TAS-IT
asked on
securing wireless network
Hello Everyone,
Currently we have our wireless network setup with WPA and only the IT department have the code. We enter all the code in to every computer which belongs to the organization. The organization consist of Windows XP and Windows 7 computers. Our domain controller is running windows 2008. We noticed that other devices that do not belong to the organization are also connected to the wireless network.
Any suggestion on how I can secure the wireless connection so if a user somehow get a hold of the wireless key, they are still require some kind of authentication before they have access to the network?
We have a public and and private SSIDs.
Thank you.
Currently we have our wireless network setup with WPA and only the IT department have the code. We enter all the code in to every computer which belongs to the organization. The organization consist of Windows XP and Windows 7 computers. Our domain controller is running windows 2008. We noticed that other devices that do not belong to the organization are also connected to the wireless network.
Any suggestion on how I can secure the wireless connection so if a user somehow get a hold of the wireless key, they are still require some kind of authentication before they have access to the network?
We have a public and and private SSIDs.
Thank you.
Using a Radius Server will almost solve your problem: since I believe most of the unidentified devices on your network are employee's phones/tablets, as long as they have a password they can use it on multiple devices.
You can use MAC filtering, but that's usually more work than worth. Have to manually keep updated the MAC table and any employee can find out in 5 mins on Google how to spoof a MAC.
I don't know your router, but if you can integrate it with AD you're a long way toward solving your problem, i.e. allowing only authenticated AD users access to the network.
HTH,
Dan
You can use MAC filtering, but that's usually more work than worth. Have to manually keep updated the MAC table and any employee can find out in 5 mins on Google how to spoof a MAC.
I don't know your router, but if you can integrate it with AD you're a long way toward solving your problem, i.e. allowing only authenticated AD users access to the network.
HTH,
Dan
ASKER
How do I set it up where only authenticated AD users have access to the wireless network?
We have a HP Procurve Wireless controller.
We have a HP Procurve Wireless controller.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You will need to use RADIUS as DanCraciun said.
The problem here is that Windows allows a user to view the PSK in plain-text, so it's easily copied to an unauthorized machine.
RADIUS will give you the ability to allow only devices or users you dictate to connect to the network using access policies. You could do it based on whether the client device is joined to a domain or not, or based on a combination of domain-membership and user account, for example.
The problem here is that Windows allows a user to view the PSK in plain-text, so it's easily copied to an unauthorized machine.
RADIUS will give you the ability to allow only devices or users you dictate to connect to the network using access policies. You could do it based on whether the client device is joined to a domain or not, or based on a combination of domain-membership and user account, for example.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You could use a 63-character passphrase on the wireless. Then nobody would be able to memorize it; only copy and paste it if they somehow have access which by itself would be a breach of security in some fashion.
You should make sure that the wireless clients you are using will not display the passphrase on the client computer. I don't know if there are password finders that will do this but it's another step at least.
You could use Radius network login with individual login passwords in addition to the wireless security.