Purpose of the assessment (with ULO Mapping) The purpose of this assignment is to exercise and develop skills required to design secure wireless networks, addressing the need of clients.
In this assessment, students will be able to
- Analyse practical alternatives for how to build, protect and manage WLAN.
- Design a secure WLAN and utilise techniques to mitigate possible attacks.
- Solve complex problems in secure wireless network designs.
- Help enterprises to maintain and implement a secure wireless network.
- Contribute and cooperate with teams for implementing a secure wireless network.
1. Assignment Description:
Student need to form a group of two to three students. Then the group need to pick up one of below project on group interest. A group need to design a network according to given specification and submit a group report including individual group member's contribution in front page.Both project is designed and created by Dr Vinod Mirchandani.
Project I: Secure Hotspot Throughput Analysis in ShopEz Mall
You are employed as a Wireless Network Engineer by a leading shopping mall company called ShopEz to provide WLAN coverage for the planned hotspots inside the mall. You have the option to provide the hotspots in the mall by using only either the 802.11b or 802.11g WLAN Access Points (APs). Some of the hotspots are to provide Open access authentication while others need to provide shared key authentication to customers who pay a fee.
ShopEz mall wants to provide hotspot access from each of the APs with a minimum throughput of 1 Mbps in its coverage area. This minimum throughput would also be sufficient for the shoppers to gain access to multimedia services locally as well as over the Internet.
An important question that you need to study experimentally is to determine the variation in the average throughput experienced by the client device(s) vs distance in meters from the AP. In order, to get a good estimate of the throughput at different distances from the AP you need to measure the throughput in four different directions i.e. with client devices antenna directly in Line of Sight of the AP, the client devices antenna at 90 degrees (deg.) from AP, at 180 deg. from AP and at 270 deg. from the AP. The throughput needs to be measured for two different packet sizes i.e. 500 bytes and 1470 bytes.
As this is an indoor environment so the RF propagation characteristics also come into play. So, a proper choice of either the 802.11b or 802.11g available WLANs also needs to be made along with suitable antennas in the final network.
ShopEz mall is on a tight schedule and budget so you need to quickly create a small testbed using open source tools and software to measure the throughput vs range from AP. You have been told by the IT department of the mall that in the past they have used Iperf tool to emulate the generation of UDP network traffic and Wireshark to sniff the packets.
You should determine the throughput vs range in meters from the AP time for UDP traffic generated first for a packet size of 500 bytes and then 1470 bytes.
You need to repeat the above study for APs using a shared secure key and for the same two packet sizes and compare the results with the corresponding results obtained for open access authentication system. From the comparison of the results an important question that you need to analyse is if the throughput vs range performance is influenced by shared key authentication.
Note: You also need to undertake a serious literature research on tools, security equipment required and any issues that may arise.
You should address the following tasks in your report. You are required to perform detailed literature review on hardware/software, security and other issues.
Group member one:
- What in your opinion are the key factors that influence the performance of throughput in the above case study?
- Create and discuss the experimental setup for the performance measurement in the above case study with the help of figures.
- Create and discuss the Test plan with the help of Figures and tables to evaluate the throughput vs range performance. Provide adequate justifications for each step in the plan.
- List the networking, devices and software required including their costs.
Group member two:
- In your opinion what are the motivations for carrying out the performance study in the above scenario
- Research and explain the criteria on which you will select the WLAN in the above scenario i.e. 802.11b or 802.11g.
- Prepare the experimental setup of Group member one - Devices, software installations, proper allocation of IP addresses, frequencies and connections and the Testing of connectivity. Creation of UDP traffic type and its details such as packet size, data rates etc.
- Methodical measurement of performance and its tabulation for both the open access authentication and shared key case.
Group member three:
- Would a mesh network topology be suitable in the above scenario for a peer-to-peer or backhaul communications in the mall? Investigate the implications of using a mesh network.
- Discuss the scenario in which the test was conducted such as the height and orientation of devices, antenna types, floor plan with distances, show any obstructions, walls, distances between devices
- Document the work of Group members two and one and prepare a complete report in close consultation with members 1 and 2.
- Discuss also in the report in the following sections: executive summary, introduction, research/investigation related questions of Group members 1 and 2, research regarding mesh networks suitability and its implications in the above scenario, test and measurements (work of group members 1 and 2), major outcomes from the interpretation of the results, issues and any future tasks.
Project II: Pilot Project for Implementation of Wireless access network in Albert School
You are the technical consultant to the Education department of NSW that currently has 200 schools under its administration. Most of the schools are of similar type and requirements for example: have around 500 students per school, 50 staff, online education programs, video conferencing facility between staff members across different campuses.
Many of the schools do not have adequate wireless coverage Consider one such school in the NSW school system called Albert school that the NSW Education department wants to use it as a pilot project to provide cost effective wireless access.
In Albert school currently there is no provision for wireless access to the campus network and Internet. The students and staff have made repeated demands to the school principal to have wireless access to the Albert school network and Internet. As the school often gets visitors and parents so this will also allow them to gain access to the wireless network by using their own laptop computer. The school's principal also is eager to have a wireless network that should provide support for visitors and secure access to resources for the staff.
You have been assigned to help Albert school to have a wireless network and being a pilot project you will be making use of the experience that you will gain from it in other NSW schools as well. Some of the challenges that you face are with respect to the cost, security, vendor selection, implementation and performance.
One of the security issue faced by the school is that signal transmitted by the access point (AP) could also be transmitted outside the school building. This could then be used by hackers to gain access to the school internal network and resources. Another issue that may arise in the event of poor security measures is that the visitors to the school could access the resources of the staff. Rogue APs is also a concern to the school principal as well as the type of content accessed. The principal also wants the details of the student(s) who violate the school's policies with regards the usage policy to be immediately logged so that after auditing action can be taken against the offending student(s). Some of the students also use USB mobile broadband modem to bypass the school's network access control and content access policies. This may pose as a security risk as well.
The IT team of the Education department has recommended you to use the RADIUS server for authentication purposes in the school. The school principal wants you to create an experimental testbed to demonstrate its usefulness to him and the school staff.
You are also faced with the challenge of the architecture that you need to have for Albert school i.e. whether to have it distributed or centralised. Cost of the overall network including maintenance needs should be kept as low as possible because of the budgetry constraints of the Education department.
Apart from the RADIUS server demonstration you have to make several recommendations to the school for all aspects of the network.
Note: You also need to undertake a serious literature research on tools, security equipment required and any issues that may arise.
You should address the following tasks in your report. You are required to perform detailed literature review on hardware/software, security and other issues.
Group member one:
- Explain the different ways by which you could keep the costs low for the Albert school wireless network
- Explain the ways by which you could meet the security requirements of the school including preventing visitors from accessing the internal network of the school's staff.
- How would you restrict the range of the wireless signal so that it does not appear outside the school building? What are the advantages and disadvantages of your methods?
Group member two:
- Create and discuss the experimental setup for the RADIUS server authentication in the above case study with the help of figures.
- What type of architecture would you choose - Centralised or Distributed? Justify your answer.
- What type of tools would you use for implantation of the wireless network? Justify their selection.
Group member three:
- Explain your plan for the implementation of the school's wireless network with the help of a diagram.
- What recommendations you would make to the school's principal in providing cost effective coverage, antenna type, number of APs, minimising network drops, allocation of frequencies of the APs, signal measurement.
- Write a report that includes the following sections: executive summary, introduction, work of Group members 1 and 2, plan of your implementation along with figure, your recommendations and conclusions.