30
AUTHENTICATION STUDY AND IMPLEMENTATION USING IPSEC AND IEEE 802.1X TECHNOLOGY AHMED OMAR AL-AMODI UNIVERSITI TEKNOLOGI MALAYSIA
AUTHENTICATION STUDY AND IMPLEMENTATION USING IPSEC
AND IEEE 802.1X TECHNOLOGY
AHMED OMAR AL-AMODI
UNIVERSITI TEKNOLOGI MALAYSIA
AUTHENTICATION STUDY AND IMPLEMENTATION USING
IPSEC AND IEEE 802.1X TECHNOLOGY
AHMED OMAR AL-AMODI
This dissertation is submitted in partial fulfillment
of the requirements for the award of degree of
Masters of Computer Science (Information Security)
Centre for Advanced Software Engineering (CASE)
Faculty of Computer Science and Information System
Universiti Teknologi Malaysia
APRIL 2009
iii
To my beloved parents, brothers and sisters
iv
ACKNOWLEDGEMENT
All praise be to Allah, the Most Merciful, for His Love and Guidance.
Salutations on the Prophet Muhammad (PBUH), his family, and fellow companions.
May I express my appreciation to ALLAH, the beneficent, the merciful, for
making me a Muslim and blessing me with the privilege of acquiring a higher
degree. My heart felt gratitude goes to my parents for bearing with me weakness
upon weakness from cradle to date.
Assoc. Prof. Dr. Zailani Mohamed Sidek, my supervisor gave me all the
necessary support needed for success, as such, I owe it a duty to be appreciative. I
wish thank my colleagues Elfadil, Haniza, Chan, Abdal Alem, Mysam, Hamed,
Nema, Ala Aldeen and others for their support and encouragement. May ALLAH
reward you all the relentless efforts to see through this academic pursuit.
v
ABSTRACT
Researches in Information Technology have been subjected to a tremendous
speed-up in recent years mainly due to the affordability of the technology and
consequently, to a strongly increased interest of users. In addition, the security
systems which imply networks have increased rapidly. Currently, many
organizations provide extensive network services to their staff. This poses a problem
of securing access to the organization networks. Therefore, authentication has
become an inevitable reality in the design of such systems. The research sought for
the best authentication mechanism suitable for organizations generally, and to
university campuses, particularly. The result is an authentication scheme based on
IPSec and IEEE 802.1x technology. The scheme provides secure access to users
engaged in the network connection. It implements a two-factor authentication. The
first factor is the network policy combination which the user provides prior logging
onto the system. The second factor is the certificates that are stored locally in a
client‟s desktop/laptop. The mechanism involved in the authentication is based on
EAP-TLS, which is a type of authentication method provided by IEEE 802.1x
technology. The result of the implemented system is a highly secured scheme that
provides both user and computer (machine) authentication. Only legitimate users
with legitimate machines (computers) can access the organization network system in
an authorized way.
vi
ABSTRAK
Penyelidikan dalam bidang teknologi maklumat semakin pesat yang mana
berpunca dari harga kos yang semakin rendah terhadap barangan elektronik yang
sekaligus merancakkan lagi bilangan penguna. Di samping itu, bidang system dan
rangkaian maklumat yang menerajui tahap keselamatan yang lebih efisen juga
semakin mendapat sambutan dari pengguna. Pada masakini, kebanyakkan organisasi
memberikan kemudahan system rangkaian maklumat yang efisen kepada staf
mereka. Ini, kemungkinan akan menyebabkan masalah keselamatan di dalam
rangkaian maklumat berkenaan. Oleh yang demikian, mekanisme untuk memastikan
keselamatan rangkaian maklumat ini perlu di praktikkan. Projek ini memberi
pandangan terhadap mekanisma alternatif yang terbaik bagi menjaga keselamatan
rangkaian maklumat di organisasi dan kampus university dengan lebih terperincinya.
Keputusan analisasi projek ini adalah berdasarkan skema IPSec dan IEEE 802.1x
teknologi. Skema ini memberi kadar keselamatan yang tinggi kepada pengunanya. Ia
menggunakan factor-dua authentikasi. Faktor pertama merujuk kepada polisi system
rangkaian maklumat yang merujuk kepada login kali pertama pada sistem. Faktor
yang kedua merujuk kepada rekod yang disimpan secara local di dalam komputer
pengguna. Mekanisma ini adalah berdasarkan EAP-TLS, di mana cara autentikasinya
adalah berdasarkan teknologi IEEE 802.1x. Keputusan sistem yang digunakan
mempunyai kadar keselamatan yang tinggi pada penggunanya dan komputer yang
digunakan.
vii
TABLE OF CONTENTS
CHAPTER TITLE PAGE
DECLARATION ii
ACKNOWLEDGMENT iv
ABSTRACT v
ABSTRAK vi
TABLE OF CONTENTS vii
LIST OF TABLES xiii
LIST OF FIGURES xiv
LIST OF APPENDICES xvi
1 OVERVIEW 1
1.1 Introducation 1
1.2 Background problem 2
1.3 Problem statement 4
1.4 Project objective 4
1.5 Project scope 5
1.6 Importance of the Study 6
1.7 Summary 7
2 LITERATURE REVIEW 8
2.1 Introduction 8
2.2 Computer network 9
2.3 Network topology 9
2.3.1 Bus topology 10
2.3.2 Ring topology 11
2.3.3 Star topology 12
viii
2.3.4 Mesh topology 13
2.3.5 Consideration when choosing topology 14
2.4 Network security 14
2.4.1 Overview of network security 15
2.4.2 Overview of OSI Technology 16
2.5 The Five layers of security model 17
2.5.1 Authentication 18
2.5.2 Authorization 18
2.5.3 Encryption 19
2.5.4 Integrity 19
2.5.5 Audit 20
2.6 General security threats and attacks on LANs 21
2.6.1 Passive attacks 22
2.6.2 Active attacks 23
2.6.3 Man-in-the middle attack 24
2.6.4 Jamming attack 24
2.7 Authentication in network 24
2.7.1 Authentication elements 26
2.8 Network access control 27
2.8.1 Types of network access control 28
2.8.1.1 Discretionary access control (DAC) 28
2.8.1.2 Mandatory access control (MAC) 29
2.8.1.3 Role-based access control (RObAC) 30
2.8.1.4 Rule-based access control (RUbAC) 31
2.8.1.5 Quandary of network access control 32
2.8.1.6 Security issue in network access control 33
2.9 Planning network access controls 33
2.10 IEEE 802.1x technology 35
2.10.1 Elements of 802.1X 36
2.10.2 Supplicant 37
2.10.3 Pass-through authenticator 37
2.10.4 Authentication server 37
ix
2.10.5 Controlled and uncontrolled ports 39
2.10.6 Security Provided by IEEE 802.1x 39
2.10.7 Advantages of using IEEE 802.1x 40
2.10.8 Limitations and vulnerabilities on using ieee 802.1x 42
2.10.9 The absence of mutual authentication 42
2.10.10 Session hijacking 44
2.11 Extensible authentication protocol (EAP) 45
2.11.1 General concepts of extensible authentication
protocol (EAP)
45
2.11.2 EAP-MD5 47
2.11.3 EAP-TLS 49
2.11.4 EAP-TTLS 51
2.11.5 EAP-PEAP 53
2.11.6 Comparison between previous four EAP methods 54
2.12 IPsec technology 57
2.12.1 IPsec security properties 57
2.14.2How network access quarantine works 68
2.14.3 Quarantine Mode 69
2.14.4 Components of Network access quarantine control 70
2.14.5 Important of network access quarantine control 71
2.14.6 Network Quarantined Resources 72
2.12.2 How IPsec protects IP traffic 59
2.12.3 Authentication header (AH) 60
2.12.4 Encapsulating security payload (ESP) 60
2.12.5 Security provided by IPsec 62
2.12.6 Some limitation of the IPsec with network quarantine 63
2.13 Comparing 802.1x for wired network with IPsec 63
2. 13.1Compression summary 66
2.14 Network access quarantine 67
2.14.1 Benefit of network quarantine 68
x
2.14.6.1 DNS 72
2.14.6.1.1 Benefits of adding a third-party DNS server 72
2.14.6.2 DHCP 73
2.15 Types & Comparison between different authentication
mechanisms used
74
2.15.1 Null authentication 75
2.15.2 Virtual Private Network 75
2.15.3 Media Access control (MAC) based authentication 77
2.15.4 Wired equivalent privacy (WEP) 77
2.16 Network access quarantine implementation method 79
2.16.1 Network quarantine with VPN 79
2.16.2 Network quarantine with IPsec 80
2.16.4 Network quarantine with DHCB 81
2.16.5 Network quarantine with IEEE802.1x 81
2.16.5.1 Benefit of Network quarantine with IEEE802.1x 82
2.17 Best authentication choice based on organizations types 84
2.17.1 Home network security 84
2.17.2 Small business security 84
2.17.3 Medium to large enterprise security 85
2.17.3 Military grade maximum level security 86
2.18 Summary 86
3 RESEARCH METHODOLOGY 88
3.1 Introduction 88
3.2 Project framework 88
3.3 Observations and problem formulation 90
3.4 Literature review 90
3.5 Requirement specification 91
3.5.1 Hardware requirement specification 91
3.5.2 Software requirement specification 93
3.6 Scheme design 93
3.7 System implementation 94
3.8 Testing the system 95
xi
3.9 Report writing 96
3.10 Summary 97
4 SYSTEM DESIGN 98
4.1 Introduction 98
4.2 Selected operating system 98
4.3 Overall system design 99
4.4 DC server 100
4.4.1 Infrastructure services 101
4.4.1.1 Active directory (AD) 102
4.4.1.2 Domain name system (DNS) 103
4.4.1.3 Dynamic host configuration protocol (DHCP) 103
4.5 NPS server 103
4.6 The entire network 105
5.7 The overall authentication process of the designed system 105
4.8 Summary 106
5 SYSTEM IMPLEMENTATION AND TESTING 108
5.1 Introduction 108
5.2 Infrastructure server 108
5.2.1 Infrastructure and service installation and configuration 109
5.2.1.1 Active directory & DNS (DC server) 109
5.2.1.2 Certification authority (DC server) 110
5.2.1.3 IPSec 111
5.2.1.4 Dynamic host configuration protocol (DHCP) 112
5.2.1.5 Network policy server 113
5.2.2 IEEE802.1X technology 114
5.3 Testing the system 115
5.3.1 Testing the authentication 116
5.4 Summary 117
6 DISCUSSION FUTURE WORK AND CONCLUSION 118
xii
6.1 Introduction 118
6.2 Discussion 118
6.2.1 Justification of choosing windows as an operating system 119
in this project
6.2.2 Justification of the authentication level in this project 120
6.2.3 Features of the implemented authentication in this
project
121
6.2.4 Comparing UTM authentication with proposed project
solution
122
6.3 Future works 123
6.4 Conclusion 124
Reference 125
Appendix Xvi
xiii
LIST OF TABLES
TABLE NO. TITLE PAGE
2.1 Comparison between EAP methods 55
2.2 Summary between 802.1X and IPsec 63
2.3 Compare between different Network quarantine implementation
method
64
2.4 Comparison between different authentication mechanisms 83
3.1 The servers‟ requirements 92
3.2 The client desktop/laptop minimum requirement 92
6.1 Comparisons between UTM authentication & network
quarantine using IEEE802.1x and IPsec
123
xiv
LIST OF FIGURES
FIGURE NO. TITLE PAGE
Figure 1.1: Machine is not accessing the network because it‟s not 2
authenticate & validate from the server
Figure1.2: PC0 only can access the network if the machine fulfills the
security Requirement
5
Figure 1.3: (a) Unauthorized state port (b) Authorized state port 6
Figure 2.1: Bus topology 10
Figure 2.2: Ring topology 11
Figure 2.3: Star topology 12
Figure 2.4: Mesh topology 13
Figure 2.5: 802.11 Network and The OSI model 16
Figure 2.6: Security Pyramid 20
Figure 2.7: Security incidents or attacks on network in 2002 22
Figure 2.8: Discretionary access control 29
Figure 2.9: Mandatory access control 30
Figure 2.10: Role-based access control 31
Figure 2.11: Rule-based access control 32
Figure 2.12: Shows these components for a wired network 36
Figure 2.12.1: Shows the interaction between supplicant and server 37
Figure 2.13: Shows the different types of ports 39
Figure 2.14: Man-in-the middle attack 43
Figure 2.15: Session Hijacking Attack 44
Figure 2.16: EAP packet format 46
Figure 2.17: EAP-MD5 process details 49
Figure 2.18: EAP-TLS process details 51
Figure 2.19: EAP-TTLS process detail 52
xv
Figure 2.20: PEAP process detail 54
Figure 2.21: An IP packet without any IPsec protection 59
Figure 2.22: An IP packet without any IPsec protection 60
Figure 2.23: An IP packet with ESP and encryption protection 61
Figure 2.24: An IP packet with ESP and no encryption protection 61
Figure 2.25: Components of windows access for network access
Quarantine Control
70
Figure 2.26: VPN authentication 76
Figure 2.27: Shows virtual private network 80
Figure 2.28: Network quarantine with IEEE802.1x 82
Figure 3.1: Project framework 89
Figure 3.2: System architecture 94
Figure 4.1: Overall system implementation plan 99
Figure 4.2: Overall system design 100
Figure 4.3: DC server 101
Figure 4.4: The project domain namespace 103
Figure 4.5: NPS server 104
Figure 4.6: The sequence of the authentication process 105
Figure 5.1: Active directory users and computers 110
Figure 5.2: Shows the Certificate Authority 111
Figure 5.3: Shows the DHCP 112
Figure 5.4: Network policy server set up 113
Figure 5.6: Switch software 114
Figure 5.7: Show the policy you can set to your network 115
Figure 5.8: Show„s the client is not comply with network policy 116
Figure 5.9: Client comply with policy & connects to the network 117
Figure 6.1: OSI layer 121
Figure 6.2: Snapshot of the SMAC V2.0 tool 122
xvi
LIST OF APPENDICES
APPENDIX TITLE PAGE
A Step by step system implementation 132
1
CHAPTER 1
OVERVIEW
1.1 Introduction
Nowadays communication is very important. It leads to exchange information
between people, organization and worlds. In fact most organization they use
computer in order to communicate. However most of this computer is connected to
each other and to the internet, as a result it can communicate with rest of the world.
That communication attracts a lot of group to develop malicious program or
unwanted software to harm computer network. And that will lead to communication
& network failure in the organization, which it will cost the organization time,
money and lack of availability, integrity & confidentiality of the network system.
Basically authentication & Network Access Control (NAC) come as security
solution for network administrator fundamental proposal behind NAC is that when a
user dials into a network, the server will validate & authenticate the user's machine to
make sure that it‟s authenticate as the other computers on the same network. If the
machine successfully authenticated and validated, then the user is granted access to
the rest of the network. If the machine's not authenticated or validate then, then the
machine is not accessing until the user it authenticate & validate. Figure 1.1 below it
show example of the authentication & validation.
2
Figure 1.1: Machine is not accessing the network because it‟s not authenticate &
validate from the server
1.2 Background Problem
Most users are authenticated and allowed access to network only on the basis
of their identity. They can prove that they are who they say they are, and that's good
enough for a lot of deployments. But problematically, no effort is made to verify that
their hardware and software on their machines meets a certain baseline requirement
to access the network. For example a normal user access a network by authenticate
himself but inside his machine unwanted software application installed or Trojan
infection, that will produce a lot of problem to the network and other machines.
Most administrators work hard to make sure that software on workstations is
kept up to date. Simply it‟s very difficult to have a secure network unless
workstations are secure. Keeping workstations secure means keeping the operating
system and
Can I access
the network?
You can’t, you
are not validate.
3
applications up to date with the latest patches and loading the latest definitions for
anti-virus and anti-spyware programs.
As hard as it is keeping workstations on network up to date, it's practically
impossible to ensure that remote workstations or large number of machine such as
laptops and home computers connecting via virtual private network (VPN) are up to
date, For example typical home machine has no virus protection and is infected with
about 800 different types of spyware and other Trojans. Can you imagine if this
machine access to the network. In fact if a network have large number of computers,
and one machine been infected it will be very difficult for the network administrator
to check every machine physically; the successful of find the infected machine will
be very low, because of the large computers number. And if the administrator find
the machine, by the time been the network is already infected with the Trojan and
viruses.
The basic idea in controlling large network is to access control the network.
Network access control (NAC) is a computer networking design and set of protocols
used to define how to secure the network from infected machine. NAC might
integrate the automatic remediation process as in fixing the infected machine before
allowing access the into the network systems, allowing the network infrastructure
such as routers, switches and firewalls to work together with back office servers and
end user computing equipment to ensure the information system is operating securely
before interoperability is allowed.
Network access control aims to do exactly what the name implies. Control
access to a network with policies, including pre-admission endpoint security policy
checks and post-admission controls over where users and devices can go on a
network and what they can do.
4
1.3 Problem Statement
Most of the time networks administrators have difficulty of examine the
machine in the network, especially in local area network (LAN). Indeed nowadays
with all this groups and people who develop different malicious software and
program that harm computers & networks is very difficult to validate and examine
each machine. And those arguments produce question need to consider by the
organization:
How the administrator going to manage and secure the network?
1.4 Project Objective
This project covers the implementation of a network quarantine
authentication scheme with IEEE802.1x over local area network. The goal is to
make the client and the machine authentications together, so only authorized client
with authorized machine (desktop) can access the network. The client authentication
involves a set of policy and the machine authentication requires the physical
possession of the certificate, which is stored in each authorized machine. The project
has the following objectives to be achieved:
1. Study the authentication methods.
2. Recommend implementation authentication scheme
3. Implement the recommend authentication scheme.
4. To achieve centralized network management.
5. Provide mutual authentication by authenticate the client.
5
In easy way when a user dials into network, a server will authenticate &
validate the user's PC to make sure that only validate user enter the network, If the
machine passes the test, then the user is granted access to the rest of the network. If
the machine's security isn't quite up to the network standard, then the machine is not
accessing until the user repair the machine & installs the necessary matter. Figure 1.2
below show that a client been rejected from access local area network because he
didn‟t fulfill the security requirement.
Figure 1.2: PC0 only can access the network if the machine fulfills the security
requirement
1.5 Project Scope
This project is lab based focuses on authentication & access control in local
area network (LAN) in the same department based on examines the client or the user.
That‟s done by after study & implementing the security mechanism needed. Mostly
network
6
This project will not cover the wide area network (WAN), metropolitan area
network (MAN) and wireless network.
This project focuses on the authentication over LAN network. This is done
by implementing the IEEE Std. 802.1x - 2004. IEEE 802.1x is also called a port-
based network access control. The supplicant (client) logs indirectly through
RADIUS (Authentication) server to the network. The network (internet) port is kept
in unauthorized state until the RADIUS verifies the identity of the client (Figure
3(a)). Once it is verified the port changes to authorized state (Figure 1.3 (b)). The
Figure below illustrates this.
Figure 1.3: (a) unauthorized state port (b) authorized state port
1.6 Importance of This Study
This study will help the network administrator to secure the network by
authenticate and authorized the user, if the user want access the network. In fact the
study will help to discuss network quarantine.
This study concerned for Network and system administrators who want to
enforce system health requirements for client computers connecting to the networks
such as:
7
1.
Ensure the health of desktop computers on the local area network (LAN) or
any user want access the network.
Determine the health and restrict access of laptops brought to an
organization by visitors and partner.
This study is very important for organization that want secure and ensure that the
network based on examine the user are healthy with no trouble or unwanted application.
1.7 Summary
The purpose of this overview is a plan to secure local area network (LAN) by
using network quarantine method. Discuss in the introduction the definition of
network quarantine. In fact it shows in the problem statement how it‟s difficult for
the network administrator to secure and manage the network. This project set an
objective to achieve and scope, one of the objectives is to implement network
quarantine method in LAN.
125
Referencing
Roberto Bell 2007, Remote Authentication Dial In User Service, Retrive 10 October
2008, from http://www.articledashboard.com/Article/Define-Radius-
Server/443735
RADIUS 2008, retrieve 20 September 2008, from
http://www.webopedia.com/TERM/R/RADIUS.html
Network Access Control Learning Guide 01 Jun 2006, retrieve October 4 2008,
from
http://searchsecurity.techtarget.com/generic/0,295582,sid14_gci1188421,00.ht
ml
Brien M. Posey Aug 11, 2004, Windows Network Access Protection (NAP)
simplifies
Quarantine Mode, retrieve 19 October 2008, from
http://articles.techrepublic.com.com/5100-10878_11-5298997.html
Deb Shinder Published: May 26, 2004 Updated: Apr 06, 2005, Authentication,
Access Control & Encryption , retirive October 3 2008, from
http://www.windowsecurity.com/articles/Server-2003-Network-Access-
Quarantine-Control-Security.html
Tony Bailey Published: November 4, 2005, Virtual Private Network Quarantine,
retrieve October 12 2008, from http://technet.microsoft.com/en-
us/library/cc512645.aspx
By Richard Langston, Network Access Control Technologies, retrieve October
10,2008 from http://www.bizforum.org/whitepapers/sygate-4.htm
Laura Taylor 11/10/2003, access control, Retrieved October 15,
2008, from http://www.intranetjournal.com/articles/200311/ij_11_10_03a.html
.
Roger Needham, Access control 2008, Retrieve 3 October 2008, from
http://www.cl.cam.ac.uk/~rja14/Papers/SE-04.pdf
Ralph Droms, November 22, 2003, Dynamic Host Configuration, retrieve 8 October
2008, from http://www.dhcp.org/
126
Marshall Brain 2008, How Domain Name Servers Work, retrieve 27 October 2008,
from http://computer.howstuffworks.com/dns1.htm
Internet Authentication Service 24 March 2008, retrieves 20 September 2008, from
http://en.wikipedia.org/wiki/Internet_Authentication_Service
Jonathan Hassell 2004-08-04, Deploying Network Access Quarantine Control,
retrieve 6 October 2008, From http://www.securityfocus.com/infocus/1794
Jeff felinge July 2006, network quarantine & IPsec, retrieve October 2 2008, from
http://windowsitpro.com/article/articleid/50253/market-watch-network-
quarantine.html
Mike Fratto July 17,2007, Network Computing, Retrieved October 1, 2008.from
http://en.wikipedia.org/wiki/Network_Access_Control
By Joern Wettern June 2005, Secure Network Access Control, retrieve 5 October
2008, from http://mcpmag.com/columns/article.asp?EditorialsID=987
Paul Rubens November 10, 2006, All About Network Access Controls, retrieve 9
October 2008, From
http://webopedia.com/DidYouKnow/Computer_Science/2006/network_access
_control.asp
Horizan data system 2008, Retrieved October, 2008, from
http://www.horizondatasys.com/206483.ihtml
Computer network by Andrew S. Tanenbaum, 2003, retrieve 17 October 2008, from
http://books.google.com.my/books?id=Pd-
z64SJRBAC&dq=computer+network&pg=PP1&ots=RBOMLvY2eF&sig=PV
ZokW3AmO_9X0tqw4BBrJfrAww&hl=en&sa=X&oi=book_result&resnum=
1&ct=result
The business of authentication 2006, retrieve 6 October 2008, from )
http://www.authenticationworld.com/
Coordination Center 2006, Home Network Security, retrieve 6 October 2008, from
http://www.cert.org/tech_tips/home_networks.html
Privacy Assurance and Systems Security Council (PASS Council) Kirk Bailey, UW
Chief Information Security Officer, Chair 2006, Minimum Data Security
Standards, Retrieve 29 September 2008, from
127
http://www.washington.edu/president/tacs/utac/meetings/2006-
07/materials/01.09.min.data.security.standards.pdf
Computer and Network Usage Policy December 15, 2005. Retrieve 10 October
2008, from http://adminguide.stanford.edu/62.pdf
Bradley Mitchell, What Are the Advantages and Benefits of a VPN?, retrieve 10
September 2008, from
http://compnetworking.about.com/od/vpn/f/vpn_benefits.htm
Network Access Quarantine Control in Windows Published: March 24, 2003
Updated: December 06, 2004, retrieve 16 september 2008 , from
http://technet.microsoft.com/en-us/library/bb726973.aspx
Brien M. Posey Jun 23, 2005, Control access to your network with Network Access
Quarantine Control, retrieve 14 September 2008, from
http://articles.techrepublic.com.com/5100-22_11-5746439.html
Raleigh Stout, What quarantine of computer files is?, retrieve 17 September 2008,
from http://www.helium.com/items/667557-what-quarantine-of-computer-
files-is
Deb Shinder Jan 05, 2007, NAP offers a network access control solution for SMBs,
retrieve 10 September 2008, from http://articles.techrepublic.com.com/5100-
10878_11-6147167.html
Rick Vanover Nov 28, 2007, Introducing Network Access Protection for Windows,
retrieve 18 September 2008, from http://articles.techrepublic.com.com/2415-
1035_11-177853.html
Rob Whiteley 2008, Success Takes Careful Consideration, retrieve 7 September
2008 , from
http://www.forrester.com/Research/Document/Excerpt/0,7211,47182,00.html
Nathan Einwechter 2002-06-19, Implementing Networks Taps with Network
Intrusion Detection Systems, retrieve 8 September 2008, from
http://www.securityfocus.com/infocus/1594
Robert Whiteley with Laura Koetzle, Benjamin Gray June 28, 2005, How To
Determine The Best Architecture For Securing LAN Access, retrieve 10
September 2008 , from
http://www.forrester.com/Research/Document/Excerpt/0,7211,36275,00.html
128
Microsoft TechNet 2007. Security administration. Last accessed at 5 March 2007,
Available at
http://www.microsoft.com/technet/solutionaccelerators/cits/mo/smf/smfsecad
.mspx
Microsoft Corporation Published: March 2003 Updated: October 2004, 2003
Network Access Quarantine Control, retrieve 12 September 2008, from
http://technet.microsoft.com/en-us/network/bb545879.aspx
Schneier B. (2007). A talk about security of linux with comparison to windows. Last
accessed at 20 April 2007, Available at:
http://www.schneier.com/blog/archives/2005/01/linux_security_1.html Bai, C. (2004). Enhancing network security via error-correcting codes. University of
Louisiana at Lafayette: Ph. D thesis
Intelligraphics (2007). Introduction to IEEE 802.11. Last accessed at 19 March 2007,
available at: http://www.intelligraphics.com/articles/80211_article.html
SANS (2007). Definition of Network Security, Last accessed at 21 March 2007,
Available at http://www.sans.org/network_security.php
Graham, D. (2003). It’s All about Authentication, white paper published by SANS
Institute, March 15, 2003. Last accessed 13 March 2007,
http://www.sans.org/reading_room/whitepapers/authentication/?portal=bee2d
1edce59d3e4422272070b7937dd
PC Magazine (2007). Definition of authorization. Last accessed at 22 March 2007,
Available at
http://www.pcmag.com/encyclopedia_term/0,2542,t=authorization&i=38202,
00.asp
Burnside, M., Clarke, D., Mrills, T., Maywah, A., Devadas, S., Rivest, R. (2002).
Proxy-based security protocols in networked mobile devices.Proceedings of
the 2002 ACM symposium on Applied computing SAC '02, New York, NY,
USA: ACM Press, 265-272
Schmidt, M. (2006). Deployement and analysis of a model for assessing perceived
security threats and characteristics of innovating for wireless networks.
Mississippi State University: Ph. D thesis
Wikipedia (2007a). Definition of authentication. Last accessed at 22 March 2007,
Available at http://en.wikipedia.org/wiki/Authentication
Jones, D. (2004). Confidentiality and security of information. Anaesthesia &
intensive care medicine, 5(12): 404-406
129
Liang, W. (2005). Design and analysis of authentication mechanisms in single- and
multi-hop networks. North Carolina State University: Ph. D Thesis
Phifer, L. (2002). Understanding network vulnerabilities. Business Communication
Review. September 2003. 26-32. Last accessed at 22 March 2007, Available
at: http://www.corecom.com/external/bcrmag/bcrmag-wlansec-sep02.pdf
Hernández, H. (2005). Security Enhancement for IEEE 802.11 network LANs.
University Of Puerto Rico: Msc. Thesis
Miller, S. (2003). network Security. New York, USA: McGraw-Hill companies
Wirelessdefense.org (2007). Rouge Access Point: HOWTOs. Last accessed at 26
March 2007, Available at:
http://www.wirelessdefence.org/Contents/RougeAPHowtoMain.htm
Barken, L., Bermel, E., Eder, J., Fanady, M., Mee, M., Palumbo, M. Koebrick, A.
(2004). Hacking – Projects for Wi-Fi Enthusiasts. Rockland, MA02370:
Syngress Publishing Inc.
Earl, A. (2006). Security Handbook. Boca Raton, New York: Auerbach Publications
– Taylor and Francis Group
IEEE-Institute of Electrical and Electronic Engineering (2004). IEEE standard for
local and metropolitan networks: Port-Based network access control. New
York, USA, IEEE STD 802.1x-2004 (Revision of IEEE STD 802.1x-2001)
Brawn, S., Koan, R., Caye, K. (2004). Staying secure in an insecure world: 802.1x
secure computer network connectivity for students, faculty, and staff to the
campus network. Proceedings of the 32nd annual ACM SIGUCCS conference
on User services. Baltimore, MD, USA: ACM Press, 273-277
Zahur, Y. (2004). Local Area Networks – Security & performance. The University of
Houston Clear Lake: Msc. Thesis
Khan, J., and Khawaja, A. (2003). Building secure wireless networks with 802.11.
