Thread: Secure Wireless for non-public network, Windows Server 2003 R2, Linksys APs
View Single Post
  #3 (permalink)  
Old 01-19-2007, 05:08 PM
Jeff Liebermann
Guest
  
Posts: n/a
Default Re: Secure Wireless for non-public network, Windows Server 2003 R2, Linksys APs
bjriffel@hotmail.com hath wroth:

>Windows Server 2003 R2 running a native AD domain. A Linksys WAP54G
>ver. 3 access point. I need a secure wireless network. I need all
>traffic encrypted as well as restricting access ONLY to those with a
>domain login (and possibly restricting only to known MAC addresses).

You might find the WAP54G v3.0 to be a bit too crude. It's major
failings are a tendency to hang and an inability to handle more than
about 10 simultaneous connections.

>I'm assuming that I'll be using a RADIUS server of some sort. I have
>IAS running on the 2003R2 box, as well at cert services.

IAS Server 2004 includes RADIUS services. For example:
<http://www.enterasys.com/support/manuals/Pol_Mgr1_8-web/docs/p_win2000_config.html>
<http://www.microsoft.com/whdc/device/network/802x/AccessPts.mspx>
<http://www.microsoft.com/technet/community/chats/trans/isa/isa0316.mspx>
etc...
Setup your access point for WPA-RADIUS and or WPA-ENTERPRISE (same
thing) and point to the ISA server.

>What type of authentication do I need to enable on the AP, and how do I
>set it up on the domain?

See above URL for instructions on how to setup RADIUS.

>I've established a shared secret and all of
>that business, but I'd kind of like to start from scratch and here some
>of your ideas and suggestions.

Wrong. RADIUS is a replacement for the system wide wireless shared
key. For each session, a new and unique encryption key is issued by
the RADIUS server to both the access point and client. This is the
prime advantage of RADIUS... there no shared key.

>If I should just go with some 3rd party software, that is fine to
>suggest as well.

There are 3rd party RADIUS servers and online authentication services
available, but your Win2003r2 server has everything you need. Since
you like Linksys, they also provide such an online authentication
service:
<http://www.linksys.com/wirelessguard/>

>I'd like to stay away from buying Cisco equipment or
>software, simply because of budgetary constraints. Linksys is cheap,
>and I think in the end, it can provide everything we need.

Methinks you're making a mistake. If you find Cisco to be overly
expensive, perhaps something in the middle like 3Com or Sonicwall
might be more affordable. Cheap security is an oxymoron.

--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

Reply With Quote