Small office and Wireless security..which method is best?

Small office and Wireless security..which method is best?
NewsGroups | Search | Tools
User Password
Register Now! Lost Password?
 comp.dcom.sys.cisco  Post an article  get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content  add this group's latest topics to your Google content  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
Small office and Wireless security..which method is best? rjmnyc 05-20-2006
Posted by on May 20, 2006, 10:56 am
If you were  Registered and logged in, you could reply and use other advanced thread options

I work for a small company (50 computers) and they purchased a Cisco
aironet 1231AG. Only 5 laptops will be configured for wireless access
to our LAN and to the Internet. We have server 2003 and the laptops
will run windows 2000 and xp. I've read that EAP-TLS or PEAP-TLS offer
the most security but it seems like a lot of work for 5 laptops. Is
there an easier way to get a high level of security without
certificates? or just an easier way in general?


Posted by Merv on May 20, 2006, 12:31 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
check out EAP-FAST


see EAP_FAST Deployment Guide
http://www.cisco.com/application/pdf/en/us/guest/products/ps4076/c1067/ccmigration_09186a00802623a2.pdf




see "Configuring an Access Point as a Local Authenticator"


also you could just start with MAC address security where you restrict
wirless access based on the wirless NIC MAC address in the 5 PC's

see http://www.cisco.com/warp/public/114/accesspt.pdf


Posted by Gary on May 20, 2006, 1:01 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

rjmnyc wrote:

> I've read that EAP-TLS or PEAP-TLS offer
> the most security but it seems like a lot of work for 5 laptops. Is
> there an easier way to get a high level of security without
> certificates? or just an easier way in general?

Yes. I would suggest using WPA2 PSK (pre-shared key) aka WPA2 Personal. It
uses a pre-shared passphrase that can be very long plus it uses AES
encryption. I use this at home where I've got 3-5 mobile devices but at
the office I've deployed PEAP with WPA2 for 50+ mobile users who can now
sign on to the WLAN with their Active Directory credentials. We're using
the former Airespace line of Cisco products but I'll assume that Cisco's
other wireless gear includes WPA2 PSK in addition to a multitude of
enterprise options.

http://www.wi-fi.com/knowledge_center/wpa2/

-Gary

Posted by Merv on May 20, 2006, 2:08 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
So along with other poster suggestions, summary of options:

1. MAC address filter
2. WPA2 with pre-shared key with/without MAC address filter
3. LEAP with local RADIUS authentication on AP
4. EAP-FAST with local RADIUS authentication on AP


Posted by on May 20, 2006, 3:45 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
First of all, thanks for the responses. I'm going into the office
tomorrow to do this so I'm really glad I have some responses to get me
started. I'm telneted into the Aironet via VPN right now and I'm
looking at the settings for EAP-FAST. The only question I have now is
which hardware and operating systems will support EAP-FAST. It sounds
like it is built into Windows 2000 SP4 and Windows XP, but does that
mean the wireless network adapter does not play a role in
compatibility? or is EAP-FAST only supported by certain wireless
adapters?

Thanks



Merv wrote:
> So along with other poster suggestions, summary of options:
>
> 1. MAC address filter
> 2. WPA2 with pre-shared key with/without MAC address filter
> 3. LEAP with local RADIUS authentication on AP
> 4. EAP-FAST with local RADIUS authentication on AP


Similar ThreadsPosted
VPN/ADSL/Wireless for small office? September 18, 2007, 3:36 am
Advice for Switch and Router solution for small office September 17, 2005, 12:45 am
Wireless security June 10, 2005, 11:25 am
Wireless Access Point Security January 16, 2007, 4:26 pm
Wireless access points security question June 6, 2005, 6:06 pm
Bypassing wireless security on a Cisco AP for a single device May 21, 2008, 6:01 pm
Adding vpn client to Cisco 506 PIX messes up office to office tunnel August 24, 2006, 2:59 pm
Re: IT Security news and information site for Security Professionals August 7, 2008, 8:57 am
Which VPN Method More Secure? January 22, 2007, 1:38 pm
VPN method for DLSW over Internet? June 5, 2008, 11:53 am

other useful resources:
The Federal Communications Commission (FCC)
Telecommunications Industry Association
Electronic and Software Security Products and Services
International Telecommunication Union

Custom CGI Perl and PHP programming by 1-Script.com

Contact Us | Privacy Policy
The site map in XML format XML site map