corporate wifi

gram77
gram77 used Ask the Experts™
on
1. what is the role of vpn on corporate wifi. which free vpn software i can install on my device which require min config settings
2. how to report what devices connected to corporate wifi
3. how secure is my device data on corporate wifi
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
1) What do you need VPN for? Access to workstation from home?
2) Are you the wireless Admin or even a Admin period? If not, it will be impossible to tell
3) Depends on what kind of encryption is setup. An encrypted SSID will be fairly safe while an open SSID will be fairly unsafe. Nothing is unhackable if the right person wants to get in.  Just ask the Government that.

Author

Commented:
what does vpn do on corporate wifi
I still dont quite understand the question. After your connected to your corporate Wifi a VPN connection will function just like your plugged into an ethernet jack on the wall.
A VPN connection is normally used so you can "tunnel back" to a specific network bypassing access restrictions.
Commented:
1. Some companies secure corporate wireless with running all datatraficc through VPN on top of wireless encryption. This is most likely done in scenarios where the wireless network isn't properly secured, - like with only WEP, or WPA/WPA2-Pre Shared key. The idea is that if an attackers gains access to the network, all traffic runnning on the wireless is also encrypted within the VPN tunnel - so the attacker doesn't gain access to the datatraffic.
2. In most deployments, the wireless AP or preferably wireless controller in a multiple AP deployment will have a clients list which shows all connected clients. If you have separate DHCP scope for wired and wireless - you get an idea of clients connected through DHCP lease, but this isn't always up to date, as stations won't clear their DHCP address when disconnecting
3. a properly deployed corporate wireless is safer the a wired network (!). Stay clear of all Pre shared key deployments, as PSKs can be hacked in some cases, like WEP and with a weak key in WPA/WPA2 - but also a PSK is a bad secret when many people know it. The only secure way to deploy corporate networks is by using 802.1X with machine AND user authentication. You use Radius (like microsoft NPS or IAS, or similar from Linux - or Tacacs within Cisco) to authenticate users where the computer they connect from has to be AD joined, in the correct group - as with user accounts also domain joined and member of the correct group. With 802.1X and WPA2 encryption all users have theire own randomly generated WPA2 key - and it changes every 5 - 10 minutes (you chooes) so if an attacker, against all odds - (we're talking 1 - 100000000 or something in odds) guess the random key - he only has access for 5 minutes, until key is changed again.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial