Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Wireless Networking > Secure Wireless for non-public network, Windows Server 2003 R2, Linksys APs

Reply
Thread Tools

Secure Wireless for non-public network, Windows Server 2003 R2, Linksys APs

 
 
bjriffel@hotmail.com
Guest
Posts: n/a
 
      01-19-2007
Here is the scenario. Right now this is on my test network.

Windows Server 2003 R2 running a native AD domain. A Linksys WAP54G
ver. 3 access point. I need a secure wireless network. I need all
traffic encrypted as well as restricting access ONLY to those with a
domain login (and possibly restricting only to known MAC addresses).

I'm assuming that I'll be using a RADIUS server of some sort. I have
IAS running on the 2003R2 box, as well at cert services.

What type of authentication do I need to enable on the AP, and how do I
set it up on the domain? I've established a shared secret and all of
that business, but I'd kind of like to start from scratch and here some
of your ideas and suggestions.

If I should just go with some 3rd party software, that is fine to
suggest as well. I'd like to stay away from buying Cisco equipment or
software, simply because of budgetary constraints. Linksys is cheap,
and I think in the end, it can provide everything we need.

Thanks
Brandon Riffel

 
Reply With Quote
 
 
 
 
Jack \(MVP-Networking\).
Guest
Posts: n/a
 
      01-19-2007
Hi
I think that an issue like this is a little beyond the scope of newsgroup.
There is a lot of info pertaining issues like this in Microsoft's TechNet.
Example,
http://www.microsoft.com/technet/com...a/isa0316.mspx
Search further the site and you would be able to gather an adequate
solution.
Jack (MVP-Networking).

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Here is the scenario. Right now this is on my test network.
>
> Windows Server 2003 R2 running a native AD domain. A Linksys WAP54G
> ver. 3 access point. I need a secure wireless network. I need all
> traffic encrypted as well as restricting access ONLY to those with a
> domain login (and possibly restricting only to known MAC addresses).
>
> I'm assuming that I'll be using a RADIUS server of some sort. I have
> IAS running on the 2003R2 box, as well at cert services.
>
> What type of authentication do I need to enable on the AP, and how do I
> set it up on the domain? I've established a shared secret and all of
> that business, but I'd kind of like to start from scratch and here some
> of your ideas and suggestions.
>
> If I should just go with some 3rd party software, that is fine to
> suggest as well. I'd like to stay away from buying Cisco equipment or
> software, simply because of budgetary constraints. Linksys is cheap,
> and I think in the end, it can provide everything we need.
>
> Thanks
> Brandon Riffel
>



 
Reply With Quote
 
 
 
 
Jeff Liebermann
Guest
Posts: n/a
 
      01-19-2007
http://www.velocityreviews.com/forums/(E-Mail Removed) hath wroth:

>Windows Server 2003 R2 running a native AD domain. A Linksys WAP54G
>ver. 3 access point. I need a secure wireless network. I need all
>traffic encrypted as well as restricting access ONLY to those with a
>domain login (and possibly restricting only to known MAC addresses).


You might find the WAP54G v3.0 to be a bit too crude. It's major
failings are a tendency to hang and an inability to handle more than
about 10 simultaneous connections.

>I'm assuming that I'll be using a RADIUS server of some sort. I have
>IAS running on the 2003R2 box, as well at cert services.


IAS Server 2004 includes RADIUS services. For example:
<http://www.enterasys.com/support/manuals/Pol_Mgr1_8-web/docs/p_win2000_config.html>
<http://www.microsoft.com/whdc/device/network/802x/AccessPts.mspx>
<http://www.microsoft.com/technet/community/chats/trans/isa/isa0316.mspx>
etc...
Setup your access point for WPA-RADIUS and or WPA-ENTERPRISE (same
thing) and point to the ISA server.

>What type of authentication do I need to enable on the AP, and how do I
>set it up on the domain?


See above URL for instructions on how to setup RADIUS.

>I've established a shared secret and all of
>that business, but I'd kind of like to start from scratch and here some
>of your ideas and suggestions.


Wrong. RADIUS is a replacement for the system wide wireless shared
key. For each session, a new and unique encryption key is issued by
the RADIUS server to both the access point and client. This is the
prime advantage of RADIUS... there no shared key.

>If I should just go with some 3rd party software, that is fine to
>suggest as well.


There are 3rd party RADIUS servers and online authentication services
available, but your Win2003r2 server has everything you need. Since
you like Linksys, they also provide such an online authentication
service:
<http://www.linksys.com/wirelessguard/>

>I'd like to stay away from buying Cisco equipment or
>software, simply because of budgetary constraints. Linksys is cheap,
>and I think in the end, it can provide everything we need.


Methinks you're making a mistake. If you find Cisco to be overly
expensive, perhaps something in the middle like 3Com or Sonicwall
might be more affordable. Cheap security is an oxymoron.

--
Jeff Liebermann http://www.velocityreviews.com/forums/(E-Mail Removed)-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558
 
Reply With Quote
 
John Navas
Guest
Posts: n/a
 
      01-25-2007
On 19 Jan 2007 07:35:56 -0800, (E-Mail Removed) wrote in
<(E-Mail Removed) .com>:

>Here is the scenario. Right now this is on my test network.
>
>Windows Server 2003 R2 running a native AD domain. A Linksys WAP54G
>ver. 3 access point. I need a secure wireless network. I need all
>traffic encrypted


Are you talking wireless client to wireless client security, or only
wireless to the outside world security?

>as well as restricting access ONLY to those with a
>domain login (and possibly restricting only to known MAC addresses).


MAC filtering is easily spoofed and thus a waste of time.

>I'm assuming that I'll be using a RADIUS server of some sort. I have
>IAS running on the 2003R2 box, as well at cert services.
>
>What type of authentication do I need to enable on the AP, and how do I
>set it up on the domain? I've established a shared secret and all of
>that business, but I'd kind of like to start from scratch and here some
>of your ideas and suggestions.
>
>If I should just go with some 3rd party software, that is fine to
>suggest as well. I'd like to stay away from buying Cisco equipment or
>software, simply because of budgetary constraints. Linksys is cheap,
>and I think in the end, it can provide everything we need.


Consider running DD-WRT firmware on an appropriate Linksys box (not the
[ugh] WAP54G).

--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Secure your digital information assets with Secure Auditor. SecureWindows with Secure Auditor alannis.albert@googlemail.com Cisco 0 04-14-2008 06:53 AM
Secure your digital information assets with Secure Auditor SecureWindows with Secure Auditor alannis.albert@googlemail.com Cisco 0 04-14-2008 06:52 AM
Windows 2003 Server or Exchange Server 2003 first????? Ozzie MCSA 1 11-30-2004 01:10 AM
SWsoft Acronis Disk Director Suite 9.0 Build 508, Acronis OS Selector 8.0 Build 917, Acronis Partition Expert 2003 Build 292, Acronis Power Utilities 2004 Build 502, F-SECURE.ANTI vIRUS.PROXY v1.10.17.WINALL, F-SECURE.ANTI vIRUS v5.50.10260 for CITRI vvcd Computer Support 0 09-25-2004 01:38 AM



Advertisments