Bo mt WLAN bng RADIUS Server v WPA2

M U
Cng ngh khng dy l mt phng php chuyn giao t im ny n
im khc s dng sng v tuyn. Mng khng dy ngy nay bt ngun t nhiu
giai on pht trin ca thng tin v tuyn, nhng ng dng in bo v radio. Mc
du mt vi pht minh xut hin t nhng nm 1800, nhng s pht trin ni bt t
c vo k nguyn ca cng ngh in t v chu nh hng ln ca nn kinh t
hc hin i, cng nh cc khm ph trong lnh vc vt l. Cho n nay, mng
khng dy t c nhng bc pht trin ng k. Ti mt s nc c nn cng
ngh thng tin pht trin, mng khng dy thc s i vo cuc sng. Ch cn mt
laptop, PDA hoc mt phng tin truy nhp mng khng dy bt k, chng ta c
th truy nhp vo mng bt c ni u, trn c quan, trong nh, ngoi ng,
trong qun cafe, trn my bay v.v, bt c ni u nm trong phm vi ph sng ca
WLAN. Tuy nhin chnh s h tr truy nhp cng cng, cc phng tin truy nhp
li a dng, n gin, cng nh phc tp, kch c cng c nhiu loi, em li s
au u cho cc nh qun tr trong vn bo mt. Lm th no tch hp c
cc bin php bo mt vo cc phng tin truy nhp, m vn m bo nhng tin
ch nh nh gn, gi thnh, hoc vn m bo h tr truy cp cng cng v.v. Cng
chnh v l do ny m ti chn ti Bo mt WLAN bng RADIUS Server v
WPA2 cho kha lun ca mnh.
Trong phm vi kha lun ti s trnh by mt ci nhn tng quan v WLAN,
lch s pht trin, chun thc hin, mt s c tnh k thut, cc khuyn co v bo

Trang 2

Bo mt WLAN bng RADIUS Server v WPA2

mt, cc phng php bo mt vn c v cc gii php c ngh.
Trong sut thi gian thc hin kha lun tt nghip, ti nhn c s gip
, ch bo tn tnh ca thy c khoa CNTT, trng i hc Duy Tn. Vy cho
php ti c by t lng bit n su sc ti s gip . t bit ti xin chn
thnh cm n thy Nhuyn Gia Nh Trng Khoa CNTT, ngi trc tip
hng dn v to mi iu kin thun li gip ti hon thnh kha lun ny.
Qua y ti cng xin cm n gia nh v bn b to iu kin, gip v
ng vin ti hon thnh kha lun ng thi hn.
Kha lun ny c chia lm 4 chng:
Chng 1 Trnh by mt ci nhn tng quan v WLAN, cng ngh s dng,
cc chun, cc t tnh k thut v thc trng bo mt Wlan Vit Nam.
Chng 2 Trnh by v cc hnh thc tn cng Wlan ph bin hin nay nh:
Rogue Access point, De-Authentication Flood Attack, Fake Access point, tn
cng da trn s cm nhn lp vt l, Disassociation Flood Attack
Chng 3 Trnh by v cc gii php bo mt ph bin hin nay nh: Wep,
Wlan VPN, 802.1x, WPA, WPA2, Filtering v cc u nhc im ca
chng nh th no.
Chng 4 Trnh by v vic s dng RADIUS Server v WPA2 cho qu
trnh xc thc trong WLAN.
Trong qu trnh lm kha lun s khng trnh khi nhng thiu st. Rt
mong s gp kin ca qu thy c v bn b kha lun ny c hon chnh
hn.
Nng, ngy 09 thng 5 nm 2008

Trang 3

Bo mt WLAN bng RADIUS Server v WPA2

Sinh vin thc hin

ng Ngc Cng

Trang 4

Bo mt WLAN bng RADIUS Server v WPA2

MC LC
M U.................................................................................................................2
MC LC...............................................................................................................5
DANH MC CC HNH V..................................................................................8
DANH MC CC BNG BIU ..........................................................................11
DANH MC CC CM T VIT TT ..............................................................12
TI LIU THAM KHO......................................................................................16

CHNG 1. MNG CC B KHNG DY......................................................18

1.1 TNG QUAN V WLAN ...........................................................................18
1.1.1 Lch s hnh thnh v pht trin ............................................................18
1.1.2 u im ca WLAN .............................................................................19
1.1.3 Nhc im ca WLAN.......................................................................20
1.2 CC CHUN THNG DNG CA WLAN..............................................21
1.2.1 Chun IEEE 802.11b.............................................................................23
1.2.2 Chun IEEE 802.11a .............................................................................24
1.2.3 IEEE 802.11g........................................................................................24
1.2.4 Chun IEEE 802.11n.............................................................................25
1.2.5 So snh cc chun IEEE 802.11x ..........................................................27
1.3 CU TRC V CC M HNH WLAN ...................................................34
1.3.1 Cu trc c bn ca WirelessLAN.........................................................34

Trang 5

Bo mt WLAN bng RADIUS Server v WPA2

1.3.2 Cc thit b h tng mng khng dy.....................................................35
1.3.2 Cc m hnh WLAN .............................................................................40
1.4 THC TRNG V BO MT WLAN HIN NAY...................................43

CHNG 2. CC HNH THC TN CNG WLAN ........................................45

2.1 ROGUE ACCESS POINT ...........................................................................45
2.2 TN CNG YU CU XC THC LI ..................................................48
2.3 FAKE ACCESS POINT...............................................................................49
2.4 TN CNG DA TRN S CM NHN SNG MANG LP VT L 50
2.5 TN CNG NGT KT NI.....................................................................51

CHNG 3. CC GII PHP BO MT WLAN.............................................53

3.1 TI SAO PHI BO MT WLAN? ..........................................................53
3.2 WEP ............................................................................................................55
3.3 WLAN VPN ................................................................................................56
3.4 TKIP (TEMPORAL KEY INTEGRITY PROTOCOL)................................57
3.5 AES .............................................................................................................57
3.6 802.1X V EAP ..........................................................................................57
3.7 WPA (WI-FI PROTECTED ACCESS) ........................................................59
3.8 WPA2 ..........................................................................................................60
3.9 LC (FILTERING) .....................................................................................61
3.10 KT LUN ...............................................................................................65

Trang 6

Bo mt WLAN bng RADIUS Server v WPA2

CHNG 4. BO MT WLAN BNG PHNG PHP XC THC RADIUS
SERVER V WPA2 .............................................................................................67
4.1 GII THIU TNG QUAN ........................................................................67
4.1.1 Xc thc, cp php v kim ton ...........................................................68
4.1.2 S bo mt v tnh m rng...................................................................69
4.1.3 p dng RADIUS cho WLAN ..............................................................71
4.1.4 Cc ty chn b sung ............................................................................72
4.1.5 Chng ta s la chn my ch RADIUS nh th no l hp l? ............74
4.2 M T H THNG....................................................................................76
4.3 QUY TRNH CI T...............................................................................78
4.3.1 Bc 1: Ci DHCP................................................................................78
4.3.2 Bc 2: Ci Enterprise CA....................................................................78
4.3.3 Bc 3: Ci Radius ...............................................................................79
4.3.4 Bc 4: Chuyn sang Native Mode .......................................................79
4.3.5 Bc 5: Cu hnh DHCP .......................................................................80
4.3.6 Bc 6: Cu hnh Radius.......................................................................81
4.3.7 Bc 7: To users, cp quyn Remote access cho users v cho computer
.......................................................................................................................82
4.3.8 Bc 8: To Remote Access Policy.......................................................83
4.3.9 Bc 9: Cu hnh AP v khai bo a ch my RADIUS .......................85
4.3.10 Bc 10: Cu hnh Wireless Client......................................................86
4.4 DEMO .........................................................................................................89
KT LUN V HNG M ..............................................................................93

Trang 7

Bo mt WLAN bng RADIUS Server v WPA2

DANH MC CC HNH V

Hnh 1.1 Phm vi ca WLAN trong m hnh OSI .................................................15

Hnh 1.2 Logo Wi-fi.............................................................................................. 18
Hnh 1.3 Tc truyn ti so vi cc chun khc..................................................19
Hnh 1.4 Cu trc WLAN .....................................................................................22
Hnh 1.5 Access Points .........................................................................................25
Hnh 1.6 ROOT MODE ........................................................................................26
Hnh 1.7 BRIDGE MODE ....................................................................................27
Hnh 1.8 REPEATER MODE ...............................................................................27
Hnh 1.9 Card PCI Wireless ..................................................................................28
Hnh 1.10 Card PCMCIA Wireless .......................................................................28
Hnh 1.11 Card USB Wireless...............................................................................29
Hnh 1.12 M hnh mng AD HOC.......................................................................29
Hnh 1.13 M hnh mng c s .............................................................................30
Hnh 1.14 M hnh mng m rng ........................................................................31

Hnh 2.1 M hnh tn cng yu cu xc thc li ................................................35

Hnh 2.2 M hnh tn cng Fake Access Point ......................................................36
Hnh 2.3 M hnh tn cng ngt kt ni ............................................................... 37

Hnh 3.1 Truy cp tri php mng khng dy........................................................39

Hnh 3.2 M hnh WLAN VPN.............................................................................41

Trang 8

Bo mt WLAN bng RADIUS Server v WPA2

Hnh 3.3 M hnh hot ng xc thc 802.1x........................................................43
Hnh 3.4 Tin trnh xc thc MAC........................................................................46
Hnh 3.5 Lc giao thc..........................................................................................47

Hnh 4.1 M hnh xc thc gia Wireless Clients v RADIUS Server...................50

Hnh 4.2 Wireless Clients, AP v RADIUS Server................................................57
Hnh 4.3 Enterprise CA. ........................................................................................58
Hnh 4.4 Raise domain functional level................................................................. 59
Hnh 4.5 Kt qu cu hnh DHCP .........................................................................60
Hnh 4.6 Register Server in Active Directory ........................................................60
Hnh 4.7 Khai bo radius client .............................................................................61
Hnh 4.8 Active Directory Users and Computers...................................................62
Hnh 4.9 New Remote Access Policy. ...................................................................62
Hnh 4.10 Access mode l Wireless. ..................................................................63
Hnh 4.11 User or Group Access...........................................................................63
Hnh 4.12 EAP type .............................................................................................. 64
Hnh 4.13 Kt qu to Remote Access Policy........................................................64
Hnh 4.14 Cu hnh Access Point ..........................................................................65
Hnh 4.15 Wireless Network Connection Properties..............................................66
Hnh 4.16 Cu hnh Network Authentication v Data Encryption..........................66
Hnh 4.17 Cu hnh EAP type ...............................................................................67
Hnh 4.18 Kt qu sau khi ng nhp vo h thng ...............................................67
Hnh 4.19 Trng thi kt ni..................................................................................68

Trang 9

Bo mt WLAN bng RADIUS Server v WPA2

Hnh 4.20 Cc thng s c cp bi DHCP server nh IP, DNS server, Default
Gateway ............................................................................................................68
Hnh 4.21 Event Viewer........................................................................................69
Hnh 4.22 Information Properties ..........................................................................69

Trang 10