+ Post New Thread
Page 1 of 3 123 LastLast
Results 1 to 15 of 37
Wireless Networks Thread, Wireless ... Give me your brains in Technical; I wondered what everyone is doing to make sure their wireless networks are reliable and secure? Any preferences for b/g ...
  1. #1
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    34

    Wireless ... Give me your brains

    I wondered what everyone is doing to make sure their wireless networks are reliable and secure? Any preferences for b/g or a? Anyone using IAS and a PKI based RADIUS setup????

    Alternatively, any trustes suppliers/installers of wireless networks?

  2. #2

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,802
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Wireless ... Give me your brains

    WEP is pointless. As is MAC filtering. At a minimum use WPA. If your buying new kit look for WPA2.

    On the infrastructure end, if you have W2k3 then you can do everything there. Check out the whitepapers on the microsoft site. Otherwise consider recycling an old box as a Linux solution.

  3. #3
    metalmonkey
    Guest

    Re: Wireless ... Give me your brains

    I disagree with Geoff on the comment about MAC filtering being pointless. We've had unsecured 11mb wireless for years in certain areas and have now moved to 54mb secured. When we started setting it up about 5 months ago, we planned for full security + encryption.

    However, following many, oh so many hours of hair pulling, screaming, shouting and crying, we found the only solution that suited us was for MAC filtering.

    The biggest problem we found was our laptop rebuild turn around, along with user profiles. Our teachers laptops are RM notebooks but non-RM CC3 and we found the WPA and WEP security settings would often lose the security keys. Combined with us applying the right security key (quite litterally 3 people watching one person push a key every 3 seconds or so, confirming we entered it correctly) but the thing wouldn't accept it. After we gave up for the evening and left it, we came in the next morning to find it had suddenly gained access. (we arn't using cheap stuff either. We use HP gear)

    We also find that because teachers want to take laptops home, use home internet ect, it is our policy to have a domain profile and a local profile with linked/shared My Docs. Setting the keys twice per laptop, per user was just plain annoying and time consuming, especially for our staff when they already have domain access on their desktops so we'd have to change their passwords to setup their profile with the correct key.

    I'm sure there are ways around these issues I've listed, we found Mac filtering the best solution, as we no longer have to worry about security. We just use a bar code reader to enter the Mac address into the WAP's (though I admit, there are lots to do, but nothing copy and paste can't help with) when the laptops are purchased.

    My suggestion is to try them all and see what you prefer.

  4. #4

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    9,823
    Thank Post
    580
    Thanked 2,161 Times in 986 Posts
    Blog Entries
    23
    Rep Power
    627

    Re: Wireless ... Give me your brains

    Another problem whic is rapidly gaining in frequency is the sheer bloody-mindedness of some wi-fi chipsets in wanting to communicate with other manufacturers kit. I am seeing on almost a weekly basis now visitors trying in vain to join out wi-fi setup which uses WEP (unless someone is willing to sit outside your office all day capturing packets I wouldn't worry to much about security fears! I have 3 different manufacturers base-stations just to ensure some connectivity for them in the event of faffage (v. to faff).

  5. #5
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    34

    Re: Wireless ... Give me your brains

    Some interesting opinions. Has anyone actually set up the Microsoft reccomended methode using IAS as a RADIUS server with certificates for authentication? I downloaded a mountain of documentation from MS, but never found the time to read it.

  6. #6
    StewartKnight's Avatar
    Join Date
    Jun 2005
    Posts
    1,587
    Thank Post
    2
    Thanked 27 Times in 21 Posts
    Rep Power
    30

    Re: Wireless ... Give me your brains

    I guess I must have it easy, because all of this is overkill at my school. The walls are so thick that the radius is neglible, and on top of that, if you don't know the proxy address, you can't get on the network anyway. Am I being naive, or are you all being over cautious?

  7. #7

    Join Date
    Aug 2005
    Location
    Birmingham, UK
    Posts
    490
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Wireless ... Give me your brains

    Well ive got a bunch of Cisco kit, and so far it works with everything ive thrown at it, as for WPA, i have had the whole system running WPA with PEAP (via a RADIUS server) and it was totally seamless, the only downside being the client must have a cert before it can join the network, but i use group policy to deploy them at the end of a RIS. Sadly, not all my gear is 11g yet so i had to stop dreaming and turn off WPA for now, and am running unsecured at the moment

  8. #8
    tarquel's Avatar
    Join Date
    Jun 2005
    Location
    Powys, Mid-Wales, UK
    Posts
    1,740
    Thank Post
    13
    Thanked 44 Times in 34 Posts
    Rep Power
    29

    Re: Wireless ... Give me your brains

    wireless? whats that?

    lol

    seriously tho, currently no demand for wireless here, but will mac filter when the time comes as there wont be many laptops/desktops attached wirelessly and the locals would know how to packet capture, let alone do anything with the packets so that aint a prob

    cheers
    N.

  9. #9

    russdev's Avatar
    Join Date
    Jun 2005
    Location
    Leicestershire
    Posts
    6,918
    Thank Post
    708
    Thanked 550 Times in 365 Posts
    Blog Entries
    3
    Rep Power
    204

    Re: Wireless ... Give me your brains

    also good idea is fit timer sockets on the boxes so that they go off at night and in hols.....

    We have got wireless with wep and mac filtering but next week hopfuly going to look into securing it more befor going live to the laptops..

    russ

  10. #10

    russdev's Avatar
    Join Date
    Jun 2005
    Location
    Leicestershire
    Posts
    6,918
    Thank Post
    708
    Thanked 550 Times in 365 Posts
    Blog Entries
    3
    Rep Power
    204

    Re: Wireless ... Give me your brains

    ok is there anyway to laptops connecting to network via wireless access point to stop it picking up ips from dhcp server...

    russ

  11. #11
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    4,998
    Thank Post
    120
    Thanked 280 Times in 258 Posts
    Rep Power
    106

    Re: Wireless ... Give me your brains

    You can ipconfig /setclassid to set machines to a certain ID I believe. If you did this with your current machines with a startup script then left some kind of dummy scope for the ones not set.
    All off the top of my head btw so may not all be true

  12. #12

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    9,823
    Thank Post
    580
    Thanked 2,161 Times in 986 Posts
    Blog Entries
    23
    Rep Power
    627

    Re: Wireless ... Give me your brains

    I think some AP's have facilities to block certain services working through them. I'll check my Buffalo and D-Link kit for you tomorrow.

  13. #13

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,802
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Wireless ... Give me your brains

    I disagree with Geoff on the comment about MAC filtering being pointless.
    It takes about 5 seconds to dump traffic from an active AP and observe an 'authorised' MAC address. Windows generally doesn't offer the flexiblity to change you MAC address on the fly (some cards allow it via their drivers) but Linux, BSD, Mac OS X would not blink at such a request.

    Even more depressing, with a correctly configured Linux machine a malicious user can pretend to be the AP.

    wi-fi setup which uses WEP (unless someone is willing to sit outside your office all day capturing packets I wouldn't worry to much about security fears!)
    Try running Wepcrack or Airsnort against your AP's and see how long they last.

  14. #14
    tarquel's Avatar
    Join Date
    Jun 2005
    Location
    Powys, Mid-Wales, UK
    Posts
    1,740
    Thank Post
    13
    Thanked 44 Times in 34 Posts
    Rep Power
    29

    Re: Wireless ... Give me your brains

    Thanks geoff - every munchkin will be breaking everyones wifi neworks now lmfao

    N.

  15. #15

    Join Date
    Jul 2005
    Location
    51°44’45.75”N 2°13’57.28”W With 182ft Elevation
    Posts
    35
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Wireless ... Give me your brains

    Hi can i recommend very highly hp procurve kit including there power over ethernet kit we have been running it for about a year now. Hp is basically cheap cisco kit from what i can see, there networking kit for wired is great as well check it out.
    We also use 3 com kit as its very easy to configure and was in place before i arrived. The other kit for a good price that i would recommend is linksys which i use myself at home and is great kit for a great price.
    For protection well i use WPA-PSK TKIP which does the job for me but just remember this

    'no matter how secure you think something is the is always away around it all we/you can do it reduce the risk'

    this applys to anything not just wireless.

    NuttyGeek

SHARE:
+ Post New Thread
Page 1 of 3 123 LastLast

Similar Threads

  1. Anywhere TS - I give up
    By Kyle in forum Thin Client and Virtual Machines
    Replies: 5
    Last Post: 23rd May 2007, 12:24 PM
  2. Give My Boss A Gun...
    By indiegirl in forum General Chat
    Replies: 10
    Last Post: 27th May 2006, 03:50 PM
  3. Give it a name '06
    By ChrisC in forum Other Stuff
    Replies: 0
    Last Post: 28th April 2006, 11:41 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •