We now have about 10+ access points over our site and they are all unsecure. What would be the best way to secure them, the teachers all use them for their laptops. They are 3com OfficeConnect boxes of various speeds.
Printable View
We now have about 10+ access points over our site and they are all unsecure. What would be the best way to secure them, the teachers all use them for their laptops. They are 3com OfficeConnect boxes of various speeds.
WPA-EAP if your WAP's support it.
I've heard from a reliable source ;) that both WEP and WPA can be cracked with various tools readily available on t'internet. Dynamic WEP is probably best since it changes the key regularly enough to stop hackers getting the full key. However, I doubt your APs will support it. It's only the higher end of APs that do.
We are currently looking at putting flood fill wireless in the whole school. As well as looking at doing the job ourselves, we are getting some quotes from a few suppliers. One has come up with a fairly pricey system called Madge. But you can see why. All the APs have two radios in them. The APs connect to a central rackmount server where you can configure groups of APs with ease. If you get a new AP, you just plug it in, the server picks it up, and you add the AP to a pre-defined group. It immediately inherits all settings and is ready to go.
For security, you can use Mac-address filtering, dynamic WEP, and certificates. It will be lovely if the school can cough up the cash for all that!
Most decent APs support 802.1x (even old ones). This enables the use of a RADIUS server to authenticate computers onto the LAN using either certificates or a shared password.
Ive heard about RADIUS is it part of win server 2003 or something else?
Yes, you need to install it though. Its called 'Internet Access and Authentication Services'
@geoff
what is radius alt on linux and any good guides on setting it up
russ
A search of debian packages brings up "free radius" .
http://www.freeradius.org/
Then for setup, consult Linux Journal.
http://www.linuxjournal.com/article/8017
http://www.linuxjournal.com/article/8095
http://www.linuxjournal.com/article/8151
I had 10 Cisco AP1200s running WPA with radius, you will need to install a certificate authority with IAS so PEAP will work, it ran beautifully, shame most my clients dont support WPA yet :'(
Can anyone give some step by step talkthrough on using RADIUS to control wireless laptop access to the network
Thanks!
Assuming your using a Windows 2003 server, there's some white papers on the Microsoft site about it.
http://www.microsoft.com/windowsserv...i/default.mspx
If your using Linux, see my previous post above.
It will take you hours to get the point that it tell you to create some new certificate templates. These can only be created with Enterprise edition, I gave up at this point after about 6 hours. I only wanted to use a radius server for wpa2 :/Quote:
Originally Posted by Geoff
Then use the linux approach. Any old linux box can be used as a CA to generate your certs. Just install OpenSSL.
We just use MAC Addresses to authenticate, its a little unsettling to see 'unsecured network' plastered all over the laptopa, i was under the impression that this was because windows doesnt pick up on the MAC address security.
is this considered to be a secure setup or should we be looking at adding more measures to tighten things up?
Cheers
Dave