Announcement

Collapse
No announcement yet.

Wi-Fi Security Deployment: Options?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Wi-Fi Security Deployment: Options?

    Hi All,
    My first post on this forum. Let me give you the scenario. In a large office, full of 200 staffs, we would like to deploy WiFi security. Currently we are just using WEP and users can know their WEP key and SSID, we don't want to hide those details. But we would like to prevent any user connecting to the corporate WiFi/Lan without authorized machine (laptop, handheld etc). So what we need a certificate based authorization which will prevent any user connecting to the office WLAN/LAN with no certificate installed on their machine. Our system runs on Windows environment. Is there any good tutorial for that? Can you please point me to the right direction? Any other thoughts would be much appreciated.

    Thanks.

  • #2
    Re: Wi-Fi Security Deployment: Options?

    You might start here:
    http://www.microsoft.com/technet/sec....mspx?mfr=true
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Wi-Fi Security Deployment: Options?

      I would switch to WPA +MAC filtering. after that, in order to actually connect to the network, a secure VPN would be established over the wifi link, which will give access to the actual LAN
      ________
      DODGE CHALLENGER HISTORY
      Last edited by DYasny; 6th March 2011, 19:26.
      Real stupidity always beats Artificial Intelligence (c) Terry Pratchett

      BA (BM), RHCE, MCSE, DCSE, Linux+, Network+

      Comment


      • #4
        Re: Wi-Fi Security Deployment: Options?

        Originally posted by DYasny
        I would switch to WPA +MAC filtering.
        This might be the way to "secure" a home setup but not a 200 User business.

        What is wrong with droping in a RADIUS Server and securing it all with a certficate? One of, if not the largest wireless networks in the world uses this method and it is very secure. The RADIUS being used is customised Smoothwall version. The even share some of their improvements with the Linux Community.

        Oops, just read the link Dumber left. Didn't intend to double up on his post.
        Last edited by biggles77; 5th September 2008, 17:34. Reason: Added the oops line.
        1 1 was a racehorse.
        2 2 was 1 2.
        1 1 1 1 race 1 day,
        2 2 1 1 2

        Comment


        • #5
          Re: Wi-Fi Security Deployment: Options?

          Radius will be used for VPN authentication anyway.
          ________
          Hot box vaporizers
          Last edited by DYasny; 6th March 2011, 19:28.
          Real stupidity always beats Artificial Intelligence (c) Terry Pratchett

          BA (BM), RHCE, MCSE, DCSE, Linux+, Network+

          Comment


          • #6
            Re: Wi-Fi Security Deployment: Options?

            Mac filtering is too hard manage.
            Every machine with a wireless networkcard (eg notebook, smartphone, desktop) should be registered in every Wireless accesspoint.
            I wouldn't recommend this.
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment


            • #7
              Re: Wi-Fi Security Deployment: Options?

              Two things to consider about wireless security. Take note that these are only my opinions:

              1. MAC filtering is pointless as the MAC addresses of both the client and WAP are transmitted with every packet so anyone with a wireless sniffer can find these and spoof them.

              2. Not broadcasting the SSID is pointless as the SSID is also transmitted so again anyone with a wireless sniffer...

              Have a look here:

              http://www.wi-fiplanet.com/tutorials...le.php/3576541

              http://www.wi-fiplanet.com/tutorials...le.php/3572926

              Comment


              • #8
                Re: Wi-Fi Security Deployment: Options?

                1) agree
                2) agree


                So... Like I posted before... Use a radius server and certificates to authenticate
                Marcel
                Technical Consultant
                Netherlands
                http://www.phetios.com
                http://blog.nessus.nl

                MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                "No matter how secure, there is always the human factor."

                "Enjoy life today, tomorrow may never come."
                "If you're going through hell, keep going. ~Winston Churchill"

                Comment


                • #9
                  Re: Wi-Fi Security Deployment: Options?

                  Originally posted by Dumber View Post
                  1) agree
                  2) agree


                  So... Like I posted before... Use a radius server and certificates to authenticate
                  I can see your point. I agree that MAC filtering is simply impossible to manage for a large organization. Did any one deploy certificate based authentication before? Any good tutoria out there apart from the MS Technote? I belive with the certificate based authentication, it's easy to secure LAN as well?

                  Thanks guys for your inputs.

                  Comment


                  • #10
                    Re: Wi-Fi Security Deployment: Options?

                    Have you seen my first post in this topic?
                    Marcel
                    Technical Consultant
                    Netherlands
                    http://www.phetios.com
                    http://blog.nessus.nl

                    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                    "No matter how secure, there is always the human factor."

                    "Enjoy life today, tomorrow may never come."
                    "If you're going through hell, keep going. ~Winston Churchill"

                    Comment


                    • #11
                      Re: Wi-Fi Security Deployment: Options?

                      Originally posted by Dumber View Post
                      Have you seen my first post in this topic?
                      Yes I have, I wondered there might be more tutorials out there...but anyway MSTechnote is a good start...thanks for your heads up...appreciate it.

                      Comment


                      • #12
                        Re: Wi-Fi Security Deployment: Options?

                        Well,

                        You need to setup a CA (offline root and subordinate issuing ca's)
                        You need to autoenroll certificates (at least that is what I should do)
                        You need to setup a RADIUS/IAS server.
                        You need to connect the Accesspoints with the Radius server (pre-shared key)
                        You need to create A GPO to configure the Wireless environment.
                        Marcel
                        Technical Consultant
                        Netherlands
                        http://www.phetios.com
                        http://blog.nessus.nl

                        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                        "No matter how secure, there is always the human factor."

                        "Enjoy life today, tomorrow may never come."
                        "If you're going through hell, keep going. ~Winston Churchill"

                        Comment

                        Working...
                        X