018 DOCUMENTS