Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Wireless solutions with multiple keys

From: "Mercurio, Michael D (Dante)" <michael.mercurio () verizonbusiness com>
Date: Thu, 11 Dec 2008 21:57:23 +0000
The best method for what your stated goals are, is to use a central RADIUS server and authenticate using AD or other 
directory information. This solution would involve using WPA and 802.1x with an EAP Type. In this scenario, the AD 
credentials would dictate the user access and if an AD account expires or is deleted, access to the wireless is gone. 
Assuming you have AD, you can install and configure IAS and this solution costs you nothing more than time and maybe a 
certificate if you don't want to setup an internal certificate authority.

Many systems that hotels use typically authenticates a user after the system is associated with an access point. There 
is typically no encryption when you do this. The user hits the gateway which forces an authentication before allowing 
traffic to pass.

Also some hotels use a solution where an account is created manually during check in and the pass code is given to the 
user. If that interests you, here is one solution:
http://www.colubris.com/content.asp?catref=Colubris_Visitor+Management+Software&name=Colubris_Products 

Hope this helps,
--Dante

M. Dante Mercurio, CISSP, CCNA 
 

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Nick Duda
Sent: Thursday, December 11, 2008 4:12 PM
To: 'security-basics () securityfocus com'
Subject: Wireless solutions with multiple keys

Does anyone know any good products that allow multiple keys (wep/wpa/wpa2) for a single SSID that can be generated 
dynamically? I think I've seen hotels and such that offer something like this.

Example: A local corporate network that serves 500 people. This network has servers and all kinds of stuff. I want to 
add a wireless network using WEP (I know I know, WEP.just using as example). This wifi network has no connectivity to 
the local corporate network, rather it connects to a dedicated DSL line. If you are on this wifi network, you are only 
on the internet. These 500 people have laptops that can only be used on this wifi network.  I don't want to share 1 WEP 
key with 500 people. I want a way, a solution that these 500 people can hit up a webpage or something that will 
dynamically generate a WEP key for them. This WEP key should be able to expire. This solution can live on the local lan 
if needed.

- Nick
Previous By Date Next
Previous By Thread Next

Current thread: