Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 283
  • Last Modified:

Wireless Network Security - Using Firewalls for Authentication

Hi All,

We are adding wireless capabilities to our office network to allow the laptops easier access to our network resources. Like many, I have read about all the security vunrabilities etc and how to overcome most of them.

What I am considering is adding a firewall specifically for the access point, so the connection would look something like this:

[Client]  ---)  [WAP]  --->  [Firewall]  --->  [Network]

---) is wireless
---> is copper

The main reason why I want the firewall there, is in addition to the intial installation of the WEP key, I would like to have the users authenticate with the firewall to allow traffic the first time they try to access the network. I put this in a different prespective, I would see it as:

1) User turns on their laptop
2) User logs into their laptop
3) User tries to access the internet or network resources, and this is where the authentication with the firewall would take place
4) User goes about their day
5) User powers down their laptop, and authentication is lost, so the next powerup they will need to authenticate again.

If this is at all possible, what would be a good firewall or similar appliance to get the job done? (Given that there would be 30+ users, authentication is required, etc). Features such as user ability to change own password, inactive timeout etc would be a bonus!!!!

Or would their be an appliance out there that is a firewall, wireless access point, etc all-in-one?

Thanks Heaps!!!!
  • 2
  • 2
1 Solution
I would do something like a RADIUS server. Or if you want something that's like an all in one unit, get a wireless hotspot gateway.

Here is a link to ones made by Dlink:

THe DCS-3200 would probably best fit your needs. It has a built in firewall, WAP, authentication, etc. Also supports 50 users. And you can generate usernames and passwords on the fly. Optional printer to faciltate that process.

I think it's around $400-$500.
leta37Author Commented:
I have heard of RADIUS before, are you able to elaborate on this? Im unsure if this is to with Linux or not, but I'm trying to keep the entire network running on Windows XP Pro and Server 2003 (I havn't had a chance to explorer and learn Linux as yet).

Also, I cant see a DCS-3200 on D-Link - do you mean a DSA-3200???
Sorry, I meant to say DSA-3200... there's a different set of products that's DCS. My mistake.

RADIUS can be used for the authentication part... depending on the server you use, you can tie to existing servers that you have. For example, if you're in an Active Directory environment, you can actually have it tied to AD. (Also ways to tie to eDirectory if you use Novell)

Windows Server 2003 actually has a built in RADIUS server (IAS) that you can install and use.

But to tell what exactly RADIUS is... it stands for Remote Authentication Dial In User Service. It's used pretty much for remote authentication and accounting.... for example, your ISP uses this type of service whenever you have to authenticate into their network.

The authentication can take place in many different ways... like looking at an Active Directory, which the Server 2003 RADIUS server requires you to do. However, you could also have RADIUS servers that use information from flat files or SQL databases.

The accounting can also use files, SQL databases, as well as other schemes depending on the product you use and what plugins are available to that exact product.

Here's a link for set up in Windows 2000 Server.... pretty similiar to Server 2003 in terms of what you'd have to do to get it all established:
leta37Author Commented:
Thanks Heaps!!!!

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now