Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
657
Views
0
Helpful
6
Replies

Ideas on how to secure new wireless deployment?

oalexis
Level 1
Level 1

‎07-21-2004 05:40 AM - edited ‎07-04-2021 09:49 AM

hi folks,

We are just about to deploy a new wireless LAN. Its purpose right now is for our training room for end users. Right now we have a 1100 using WPA with TKIP. I also have the AP on a seperate VLAN. I was wondering, whether this setup is secure enough. We plan to unplug the AP when not in use and the walls of the room are so thick that the signal does not bleed outside. (I've tried to get a signal and can't) Should I consider using LEAP? or a RADIUS server?

Any ideas are appreciated

thanks!

Labels:
0 Helpful
6 Replies 6

Not applicable

‎07-27-2004 12:17 PM

If you think that the security is not a concern here, then you need not go for LEAP. But there is always some wek points in terams of secuirity. So its better to go for better security Mechanisms.

0 Helpful

dsidley
Level 1
Level 1

‎07-27-2004 02:18 PM

LEAP is dead, don't waste your time. Even with LEAP authentication against a RADIUS server with dyn/WEP you would be susceptible to an attack as LEAP passes the userid in the clear.

RADIUS Server using PEAP (MS PEAP) with WPA/TKIP is reasonably secure. Just set the session timeout on the RADIUS server to every few hours. In spite of what you may hear, MS-PEAP is by far the most popular EAP type and only requires PKI certificates on the server-side.

If in need of a supplicant supporting most EAP types we have found Funk's "Odyssey Client" and excellent choice.

0 Helpful

oalexis
Level 1
Level 1
In response to dsidley

‎07-27-2004 04:25 PM

thanks so much!

I've been trying to play with PEAP but can't get it to work. I keep getting this error message that says it cannot find a certificate for use with EAP. It's on a M$ RADIUS server. I know the server can't obtain a certificate but I don't know much about certificate services. I know this is not a M$ forum but I have searched high and low and can't find a way to resolve this.

Can you offer any insight?

Many thanks again!

0 Helpful

oalexis
Level 1
Level 1
In response to oalexis

‎07-27-2004 07:53 PM

Coincidently I got it working tonight! I'm now using WPA with TKIP and authenticating to RADIUS with PEAP MSCHAP V2. I can see some extra over head. The connection isn't as fast as it used to be.......... but that's a payoff.

thanks for your help!

0 Helpful

dewman03
Level 1
Level 1
In response to oalexis

‎07-28-2004 02:42 PM

You also mentioned unplugging the AP when not in use. Well, you could just disable the radio interface. Or use some of that SWAN infrastructure, and get it to run in scanning only mode at night. i find setting a time the LEAP/PEAP accounts are vaild, like normal buisness hours, in the ACS, and logging all failed attempts at nighh works just fine.

0 Helpful

oalexis
Level 1
Level 1
In response to dewman03

‎07-29-2004 01:19 PM

THanks,

Appreciate that idea!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card