CQUniversity: Technology Implementation of Security Controls

Verified

Added on 2023/06/05

AI Summary

This case study focuses on the technology implementation of security controls, specifically addressing the deployment of a RADIUS server for managing client authentication and authorization within a university network. It details the importance of implementing a RADIUS server alongside a network policy server for managing user authentication and wireless network connections. The study outlines planning guidelines for configuring the NPS, including RADIUS client planning, authentication method selection, network policy planning, and NPS accounting planning. It emphasizes the need for Wi-Fi access points supporting WPA enterprise security and client-end hardware compatibility. The document also discusses the use of EQAP-TLS authentication with X.509 certificates and the configuration of a Clear Box server for EAP-TLS and PEAP authentication, referencing relevant research and standards for network security.

Technology Implementation of Security Controls
Name of the Student
Name of the University
Author’s Note
*Networks and Information Security Case study – Copyright 2018 © Edilson Arenas - CQUniversity

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Resources Used
It is important to implement a RADIUS server for the administration of the client
implementing and validating the client for approving them to access the system resources of
the first national university network. The RADIUS server is used for the management of the
authorization and the authentication of the user and connecting them with the wireless
network of the university.
For the deployment of the RADIUS server a network policy server should be deployed and
the request of connection for the local domain should be used for creating a trust. The
planning guidelines are used management of the connection request and forwarding to the
trusted and untrusted domains.
For the deployment of the RADIUS server the following guidelines should be followed such
as:
Creation of plan for the configuration of the NPS
 Planning for RADIUS client – It should be decided that which domain is selected for
making the NPS a member of the group. For the development of a multiple domain
environment credentials should be used for the user account. For the determination of
the membership of the domain the server is configured with the RADIUS client with
the use of RADIUS protocols.
 Planning for using the method of authentication – The RADIUS port should be
analysed and the default UDP port should be set to 1812 and 1645 for sending the
authentication message and the port 1813 and 1646 s used for RADIUS accounting
messages.
 Network policy planning – The switches and the access point should be able to
802.1X authentication and different protocol such as EAP, PEAP should be used for
testing basic interoperability for the PPP connection for the management of the
wireless access point. The use of peer to per based authentication can hep in testing
the network for the management of the access of the network.
 NPS accounting planning – It supports certificate based and password based methods
of authentication. Different authentication methodology can be used for the
management of the network access and it can be used for wireless and VPN access for
the first national university and the remote clients.
Requirement for wireless applications
Access Points
A Wi Fi access point should be deployed that have support for WPA enterprise security and it
has become a standard for the recently developed wireless access point. The WPA supported
by the access point is used for supporting the authentication request to the RADIUS server
and the device should be implemented after analysing the compatibility of the device.
Clients
The Wi-Fi hardware installed at the client end should have support for WPA such that it is
compatible to connect with the wireless network.
Software support should be available for the operating system and open source and
commercial software should be available.
*Networks and Information Security Case study – Copyright 2018 © Edilson Arenas - CQUniversity

EQAP-TLS authentication is used at the client end for the installation and X.509 certificate is
used and the existing certificate should be utilized for the creation of a certificate that is self-
signed.
Server Certificates
A clear Box server should be used and configured with the certificate such that it can perform
EAP-TLS and PEAP authentication. The existing certificate authority can be used for getting
the certificate or commercial CA can be used for purchasing a new certificate.
*Networks and Information Security Case study – Copyright 2018 © Edilson Arenas - CQUniversity

Bibliography
Bierman, A. and Bjorklund, M., 2018. Network Configuration Access Control Model (No.
RFC 8341).
Hartman, S., 2016. Larger Packets for RADIUS over TCP (No. RFC 7930).
Maslov, A.E., Katuntsev, S.L. and Maliavko, A.A., 2017, June. Study and implementation of
authentication mechanism by RADIUS-server in switches and routers using NETCONF
protocol. In Micro/Nanotechnologies and Electron Devices (EDM), 2017 18th International
Conference of Young Specialists on (pp. 111-114). IEEE.
Park, J. and Jung, S., 2017, August. Shared secret key update scheme between RADIUS
server and access point using PUFs. In Computer Applications and Information Processing
Technology (CAIPT), 2017 4th International Conference on(pp. 1-5). IEEE.
*Networks and Information Security Case study – Copyright 2018 © Edilson Arenas - CQUniversity