BN303: Secure WLAN Design and Implementation Report - Semester 2
VerifiedAdded on 2025/05/04
|10
|1805
|72
AI Summary
Desklib provides solved assignments and past papers to help students succeed.
BN303
Wireless Networks and Security
Secured design of wireless LAN
Student Name:
Student ID:
Contents
Wireless Networks and Security
Secured design of wireless LAN
Student Name:
Student ID:
Contents
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Abstract.......................................................................................................................................................2
Introduction.................................................................................................................................................2
Analyse........................................................................................................................................................2
Design..........................................................................................................................................................5
Evaluation....................................................................................................................................................6
Conclusion...................................................................................................................................................8
References...................................................................................................................................................9
List of Figures
Figure 1: Network Diagram..........................................................................................................................5
Figure 2: Ping Test.......................................................................................................................................7
Figure 3: Wireless device.............................................................................................................................7
1
Introduction.................................................................................................................................................2
Analyse........................................................................................................................................................2
Design..........................................................................................................................................................5
Evaluation....................................................................................................................................................6
Conclusion...................................................................................................................................................8
References...................................................................................................................................................9
List of Figures
Figure 1: Network Diagram..........................................................................................................................5
Figure 2: Ping Test.......................................................................................................................................7
Figure 3: Wireless device.............................................................................................................................7
1
Abstract
To install the WLAN facilities with WPA/WPA2 security into a small university campus for the users,
students, and staff present into it. The network should be capable enough to survive all the attacks and
threats that may disturb the network performance. Area of the university includes classrooms, library,
and cafeteria. One of the important matters or concerns of the university is that the network setup
should fulfil a high data rate required by a wireless network with the feature of Authentication. Also,
implementing the IEEE 802.1X standard for security over a wireless or wired local network.
Introduction
This following report includes step by step explanation for implementing a Wireless and wired network
for University A. using the IEEE802.11x security using WPA or WPA2 for wireless services and a plan
which can be used to extend the preexisting network when the user of campus increases. It has a
proposed WLAN design and a technique to secure the network from all kinds of attacks. The new
proposed network supports all previous components which may belong to different vendors [1].
Analyse
Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access 2(WPA2) are the two safety certification
methods and protocols for security. Created by WIFI alliance, Theses protocols safeguard wireless
computer networks. Due to severe flaws discovered into earlier plan, Wired Equivalent Privacy (WEP),
the Alliance identified these new procedures.
In 2003, the WPA was also mentioned as the draft IEEE 802.11i standard. It was produced by Wi-Fi
Alliance as an appropriate pace in advance of the accessibility of the safer and extra complicated WPA2,
which was released in 2004 as popular steno for the complete IEEE 802.11i standard [2].
WPA
WPA was created to hold WEP's position. By updating the firmware Wireless NICs intended for WEP in
1999, WPA security measures can be introduced to these existing NICs. However, since APs or Wireless
access points required other added modifications than required on network cards, most APs formed
before 2003, APs doesn’t have the capability of further advancements to provide WPA services [3].
Nearly all IEEE 802.11i standards are implemented by the WPA protocol. WPA introduced the TKIP
(Temporal Key Integrity Protocol). WEP takes a 128-bit or 64-bit authentication key in use which has to
2
To install the WLAN facilities with WPA/WPA2 security into a small university campus for the users,
students, and staff present into it. The network should be capable enough to survive all the attacks and
threats that may disturb the network performance. Area of the university includes classrooms, library,
and cafeteria. One of the important matters or concerns of the university is that the network setup
should fulfil a high data rate required by a wireless network with the feature of Authentication. Also,
implementing the IEEE 802.1X standard for security over a wireless or wired local network.
Introduction
This following report includes step by step explanation for implementing a Wireless and wired network
for University A. using the IEEE802.11x security using WPA or WPA2 for wireless services and a plan
which can be used to extend the preexisting network when the user of campus increases. It has a
proposed WLAN design and a technique to secure the network from all kinds of attacks. The new
proposed network supports all previous components which may belong to different vendors [1].
Analyse
Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access 2(WPA2) are the two safety certification
methods and protocols for security. Created by WIFI alliance, Theses protocols safeguard wireless
computer networks. Due to severe flaws discovered into earlier plan, Wired Equivalent Privacy (WEP),
the Alliance identified these new procedures.
In 2003, the WPA was also mentioned as the draft IEEE 802.11i standard. It was produced by Wi-Fi
Alliance as an appropriate pace in advance of the accessibility of the safer and extra complicated WPA2,
which was released in 2004 as popular steno for the complete IEEE 802.11i standard [2].
WPA
WPA was created to hold WEP's position. By updating the firmware Wireless NICs intended for WEP in
1999, WPA security measures can be introduced to these existing NICs. However, since APs or Wireless
access points required other added modifications than required on network cards, most APs formed
before 2003, APs doesn’t have the capability of further advancements to provide WPA services [3].
Nearly all IEEE 802.11i standards are implemented by the WPA protocol. WPA introduced the TKIP
(Temporal Key Integrity Protocol). WEP takes a 128-bit or 64-bit authentication key in use which has to
2
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
be inserted statically on APs & equipment that can never be altered back again. TKIP uses a key for each
packet, which implies that a fresh 128-bit key for every packet is generated dynamically and hence
avoids the kinds of hits that have damaged WEP.
WPA involves Message Integrity Check mechanism that intends to avoid altering or resending of data
packets by an attacker. This substituted the WEP standard's cyclic redundancy check (CRC). CRC's had a
major defect in not providing the packets it processed with an adequately powerful information
integrity guarantee. To fix these issues, well-tested message encryption codes could be used, but in
order to be used, there was a need for further more computing on old and previous network cards. To
verify packet integrity, WPA utilizes a message integrity check algorithm called TKIP. It is deeper and
powerful compared to CRC, but somehow it still remains weak from the WPA2 algorithm. Developers
found one WPA defect comparable to earlier WEP flaws & the constraints of the MICHAEL (Message
integrity code hash feature), which collects the keystream from small packets for the spoofing purposes.
WPA2
WPA has been substituted by WPA2. The essential elements of IEEE 802.11i were introduced by WPA2,
which involves inspection and endorsement from Wi-Fi Alliance. It included, in particular, compulsory
assistance for Counter Mode CBC-MAC Protocol (CCMP), an encryption mode centred on Advanced
Encryption Standard (AES). Certification began in 2004. After March 13, 2006, all fresh machines
necessarily have to carry the Wi-Fi trademark using WPA2 accreditation [4].
Passwords
The password strength what makes WPA and WPA2 different from each other. WPA2 needs you to set
up a password that is longer than that required by WPA.
Business Considerations
WPA2 is available in two variants: WPA2-Enterprise and WPA2-Personal. The distinction resides in the
WPA2-Personal shared password. WPA or WPA2-Personal should not be used by corporate Wi-Fi. The
Enterprise edition removes the shared password and gives each worker and unit distinctive attributes
instead. This prevents the business from harm that could be done by an employee who might be leaving
the company
Limitations of WPA2
3
packet, which implies that a fresh 128-bit key for every packet is generated dynamically and hence
avoids the kinds of hits that have damaged WEP.
WPA involves Message Integrity Check mechanism that intends to avoid altering or resending of data
packets by an attacker. This substituted the WEP standard's cyclic redundancy check (CRC). CRC's had a
major defect in not providing the packets it processed with an adequately powerful information
integrity guarantee. To fix these issues, well-tested message encryption codes could be used, but in
order to be used, there was a need for further more computing on old and previous network cards. To
verify packet integrity, WPA utilizes a message integrity check algorithm called TKIP. It is deeper and
powerful compared to CRC, but somehow it still remains weak from the WPA2 algorithm. Developers
found one WPA defect comparable to earlier WEP flaws & the constraints of the MICHAEL (Message
integrity code hash feature), which collects the keystream from small packets for the spoofing purposes.
