Wireless Network Security - Using Firewalls for Authentication

Posted on 2006-03-28
Last Modified: 2013-11-16
Hi All,

We are adding wireless capabilities to our office network to allow the laptops easier access to our network resources. Like many, I have read about all the security vunrabilities etc and how to overcome most of them.

What I am considering is adding a firewall specifically for the access point, so the connection would look something like this:

[Client]  ---)  [WAP]  --->  [Firewall]  --->  [Network]

---) is wireless
---> is copper

The main reason why I want the firewall there, is in addition to the intial installation of the WEP key, I would like to have the users authenticate with the firewall to allow traffic the first time they try to access the network. I put this in a different prespective, I would see it as:

1) User turns on their laptop
2) User logs into their laptop
3) User tries to access the internet or network resources, and this is where the authentication with the firewall would take place
4) User goes about their day
5) User powers down their laptop, and authentication is lost, so the next powerup they will need to authenticate again.

If this is at all possible, what would be a good firewall or similar appliance to get the job done? (Given that there would be 30+ users, authentication is required, etc). Features such as user ability to change own password, inactive timeout etc would be a bonus!!!!

Or would their be an appliance out there that is a firewall, wireless access point, etc all-in-one?

Thanks Heaps!!!!
Question by:leta37
    LVL 18

    Expert Comment

    I would do something like a RADIUS server. Or if you want something that's like an all in one unit, get a wireless hotspot gateway.

    Here is a link to ones made by Dlink:

    THe DCS-3200 would probably best fit your needs. It has a built in firewall, WAP, authentication, etc. Also supports 50 users. And you can generate usernames and passwords on the fly. Optional printer to faciltate that process.

    I think it's around $400-$500.

    Author Comment

    I have heard of RADIUS before, are you able to elaborate on this? Im unsure if this is to with Linux or not, but I'm trying to keep the entire network running on Windows XP Pro and Server 2003 (I havn't had a chance to explorer and learn Linux as yet).

    Also, I cant see a DCS-3200 on D-Link - do you mean a DSA-3200???
    LVL 18

    Accepted Solution

    Sorry, I meant to say DSA-3200... there's a different set of products that's DCS. My mistake.

    RADIUS can be used for the authentication part... depending on the server you use, you can tie to existing servers that you have. For example, if you're in an Active Directory environment, you can actually have it tied to AD. (Also ways to tie to eDirectory if you use Novell)

    Windows Server 2003 actually has a built in RADIUS server (IAS) that you can install and use.

    But to tell what exactly RADIUS is... it stands for Remote Authentication Dial In User Service. It's used pretty much for remote authentication and accounting.... for example, your ISP uses this type of service whenever you have to authenticate into their network.

    The authentication can take place in many different ways... like looking at an Active Directory, which the Server 2003 RADIUS server requires you to do. However, you could also have RADIUS servers that use information from flat files or SQL databases.

    The accounting can also use files, SQL databases, as well as other schemes depending on the product you use and what plugins are available to that exact product.

    Here's a link for set up in Windows 2000 Server.... pretty similiar to Server 2003 in terms of what you'd have to do to get it all established:

    Author Comment

    Thanks Heaps!!!!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    PRTG Network Monitor: Intuitive Network Monitoring

    Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

    Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
    This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now