Re: Choosing which way to secure WLANs (IAS, WPA and certs or passwd)
- From: "Robert L [MVP - