1PalGov © 2011

أكاديمية الحكومة اإللكترونية الفلسطينية

The Palestinian eGovernment Academy

www.egovacademy.ps

Security Tutorial

Session 10

LAB

2PalGov © 2011

About

This tutorial is part of the PalGov project, funded by the TEMPUS IV program of the

Commission of the European Communities, grant agreement 511159-TEMPUS-1-

2010-1-PS-TEMPUS-JPHES. The project website: www.egovacademy.ps

University of Trento, Italy

University of Namur, Belgium

Vrije Universiteit Brussel, Belgium

TrueTrust, UK

Birzeit University, Palestine

(Coordinator )

Palestine Polytechnic University, Palestine

Palestine Technical University, PalestineUniversité de Savoie, France

Ministry of Local Government, Palestine

Ministry of Telecom and IT, Palestine

Ministry of Interior, Palestine

Project Consortium:

Coordinator:

Dr. Mustafa Jarrar

Birzeit University, P.O.Box 14- Birzeit, Palestine

Telfax:+972 2 2982935 mjarrar@birzeit.edu

3PalGov © 2011

© Copyright Notes

Everyone is encouraged to use this material, or part of it, but should properly

cite the project (logo and website), and the author of that part.

No part of this tutorial may be reproduced or modified in any form or by any

means, without prior written permission from the project, who have the full

copyrights on the material.

Attribution-NonCommercial-ShareAlike

CC-BY-NC-SA

This license lets others remix, tweak, and build upon your work non-

commercially, as long as they credit you and license their new creations

under the identical terms.

4PalGov © 2011

Tutorial 5:

Information Security

Session 10: WIRELESS LAB

Session 8 Outline:•WEP

•WPA-Personal

•WPA-Enterprise

5PalGov © 2011

Tutorial 5:

Session 10: Wireless

This session will contribute to the following

ILOs:

• C: Professional and Practical Skills:

6PalGov © 2011

Personal WLAN Security

• MAC Address Filtering

• WEP

• WPA/WPA2 Personal (WPA-PSK)

Enterprise WLAN Security

• Wireless VLANs

• WPA/WPA2 Enterprise (WPA-802.1X)

WPA2 Enterprise

• WPA2 Enterprise requires an 802.1x authentication

server or RADIUS server.

• We will use Ubuntu 11.10 in setting up FreeRADIUS

server, currently at version 2.1.

• To setup this lab, we need:

– Wireless AP supporting WPA2 Enterprise authentication.

– RADIUS server for 802.1x authentication.

– Wireless device for testing such as Laptop.

Installing FreeRADIUS

• To install FreeRADIUS from the command-line run the following

command:

• sudo apt-get install freeradius

• Once the installation is complete the next step is to verify the

authentication server is running.

• Before doing that edit the file /etc/freeradius/users and add the

following line:

• testuser Cleartext-Password := “testpassword”

• To test the FreeRADIUS server by querying it directly with requests:

• radtest testuser testpassword 127.0.0.1 1812

testing123

• You should see Access-Accept. If it is Access-Reject then there is a

problem. To check the log start FreeRADIUS in debug mode.

Configuring FreeRADIUS

• To configure FreeRADIUS for 802.1x authentication, you will need to

configure EAP setting. Edit the file /etc/freeradius/eap.conf and

modify the following line:

• default_eap_type = peap

• Configure FreeRADIUS to accept the AP as a client. Edit the file

/etc/freeradius/clients.conf. Add the following text to the bottom of the

file:

• client 192.168.1.1/24 { (IP address of AP)

• secret = test (shared password)

• shortname = default (the SSID of AP)

• }

• The last step is to restart the FreeRADIUS server :

• sudo /etc/init.d/freeradius restart

• To start FreeRADIUS in debug mode, stop it and run:

• freeradius -X

Configuring AP

• For client testing, you will need to configure the AP to send requests

to the IP address of RADIUS server .

• Use the testuser and testpassword values in the file /etc/freeradius/users to connect to WLAN from the laptop.

12PalGov © 2011

Thanks

Eng. Ghannam Aljabary