WPA2
WPA has been substituted by WPA2. The essential elements of IEEE 802.11i were introduced by WPA2,
which involves inspection and endorsement from Wi-Fi Alliance. It included, in particular, compulsory
assistance for Counter Mode CBC-MAC Protocol (CCMP), an encryption mode centred on Advanced
Encryption Standard (AES). Certification began in 2004. After March 13, 2006, all fresh machines
necessarily have to carry the Wi-Fi trademark using WPA2 accreditation [4].
Passwords
The password strength what makes WPA and WPA2 different from each other. WPA2 needs you to set
up a password that is longer than that required by WPA.
Business Considerations
WPA2 is available in two variants: WPA2-Enterprise and WPA2-Personal. The distinction resides in the
WPA2-Personal shared password. WPA or WPA2-Personal should not be used by corporate Wi-Fi. The
Enterprise edition removes the shared password and gives each worker and unit distinctive attributes
instead. This prevents the business from harm that could be done by an employee who might be leaving
the company
Limitations of WPA2
3
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Many routers can provide both WPA2 and Wi-Fi Protected Setup as a distinct function. WPS is intended
to simplify the method of setting up safety for the home network; its usefulness is significantly limited
by faults in how it was performed.
Sometimes WPA and WPA2 interfere with each other if both are simultaneously activated on a router
and can trigger link errors to the customer. WPA2 use in network reduces the network connection
efficiency owing to the additional encryption and decryption processing burden.
Use of 802.1X for wireless security
WEP (Wired Equivalent Privacy): This protocol is not in use in business or enterprise networks. Now
many Wireless LAN suppliers have become dependent on IEEE 802.1X standard for the authentication
and security for their wireless and wired networks. One of the distinct and unique features we get from
802.1x is Interoperability.
802.1X authentication lessens the risks associated with WEP use. A big issue arises in WEP is the
duration of Keys & the point that they are well-known and between different users. Each node could
have a distinctive WEP key for each meeting with 802.1X. Wireless Access Points (acting as
Authenticator here) may also very commonly choose to alter the WEP key, like after 1000 frames or 10
minutes. 802.1X does not ensure enhanced safety.
An authenticator, for instance, may never alter the key given to each supplicant. Or, the network
supervisor may pick a technique of authentication that does not enable WEP keys to be distributed.
802.1X is capable of giving up a mechanism for a network manager to implement and design a safer
WLAN
However, 802.1X provides the ability to design and execute a safer WLAN.
802.1x Authentication
When a client from internet side logs into a WPA2-PSK or WPA-PSK or network (preselected key), then
the authentication takes place when the customer provides up to the right password / security key for
accessing this network. This enables the user to enter, work and possibly regulate the network without
any right identification. As the number of WiFi user increases, it becomes nearly difficult to know
precisely who utilizes your network (or who knows the credentials of your network).
4
to simplify the method of setting up safety for the home network; its usefulness is significantly limited
by faults in how it was performed.
Sometimes WPA and WPA2 interfere with each other if both are simultaneously activated on a router
and can trigger link errors to the customer. WPA2 use in network reduces the network connection
efficiency owing to the additional encryption and decryption processing burden.
Use of 802.1X for wireless security
WEP (Wired Equivalent Privacy): This protocol is not in use in business or enterprise networks. Now
many Wireless LAN suppliers have become dependent on IEEE 802.1X standard for the authentication
and security for their wireless and wired networks. One of the distinct and unique features we get from
802.1x is Interoperability.
802.1X authentication lessens the risks associated with WEP use. A big issue arises in WEP is the
duration of Keys & the point that they are well-known and between different users. Each node could
have a distinctive WEP key for each meeting with 802.1X. Wireless Access Points (acting as
Authenticator here) may also very commonly choose to alter the WEP key, like after 1000 frames or 10
minutes. 802.1X does not ensure enhanced safety.
An authenticator, for instance, may never alter the key given to each supplicant. Or, the network
supervisor may pick a technique of authentication that does not enable WEP keys to be distributed.
802.1X is capable of giving up a mechanism for a network manager to implement and design a safer
WLAN
However, 802.1X provides the ability to design and execute a safer WLAN.
802.1x Authentication
When a client from internet side logs into a WPA2-PSK or WPA-PSK or network (preselected key), then
the authentication takes place when the customer provides up to the right password / security key for
accessing this network. This enables the user to enter, work and possibly regulate the network without
any right identification. As the number of WiFi user increases, it becomes nearly difficult to know
precisely who utilizes your network (or who knows the credentials of your network).
4
Changing our password frequently to avoid the non-needed users from our network is also inefficient
and difficult, and not suitable for large networks with more number of users. If you are a company or
institution offering port security (governs which devices can enter a network depending on the device's
MAC address), safety issues still occur.
802.1x Authentication solves problems with port security or password procedures by requiring the user
to be authenticated irrespective of the unit. For this purpose, we suggest using these AAA
Authentication, Authorization and Accounting (frameworks) as a normal measure for business and
professional settings.
Design
Figure 1: Network Diagram
Devices
We have set up a network that may have some users that are connected through the Wired network
and others through wireless networks.
5
and difficult, and not suitable for large networks with more number of users. If you are a company or
institution offering port security (governs which devices can enter a network depending on the device's
MAC address), safety issues still occur.
802.1x Authentication solves problems with port security or password procedures by requiring the user
to be authenticated irrespective of the unit. For this purpose, we suggest using these AAA
Authentication, Authorization and Accounting (frameworks) as a normal measure for business and
professional settings.
Design
Figure 1: Network Diagram
Devices
We have set up a network that may have some users that are connected through the Wired network
and others through wireless networks.
5
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
The network can deal up to provide the network connection between over 3000 users. For that
purpose, the network address of 172.16.0.0/16 is taken, so that the network can meet the
requirement of minimum users (although it can provide a much no of valid IP addresses). Taking this
network address will also help in the future expansion of the network.
Below are the devices which are present into the proposed network diagram
1. Router: As we all know, routers will provide us with the mechanism to connect the two or more
than two different networks so that the packets or data can be shared between networks. It has
been configured with the DHCP server mechanism so that there will not need to statically assign
the IP Addresses to the PCs and other IP enabled devices.
2. Modem or APs: Modem or Access points will provide the wireless services into the network. This
wireless service can be used by the guest users as well as the inside users of the network. This
service is what mainly required in the project. For security purposes, we can implement secure
authentication access mechanisms like WPA or WPA2. After this user will have to enter a key for
using the WiFi services.
3. PC or Laptops: The PC and laptops can be connected to network using their internet adapters or
often called as NICs.
4. Wireless devices: devices such as Laptops, Smartphones, Tabs etc.
5. A physical medium through wires and cables: The physical medium will allow the core
connectivity of devices like router, switch and modem.
Evaluation
The above-proposed diagram meets the requirements of the university.
It can provide ability for connection between 3000 users and even more than that
The Wireless network uses the WPA2-PSK mechanism for the authentication mechanism of the
users who could be either a guest or local user.
Users connected over a wired network can successfully communicate with each other. Below is a
sample screenshot of the output. We can see that one of the PC tries to communicate to another
then the successful communication is taking place.
6
purpose, the network address of 172.16.0.0/16 is taken, so that the network can meet the
requirement of minimum users (although it can provide a much no of valid IP addresses). Taking this
network address will also help in the future expansion of the network.
