Assessment Details and Submission Guidelines Trimester T1 2017 Unit Code BN303 Unit Title Wireless Network Security Assessment Type Group Submission Assessment Title Analysis and Design of a Secured Wireless LAN Purpose of the assessment (with ULO Mapping) c. Design a secure WLAN and utilise techniques to mitigate possible attacks. d. Install, configure, and maintain secure WLAN Controllers (WLCs) and Bluetooth devices for an organization. e. Solve complex problems in secure wireless network designs. f. Provide descriptions of wireless router configuration and implementation Weight 15% Total Marks 50 Word limit Maximum 2500 Due Date End of 11th week Mid night 4th of June 2017. Submission Guidelines All work must be submitted on Moodle by the due date along with a completed Assignment Cover Page. The assignment must be in MS Word format, 1.5 spacing, 11-pt Calibri (Body) font and 2 cm margins on all four sides of your page with appropriate section headings. Reference sources must be cited in the text of the report, and listed appropriately at the end in a reference list using IEEE referencing style. Extension If an extension of time to submit work is required, a Special Consideration Application must be submitted directly to the School's Administration Officer, in Melbourne on Level 6 or in Sydney on Level 7. You must submit this application three working days prior to the due date of the assignment. Further information is available at: http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/specialconsiderationdeferment Academic Misconduct Academic Misconduct is a serious offence. Depending on the seriousness of the case, penalties can vary from a written warning or zero marks to exclusion from the course or rescinding the degree. Students should make themselves familiar with the full policy and procedure available at: http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/Plagiarism-Academic-Misconduct-Policy-Procedure. For further information, please refer to the Academic Integrity Section in your Unit Description. Assignment Description: 802.1x based Wireless network for authentication and authorisation at Vancouver State University (VSU), Canada. The 4000 students and 400 faculty and staff at Vancouver State University (VSU) live and learn in one of the most beautiful places on earth i.e. Vancouver, BC in Canada. What is not always so pretty, especially for the university’s small IT team, is the deployment of new campus-wide technology projects. Our IT team constantly assesses the latest technology to help protect the campus network and its 4,400 users. With the goal of continuously improving network security, we sought to add greater authentication and authorization to campus resources through the deployment of 802.1X access control. The challenge was finding the right solutions to best facilitate ease of deployment and limit disruption of service to our users. A key driver for this security upgrade was the fact that VSU’s open wireless network could easily be accessed by anyone on or near the campus. Our CTO, John O’conor, challenged the IT team to find a solution that worked with our existing infrastructure and was cost effective. The idea was to terminate the evil wishes of any potential hackers. In addition to the obvious hazards of having anyone and any machine connect to the network, another big issue was being able to capture important information about the wireless users accessing the campus network. Previously, the team had no way of knowing who was on the network, or how the network was being utilized. For example, it is important to identify users who might be doing something inappropriate using network resources. All VSU, Vancouver students are required to sign an honor code of conduct. If someone violates a conduct policy, such as downloading inappropriate material, the IT team needed a way to identify the student as required by the Honor Code Office. With no way to identify users, reporting violators was next to impossible. To address these issues, the team wanted to first secure the wireless network, with the long term goal being to authenticate users on the wired network as well. They decided the best way to do this was to deploy 802.1X authentication, which is the IEEE Standard for port based Network Access Control. This would provide a more secure authentication mechanism for approved users and devices attempting to connect to the network. Since VSU–Vancouver’s network is made up of a mixture of 240 access points from Cisco and Xirrus, a key best practice for the 802.1X capability to function properly was to select a new authentication solution that worked in this multi-vendor environment. The objective of this assignment is to implement 802.1 x authentication for VSU’s wireless network. Best practices for deploying 802.1X should start with a well thought out plan that includes, but is not limited to, the following considerations: Do your wireless and wired networking devices support 802.1X? Will you have the ability to use your existing identity stores? The AAA/NAC platform should support multi-vendor environments The solution should include a way to easily configure 802.1X variables in a variety of user devices (Windows, Mac OS, Linux) Creating and testing policies should be easy to use and streamline processes The AAA/NAC platform should support a variety of user and device authentication methods Visibility and troubleshooting tools should be included The AAA/NAC platform should provide guest access management and multiple sponsor roles Find a vendor that shares in your goals Requirements Design the network as specified in the above scenario from scratch. You have to submit a group report and specify each individual group member’s contribution on the front page. You should address the following tasks in your report: For this assignment, you need to complete the following tasks: Design the wireless network of VSU according to given specification in the given case study (In this design you will plan a design for the network and frame that using software with configuration details. Diagrams can be designed using MS Visio or any other available network design software). Detail all the security requirements for wireless network of VSU-Vancouver stated in the case study. Expand further on 802.1x authentication mechanism required wireless network of VSU Report, step by step procedure of implementing 802.1x for VSU wireless network. All group members: Use the prepared report and implement 802.1x for demonstration. The implementation should be appropriate for VSU wireless network. (For demo only you can just use one access point so that a client can connect to the wireless network using 802.x). Write a report that includes the following sections: executive summary, introduction, work of Group members 1 and 2, plan of your implementation along with figure, your recommendations and conclusions. Marking criteria: Example of marking criteria is shown in following table. Marks are allocated as follows: Note: The marking criteria varies for each assignment Section to be included in the report Description of the section Marks Introduction Outline of the report ( in 3-4 sentences) 5 Identification Identify 2 important issues 10 Analyse Analyse above identified issues 10 Design Write design part of the proposed solution 10 Evaluate/justification Evaluate your proposed solutions and write justification of your evaluation 5 Conclusion Write summary of the report 5 Reference style Follow IEEE reference style 5 Total 50 Example Marking Rubric for Assignment #: Total Marks 50 Note: The marking rubrics varies for each assignment Grade Mark HD 40-50 DI 35-44 CR 30-34 P 25-29 Fail <25 Excellent Very Good Good Satisfactory Unsatisfactory Introduction /5 All topics are pertinent and covered in depth. Ability to think critically and source material is demonstrated Topics are relevant and soundly analysed. Generally relevant and analysed. Some relevance and briefly presented. This is not relevant to the assignment topic. Identification /10 Demonstrated excellent ability to think critically and sourced reference material appropriately Demonstrated excellent ability to think critically but did not source reference material appropriately Demonstrated ability to think critically and sourced reference material appropriately Demonstrated ability to think critically and did not source reference material appropriately Did not demonstrate ability to think critically and did not source reference material appropriately Analyse /10 Logic is clear and easy to follow with strong arguments Consistency logical and convincing Mostly consistent logical and convincing Adequate cohesion and conviction Argument is confused and disjointed Design /10 All elements are present and very well integrated. Components present with good cohesive Components present and mostly well integrated Most components present Proposal lacks structure. Evaluate/justification /5 Excellent use of creditable sources. Accurate referencing. Obvious that outstanding effort made Extremely good effort Good effort made but not outstanding Made some effort. For example, Web searches only Very little attempt to reference. Lazy effort with inaccuracies Conclusion /5 Logic is clear and easy to follow with strong arguments Consistency logical and convincing Mostly consistent logical and convincing Adequate cohesion and conviction Argument is confused and disjointed Reference style /5 Clear styles with excellent source of references. Clear referencing style Generally good referencing style Sometimes clear referencing style Lacks consistency with many errors