Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1663
  • Last Modified:

Wireless authentication security using Certificates and 802.11x

I'm working with an engineer on deploying a wireless solution using Cisco Aironet access points and a 2504 controller.  Wireless in general is new for both of us so I'm looking for information about the best way to setup authentication for this network.  

Our goal is to have the laptops using wireless authenticate with a certificate without requiring the user to authenticate manually.  From what I have read in order to be secure we should be using the 802.11x protocol along with Protected EAP (PEAP) with EAP-TLS.

Not knowing much about either certificates with a Server 2008 domain and the Cisco access points I'm hoping someone here can help me out with the general steps we'd need to take to make this happen.  I'd also appreciate it if you could point me to any good summary documents that explain how this should all work from a high level since I am not well versed in the technical details yet.
0
First Last
Asked:
First Last
1 Solution
 
Craig BeckCommented:
Ok, so you need to implement Computer Authentication via Digital Certificate.  This is not easy and if you're new to Wireless/Cisco/Certificates it'll be a whole new experience!

Basically, you'll need to configure a Certification Authority (Microsoft Certificate Services) and a RADIUS Server (Microsoft NPS Service).
As well as this you'll need to create a couple of Group Policies.  One will automatically enroll computers to obtain a computer certificate from the CA, and the other will push the WLAN settings to computers.

On the Cisco Wireless controller you will need to configure a RADIUS server and set the SSID to use the RADIUS server when processing authentication requests.

Have a look at this doc for NPS setup...

http://araihan.wordpress.com/2009/11/11/windows-server-2008-how-to-configure-network-policy-server-nps-or-radius-server/



This might also help...

http://araihan.wordpress.com/2010/04/30/complete-guide-to-build-a-cisco-wireless-infrastructure-using-cisco-wlc-5500-cisco-1142-ap-and-microsoft-radius-server/




In all honesty it's not easy to implement if you're not familar with the concepts.  There's a lot to do, so try and get each major component installed first, then link it all together.
0
 
First LastAuthor Commented:
Thank you very much for the reply, I should have broken this question down into smaller chunks.  I'll start reading the links you provided but your overall description sounds very much in line with what I have discovered so far.  Thanks again!
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now