Securing Wireless Local Area Networks with GoC PKI
NRNS INC OTTAWA (ONTARIO)
Pagination or Media Count:
Defence RD Canada led a project in which a wireless virtual private networking VPN architecture was set up in a test bed in the Network Information Operation NIO lab for 802.11abg communications. The goal of this initial work was to aid in developing a security policy for use of wireless local area networks WLAN in government enterprise networks. This report presents the results of follow-on work that leverages the Government of Canada GoC Public Key Infrastructure PKI technology for strong authentication of wireless users as well VPN users. The solution presented herein relies on the latest wireless security protocols to secure the wireless link and includes an Internet Protocol Security IPsec based VPN to achieve a greater level of assurance for more sensitive GoC network environments. The work focuses on the establishment and protection of digital identities, mutual authentication, authorization, data privacy and integrity, as well as wireless network policy management and dissemination. We conclude that the Wi-Fi Protected Access 2 WPA2 when operating in enterprise mode and combined with GoC PKI issued certificates and wireless network policy managed through Windows group policies, is an acceptable solution for providing authenticatedsecure WLAN access to GoC protected environments. We also conclude that layering IPsec security on top of WPA2 adds complexity without providing additional assurance against unauthorized WLAN access. While testing the proposed solution, difficulties were encountered integrating the IPsec VPN component of the wireless VPN within an enterprise Microsoft Windows environment.
- Computer Systems
- Radio Communications