Wireless security quandry.
Posted on 2005-05-10
Hello, I have a request for help and advice on the implementation of a secure wireless LAN. I work in IT at a high school with about 1100 students. All students use relatively homogenous laptops (575 IBM T-40’s, 300 T-41, 275 T-42).
Before every school year we perform a mass reimage on these computers, so we have the opportunity to make any client side changes necessary with relative ease. In order to allow the students to use their computers freely at home, while maintaining a virus/spyware free, controlled environment at school, we use a Windows XP/XP dual boot. One boot (school OS) is XP where they have domain user accounts with restricted rights and the computers are joined to the domain. Other boot is XP (Home OS) where they have full local admin rights but are not on the domain.
What I am looking for is a wireless solution whereby they will be able to securely access our WLAN from their school accounts only. We have been using PEAP with good security (and exclusion of non-domain computer access results), but instability in IAS authentication + PEAP have forced us to consider a new solution. The main result we are striving for in particular is a system that will allow ONLY computers that are joined to our Windows 2003 domain to have access to the wireless network. I have only been doing IT for a few years and our school relied completely on consultants to initially implement the current (broken) system. We would like to do this implementation ourselves. Obviously it’s going to take lots of research, but I would appreciate any advice or a shove off in the right direction that anyone can offer. Thanks for your time guys and gals.