Security Basics mailing list archives
RE: Wireless solutions with multiple keys
From: "Danny Puckett" <dpuckett () comresource com>
Date: Fri, 12 Dec 2008 10:12:35 -0500
You could always put up a quick captive portal using m0n0wall/pfsense. I use this for our guest wireless at work. Users need to know the current password to be gain internet access. Of course this is authentication only and does not provide any encryption. ________________________________ From: listbounce () securityfocus com on behalf of Nick Duda Sent: Thu 12/11/2008 5:10 PM To: 'Mercurio, Michael D (Dante)'; 'security-basics () securityfocus com' Subject: RE: Wireless solutions with multiple keys Thanks for the info. I actually run a Wireless network using wpa2 and ad authentication for local lan users, it works great. The issue here is that I want to make a new wifi lan that anyone can use only if they are authenticated...but this authentication needs to be automated somehow. When I say "anyone can use it" I mean that anyone that has access to something that can tell them the key to get on. I guess what I am saying is that I want a wifi network in the workplace that a wardriver cannot just "jump on", but any employee can because they can pull up on an intranet site "This weeks key". If the employee is working on a weekend and brings their spouse in with a laptop, that employee just look at what "This weeks key" is and configures it on the spouse laptop. I'm starting to think it's very easy if I just manually update this "intranet" page weekly/monthly with the WEP/WPA key once I change it on the AP. -----Original Message----- From: Mercurio, Michael D (Dante) [mailto:michael.mercurio () verizonbusiness com] Sent: Thursday, December 11, 2008 4:57 PM To: Nick Duda; security-basics () securityfocus com Subject: RE: Wireless solutions with multiple keys The best method for what your stated goals are, is to use a central RADIUS server and authenticate using AD or other directory information. This solution would involve using WPA and 802.1x with an EAP Type. In this scenario, the AD credentials would dictate the user access and if an AD account expires or is deleted, access to the wireless is gone. Assuming you have AD, you can install and configure IAS and this solution costs you nothing more than time and maybe a certificate if you don't want to setup an internal certificate authority. Many systems that hotels use typically authenticates a user after the system is associated with an access point. There is typically no encryption when you do this. The user hits the gateway which forces an authentication before allowing traffic to pass. Also some hotels use a solution where an account is created manually during check in and the pass code is given to the user. If that interests you, here is one solution: http://www.colubris.com/content.asp?catref=Colubris_Visitor+Management+Software&name=Colubris_Products Hope this helps, --Dante M. Dante Mercurio, CISSP, CCNA -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Nick Duda Sent: Thursday, December 11, 2008 4:12 PM To: 'security-basics () securityfocus com' Subject: Wireless solutions with multiple keys Does anyone know any good products that allow multiple keys (wep/wpa/wpa2) for a single SSID that can be generated dynamically? I think I've seen hotels and such that offer something like this. Example: A local corporate network that serves 500 people. This network has servers and all kinds of stuff. I want to add a wireless network using WEP (I know I know, WEP.just using as example). This wifi network has no connectivity to the local corporate network, rather it connects to a dedicated DSL line. If you are on this wifi network, you are only on the internet. These 500 people have laptops that can only be used on this wifi network. I don't want to share 1 WEP key with 500 people. I want a way, a solution that these 500 people can hit up a webpage or something that will dynamically generate a WEP key for them. This WEP key should be able to expire. This solution can live on the local lan if needed. - Nick
Current thread:
- Wireless solutions with multiple keys Nick Duda (Dec 11)
- RE: Wireless solutions with multiple keys Mercurio, Michael D (Dante) (Dec 11)
- RE: Wireless solutions with multiple keys Nick Duda (Dec 11)
- Re: Wireless solutions with multiple keys Morgan Reed (Dec 12)
- RE: Wireless solutions with multiple keys Danny Puckett (Dec 12)
- RE: Wireless solutions with multiple keys Nick Duda (Dec 11)
- RE: Wireless solutions with multiple keys Mercurio, Michael D (Dante) (Dec 11)