Security Basics mailing list archives
RE: Wireless solutions with multiple keys
From: "Mercurio, Michael D (Dante)" <michael.mercurio () verizonbusiness com>
Date: Thu, 11 Dec 2008 21:57:23 +0000
The best method for what your stated goals are, is to use a central RADIUS server and authenticate using AD or other directory information. This solution would involve using WPA and 802.1x with an EAP Type. In this scenario, the AD credentials would dictate the user access and if an AD account expires or is deleted, access to the wireless is gone. Assuming you have AD, you can install and configure IAS and this solution costs you nothing more than time and maybe a certificate if you don't want to setup an internal certificate authority. Many systems that hotels use typically authenticates a user after the system is associated with an access point. There is typically no encryption when you do this. The user hits the gateway which forces an authentication before allowing traffic to pass. Also some hotels use a solution where an account is created manually during check in and the pass code is given to the user. If that interests you, here is one solution: http://www.colubris.com/content.asp?catref=Colubris_Visitor+Management+Software&name=Colubris_Products Hope this helps, --Dante M. Dante Mercurio, CISSP, CCNA -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Nick Duda Sent: Thursday, December 11, 2008 4:12 PM To: 'security-basics () securityfocus com' Subject: Wireless solutions with multiple keys Does anyone know any good products that allow multiple keys (wep/wpa/wpa2) for a single SSID that can be generated dynamically? I think I've seen hotels and such that offer something like this. Example: A local corporate network that serves 500 people. This network has servers and all kinds of stuff. I want to add a wireless network using WEP (I know I know, WEP.just using as example). This wifi network has no connectivity to the local corporate network, rather it connects to a dedicated DSL line. If you are on this wifi network, you are only on the internet. These 500 people have laptops that can only be used on this wifi network. I don't want to share 1 WEP key with 500 people. I want a way, a solution that these 500 people can hit up a webpage or something that will dynamically generate a WEP key for them. This WEP key should be able to expire. This solution can live on the local lan if needed. - Nick
Current thread:
- Wireless solutions with multiple keys Nick Duda (Dec 11)
- RE: Wireless solutions with multiple keys Mercurio, Michael D (Dante) (Dec 11)
- RE: Wireless solutions with multiple keys Nick Duda (Dec 11)
- Re: Wireless solutions with multiple keys Morgan Reed (Dec 12)
- RE: Wireless solutions with multiple keys Danny Puckett (Dec 12)
- RE: Wireless solutions with multiple keys Nick Duda (Dec 11)
- RE: Wireless solutions with multiple keys Mercurio, Michael D (Dante) (Dec 11)