Security recommendations wifi connected to corporate network

We have been tasked with connecting a room to our corporate network via wireless router.  I am not that adept at wireless security.  Can anyone give me any general guidelines to make this as secure as possible?  Is this even recommended.  Our domain is a Windows  2016 domain.  

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Please give more detail? There seems to be some ambiguity. Is this a space that's not part of your current space, or are you implementing a wireless network that needs to be tied to the corporate network?
Once you have connected the room to your network, how will users connect to it?  More specifically, you can do a point-to-point connection between the corporate network and your room and then connect to that with a wired connection.  The point-to-point connection can be fairly secure by restricting communication between the two devices by WPA2 and only allowing connections between those two MAC addresses.  An access point can be connected to the PTP connection and standard wireless security rules would apply.
Rob KnightConsultantCommented:
Given recent WPA2 vulnerabilities (KRACK) you may want to consider an alternative - I.e. if you already have a VPN solution, just put in a standard Internet connection bases Wi-Fi.
The 7 Worst Nightmares of a Sysadmin

Fear not! To defend your business’ IT systems we’re going to shine a light on the seven most sinister terrors that haunt sysadmins. That way you can be sure there’s nothing in your stack waiting to go bump in the night.

nociSoftware EngineerCommented:
KRACK can be mitigated somewhat, but at least stick to WPA2 + AES (or CCMP)   avoid TKIP, WPA and WEP.
Tomake WiFi more or less secure you will need to setup WPA2+AES Enterprise. This mode uses certificates & generates access keys based on those. KRACK will not help a lot as the password changes every time the connection is made.
Even roaming can be made more smooth that way.
Jakob DigranesSenior ConsultantCommented:
as Noci mention;
the only way to get secure WiFi is using WPA2-Enterprise.
WPA2-Enterprise use RADIUS server for authentication, the RADIUS server can be a windows DC if you like, or Linux or 3rd party product.
But Radius needs to be setup securly.

EAP-setting (for authentication and credentials exchange) should be Protected EAP (PEAP) using a valid certificate on server, and use this certificate for secure exchange credentials

EAP-Inner method can be either certificates on devices -EAP-TLS (yes please!) , or user name and password from domain, PEAP-MsChapv2

once again, as noci says - with WPA2-Enterprise every station use a random generated unique encryption key that is rotated. With WPA2-Personal (using a pre-shared key) - every station share the same encryption key.
KRACK can be mitigated, as most vendors have released firmware patches to fix this. WPA2-KRACK is not a protocol flaw, but an implementaion flaw, which makes it ease to secure.
WPA2 enterprise is still susceptible to KRACK if wireless equipment are not upgraded.

and yes, secure and recommended

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
PberSolutions ArchitectCommented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:

-- Jakob Digranes (https:#a42430695)
-- noci (https:#a42430585)
-- Rob Knight (https:#a42430480)
-- CompProbSolv (https:#a42430442)

If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

Experts-Exchange Cleanup Volunteer
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Wireless Networking

From novice to tech pro — start learning today.