Indianapolis, Indiana: Wiley Publishing Inc.
Chen, J., and Wang, Y. (2005). Extensible authentication protocol (EAP) and IEEE
802.1x: tutorial and empirical experience. Communications Magazine, IEEE.
43(12): S26-S32
Ali, K. (2007). Selection of EAP authentication method for network. Int. J.
Information and computer security. 1(2): 210-233
Wikipedia (2007c). Definition of Dictionary attack. Last accessed at 5 April 2007,
130
Available at: http://en.wikipedia.org/wiki/Dictionary_attack
IEC – International Engineering Consortium (2007). EAP methods for 802.11
network security. Last accessed at 5 April 2007, Available at:
http://www.iec.org/online/tutorials/eap_methods/topic03.html
Ennis, D. (2005). network tightrope: an economical, secure, and user friendly
approach for the campus. Proceedings of the 33rd annual ACM SIGUCCS
conference on User services table of contents. Monterey, CA, USA: 62 - 67
Microsoft TechNet (2007b). PEAP with MS-CHAP V2 for secure password-based
network access. Last accessed at 6 April 2007, Available at:
http://www.microsoft.com/technet/community/columns/cableguy/cg0702.ms
px
Intel website (2007). Wireless security – 802.1x and EAP types. Last accessed at 1
April 2007, available at: http://www.intel.com/support/wireless/wlan/sb/CS-
008413.htm
Danto, R., Clothier, G., and Atri A. (2007). EAP methods for wireless networks.
Computer Standards & Interfaces. 29(3): 289-301
He, C. (2005). Analysis of Security Protocol for Wireless Networks. Stanford
University: Ph. D thesis
Steve. (2005-08-24). An Illustrated Guide to IPsec last access 20 November 2008,
available at: http://unixwiz.net/techtips/iguide-ipsec.html
Microsoft (2005-Decmber-07) update (2006 –April-16), Internet Protocol
Security and Packet Filtering available at : http://technet.microsoft.com/en-
us/library/bb727017.aspx
Ausif mahmood (2006-April-09), Securing Networks Using IPSEC VPN and 802.1x,
available at:
http://www.bridgeport.edu/sed/projects/cs597/Fall_2002/nasirnizami/nasirniza
mi.pdf
András Salamon (2006-jan-23), DNS Resources Directory, available at:
http://www.dns.net/dnsrd/
D. J. Bernstein (2007), Costs and benefits of third-party DNS service available at:
http://cr.yp.to/djbdns/third-party.html
131
Barken, L., Bermel, E., Eder, J., Fanady, M., Mee, M., Palumbo, M. Koebrick, A.
(2004). Network Hacking – Projects for Wi-Fi Enthusiasts. Rockland,
MA02370: Syngress Publishing Inc.
Regan Kevin (2003). Network Security: Things you should know about security.
Network Security. 2003(1): 7-9.
IEEE -Institute of Electrical and Electronic Engineering (1990). IEEE standard for
local and metropolitan networks: overview and architecture. New York,
USA, IEEE STD 802-1990
Rick Vanover (April 21st, 2008), network administrator available at
http://static.ppurl.com/addison_wesley/p/protect_your_windows_network_fro
m_perimeter_to_data/preview/0321336437/ch10lev1sec5.html
Pietro Nicoletti (2008-01-20), Authentication and Security:IEEE 802.1x and
protocols
EAP based, available at : http://www.netscire.it/CourseMaterial/802-1-X-
2008-Eng.pdf
Wohlmacher, P. (2000). Digital Certificates: A survey of Revocation Methods.
International Multimedia Conference-Proceedings of the 2000 ACM
workshops on Multimedia. New York, NY, USA. ACM Press: 111-114
Schneier B. (2007). A brief talk about security of linux with comparison to windows.
Last accessed at 20 April 2007, Available at:
http://www.schneier.com/blog/archives/2005/01/linux_security_1.html
Bradley Mitchell, Network Topology, available at:
http://compnetworking.about.com/od/networkdesign/a/topologies.htm
