Sunday, 14 October 2018

Wi-Fi Password masking or Encryption using Windows Certificate.

Be the first to comment!



My intent of this post is to be a quick reference guide for setting up secure wireless networking using Microsoft Windows Server. It describes how to create an Certificate infrastructure for authentication, authorization, and accounting for wireless connections using Microsoft RADIUS Server (NPS) and Windows clients. Before going into the details of how to create the protected 802.1x network, let’s take a minute to understand the components of 802.1x.
 

What is 802.1x? 


802.1X is an IEEE Standard for Network Access. Authentication is the key part of the 802.1X Standard. There Will be three device participants in every 802.1X authentication.

Supplicant – Client Device.
Authenticator -  The device that controls the network access(port) and passes authentication messages to the authentication server.
Authentication Server – AAA-Compliant Authentication server.

  
How Radius Works?

Client Connects and starts the authentication process then WLC contacts RADIUS Server, Radius X.509 certificate presented to client and client validates the certificate. Post Validation a secure Tunnel is created and client transmits the credential via tunnel.
 
To Achive a secure certificate infrastructure  you will need the following roles to be installed in your Server:
1. Active Directory along with DNS.
2. Active Directory Certification Service.
3. Network Policy Server(NPS).


Installing Active Directory

Active Directory is where we store all the usernames in a central database. To install it we need to add a new role to the server.
In Microsoft Windows 2012 you can find the Server Manager available on Taskbar

Click on Server Manager > Add Roles and Features.

You will be presented with the following wizard. Before proceeding kindly make sure that Administrator Account  have Strong password and  Machine is configured with Static IP address. Click on Next.


You will be presented with the following wizard.    
Select Role Based or Feature based installation. Click on Next.



Check  Select Server from the Server Pool check box and click on Next.


Check Active Directory Domain Services  check box and click on Next.  




You will be prompted with a notification about adding the Remote Server Administration Tools. Click on Add Requires Features.



Click Next to continue.



Just have a Look on introduction about Active Directory Domain Services. Click Next to continue.



Click Next to confirm the installation process.

You will see the following screen where you have an option to select Restart Server automatically if required,  By selecting this option if server is pending for any updates it will restart automatically post installation of this service



Accept Yes and Click on Install to Start the installation.



Accept Yes and Click on Install to Start the installation.



Once installation completed you will be prompted with below screen. Click on Close.

Now you will see Exclamation Mark on Notification Flag which notifies the pending action,
Click on Promote this Server to Domain Controller.



Now you will be prompted with below Screen, Where you need to select the option Add a New Forest.



The FQDN (Fully Qualified Domain Name) of my forest root domain will be “ITINFRATECHS.COM”. Click Next to continue.

You will be presented with below screen, You can set DSRM Password and Click Next to continue.



You will be prompted with below warning screen.

This is to be expected, the wizard is trying to contact the name servers and is unable to create a delegation for the sub-domain.This is to be expected, the wizard is trying to contact the name servers and is unable to create a delegation for the sub-domain

Click OK and Next to Continue.



You can modify the your ADDS database, log files and SYSVOL Location hear and Click on Next to Continue.



Click on Next to Continue.

You will be prompted with Review Option where you can get the scripted configuration of installation.




Click on Next to Continue with Prerequisite Check

Prerequisite Check validates that the server configuration is capable of supporting a new AD DS and domain controller process cannot continue until all prerequisite tests pass. Prerequisites check may fail if you don’t have static IP or any issues with DNS. 


Click on Install to continue, You will be prompted with Installation screen.



Click on Close to complete the Installation, Server may restart to complete the Installation.Once the server is restarted you will have the server equipped with Active Directory and DNS.

Now we can create a security Group and Few Test users which we can use later to Validate the  Connectivity.

Go to Tools> Active Directory Users and Computers

Create a Group for Wi-Fi users
  
 


Create few user accounts namely test1,test2 and test3 and add them to Wi-Fi Users Group.




Congratulations!  We are now done with the AD Part, Before going to the Certificate Server Installation lets take a minute to understand the What is  SSL Certificate.

You will have to walk through the below link to know the Basics of SSL Certificate, How to Create a Radius Client Certificate. 

How to Create an SSL Certificate for Radius Authentication
 





 
 

 




 


 



 

 
 
 
 

 


 
 

Fahim Raza(Author)

Hi there! my name is Fahim Raza. I am a professional blogger. I like music(Linkin Park), playing games(football) and blogging...

No comments:

Post a comment