We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

Wireless Network Security - Using Firewalls for Authentication

leta37
leta37 asked
on
Medium Priority
307 Views
Last Modified: 2013-11-16
Hi All,

We are adding wireless capabilities to our office network to allow the laptops easier access to our network resources. Like many, I have read about all the security vunrabilities etc and how to overcome most of them.

What I am considering is adding a firewall specifically for the access point, so the connection would look something like this:

[Client]  ---)  [WAP]  --->  [Firewall]  --->  [Network]

Where
---) is wireless
---> is copper

The main reason why I want the firewall there, is in addition to the intial installation of the WEP key, I would like to have the users authenticate with the firewall to allow traffic the first time they try to access the network. I put this in a different prespective, I would see it as:

1) User turns on their laptop
2) User logs into their laptop
3) User tries to access the internet or network resources, and this is where the authentication with the firewall would take place
4) User goes about their day
5) User powers down their laptop, and authentication is lost, so the next powerup they will need to authenticate again.

If this is at all possible, what would be a good firewall or similar appliance to get the job done? (Given that there would be 30+ users, authentication is required, etc). Features such as user ability to change own password, inactive timeout etc would be a bonus!!!!

Or would their be an appliance out there that is a firewall, wireless access point, etc all-in-one?

Thanks Heaps!!!!
Comment
Watch Question

CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
I would do something like a RADIUS server. Or if you want something that's like an all in one unit, get a wireless hotspot gateway.

Here is a link to ones made by Dlink:
http://www.dlink.com/products/category.asp?cid=81&sec=2

THe DCS-3200 would probably best fit your needs. It has a built in firewall, WAP, authentication, etc. Also supports 50 users. And you can generate usernames and passwords on the fly. Optional printer to faciltate that process.

I think it's around $400-$500.

Author

Commented:
I have heard of RADIUS before, are you able to elaborate on this? Im unsure if this is to with Linux or not, but I'm trying to keep the entire network running on Windows XP Pro and Server 2003 (I havn't had a chance to explorer and learn Linux as yet).

Also, I cant see a DCS-3200 on D-Link - do you mean a DSA-3200???
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
Sorry, I meant to say DSA-3200... there's a different set of products that's DCS. My mistake.

RADIUS can be used for the authentication part... depending on the server you use, you can tie to existing servers that you have. For example, if you're in an Active Directory environment, you can actually have it tied to AD. (Also ways to tie to eDirectory if you use Novell)

Windows Server 2003 actually has a built in RADIUS server (IAS) that you can install and use.

But to tell what exactly RADIUS is... it stands for Remote Authentication Dial In User Service. It's used pretty much for remote authentication and accounting.... for example, your ISP uses this type of service whenever you have to authenticate into their network.

The authentication can take place in many different ways... like looking at an Active Directory, which the Server 2003 RADIUS server requires you to do. However, you could also have RADIUS servers that use information from flat files or SQL databases.

The accounting can also use files, SQL databases, as well as other schemes depending on the product you use and what plugins are available to that exact product.

Here's a link for set up in Windows 2000 Server.... pretty similiar to Server 2003 in terms of what you'd have to do to get it all established:
http://www.windowsnetworking.com/kbase/WindowsTips/Windows2000/AdminTips/Security/SettingupWindows2000Radiustoauthenticatewireless802.1xclients.html

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
Thanks Heaps!!!!
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.