Wireless Network Security - Using Firewalls for Authentication

Hi All,

We are adding wireless capabilities to our office network to allow the laptops easier access to our network resources. Like many, I have read about all the security vunrabilities etc and how to overcome most of them.

What I am considering is adding a firewall specifically for the access point, so the connection would look something like this:

[Client]  ---)  [WAP]  --->  [Firewall]  --->  [Network]

Where
---) is wireless
---> is copper

The main reason why I want the firewall there, is in addition to the intial installation of the WEP key, I would like to have the users authenticate with the firewall to allow traffic the first time they try to access the network. I put this in a different prespective, I would see it as:

1) User turns on their laptop
2) User logs into their laptop
3) User tries to access the internet or network resources, and this is where the authentication with the firewall would take place
4) User goes about their day
5) User powers down their laptop, and authentication is lost, so the next powerup they will need to authenticate again.

If this is at all possible, what would be a good firewall or similar appliance to get the job done? (Given that there would be 30+ users, authentication is required, etc). Features such as user ability to change own password, inactive timeout etc would be a bonus!!!!

Or would their be an appliance out there that is a firewall, wireless access point, etc all-in-one?

Thanks Heaps!!!!
leta37Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

masnrockCommented:
I would do something like a RADIUS server. Or if you want something that's like an all in one unit, get a wireless hotspot gateway.

Here is a link to ones made by Dlink:
http://www.dlink.com/products/category.asp?cid=81&sec=2

THe DCS-3200 would probably best fit your needs. It has a built in firewall, WAP, authentication, etc. Also supports 50 users. And you can generate usernames and passwords on the fly. Optional printer to faciltate that process.

I think it's around $400-$500.
0
leta37Author Commented:
I have heard of RADIUS before, are you able to elaborate on this? Im unsure if this is to with Linux or not, but I'm trying to keep the entire network running on Windows XP Pro and Server 2003 (I havn't had a chance to explorer and learn Linux as yet).

Also, I cant see a DCS-3200 on D-Link - do you mean a DSA-3200???
0
masnrockCommented:
Sorry, I meant to say DSA-3200... there's a different set of products that's DCS. My mistake.

RADIUS can be used for the authentication part... depending on the server you use, you can tie to existing servers that you have. For example, if you're in an Active Directory environment, you can actually have it tied to AD. (Also ways to tie to eDirectory if you use Novell)

Windows Server 2003 actually has a built in RADIUS server (IAS) that you can install and use.

But to tell what exactly RADIUS is... it stands for Remote Authentication Dial In User Service. It's used pretty much for remote authentication and accounting.... for example, your ISP uses this type of service whenever you have to authenticate into their network.

The authentication can take place in many different ways... like looking at an Active Directory, which the Server 2003 RADIUS server requires you to do. However, you could also have RADIUS servers that use information from flat files or SQL databases.

The accounting can also use files, SQL databases, as well as other schemes depending on the product you use and what plugins are available to that exact product.

Here's a link for set up in Windows 2000 Server.... pretty similiar to Server 2003 in terms of what you'd have to do to get it all established:
http://www.windowsnetworking.com/kbase/WindowsTips/Windows2000/AdminTips/Security/SettingupWindows2000Radiustoauthenticatewireless802.1xclients.html
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
leta37Author Commented:
Thanks Heaps!!!!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.