Below are the devices which are present into the proposed network diagram
1. Router: As we all know, routers will provide us with the mechanism to connect the two or more
than two different networks so that the packets or data can be shared between networks. It has
been configured with the DHCP server mechanism so that there will not need to statically assign
the IP Addresses to the PCs and other IP enabled devices.
2. Modem or APs: Modem or Access points will provide the wireless services into the network. This
wireless service can be used by the guest users as well as the inside users of the network. This
service is what mainly required in the project. For security purposes, we can implement secure
authentication access mechanisms like WPA or WPA2. After this user will have to enter a key for
using the WiFi services.
3. PC or Laptops: The PC and laptops can be connected to network using their internet adapters or
often called as NICs.
4. Wireless devices: devices such as Laptops, Smartphones, Tabs etc.
5. A physical medium through wires and cables: The physical medium will allow the core
connectivity of devices like router, switch and modem.
Evaluation
The above-proposed diagram meets the requirements of the university.
It can provide ability for connection between 3000 users and even more than that
The Wireless network uses the WPA2-PSK mechanism for the authentication mechanism of the
users who could be either a guest or local user.
Users connected over a wired network can successfully communicate with each other. Below is a
sample screenshot of the output. We can see that one of the PC tries to communicate to another
then the successful communication is taking place.
6
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Figure 2: Ping Test
We have put down some wireless devices which are successfully making their connectivity with the
wireless device present into the campus. This is possible only after the users on those wireless
devices provide the correct password and hence a successful authentication.
Figure 3: Wireless device
7
We have put down some wireless devices which are successfully making their connectivity with the
wireless device present into the campus. This is possible only after the users on those wireless
devices provide the correct password and hence a successful authentication.
Figure 3: Wireless device
7
Conclusion
This proposed diagram and network system implementation can successfully meet the required network
connection services.
8
This proposed diagram and network system implementation can successfully meet the required network
connection services.
8
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
References
[1] Hayajneh, T., Ullah, S., Mohd, B.J. and Balagani, K.S., 2015. An Enhanced WLAN Security System with
FPGA Implementation for Multimedia Applications. IEEE Systems Journal, 11(4), pp.2536-2545.
[2] Al Mamun, M.S., Funabiki, N., Lwin, K.S., Islam, M.E. and Kao, W.C., 2017. A channel assignment
extension of active access-point configuration algorithm for elastic WLAN system and its implementation
using Raspberry Pi. International Journal of Networking and Computing, 7(2), pp.248-270.
[3] Amewuda, A.B., Katsriku, F.A. and Abdulai, J.D., 2018. Implementation and Evaluation of WLAN
802.11 ac for Residential Networks in NS-3. Journal of Computer Networks and Communications, 2018.
[4] Yoon, J.H., 2017. A Design and Implementation of Dual-band Monopole Antenna with two arc-
shaped line for WLAN applicaiton. The Journal of the Korea institute of electronic communication
sciences, 12(6), pp.1049-1056.
9
[1] Hayajneh, T., Ullah, S., Mohd, B.J. and Balagani, K.S., 2015. An Enhanced WLAN Security System with
FPGA Implementation for Multimedia Applications. IEEE Systems Journal, 11(4), pp.2536-2545.
[2] Al Mamun, M.S., Funabiki, N., Lwin, K.S., Islam, M.E. and Kao, W.C., 2017. A channel assignment
extension of active access-point configuration algorithm for elastic WLAN system and its implementation
using Raspberry Pi. International Journal of Networking and Computing, 7(2), pp.248-270.
[3] Amewuda, A.B., Katsriku, F.A. and Abdulai, J.D., 2018. Implementation and Evaluation of WLAN
802.11 ac for Residential Networks in NS-3. Journal of Computer Networks and Communications, 2018.
[4] Yoon, J.H., 2017. A Design and Implementation of Dual-band Monopole Antenna with two arc-
shaped line for WLAN applicaiton. The Journal of the Korea institute of electronic communication
sciences, 12(6), pp.1049-1056.
9
1 out of 10
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.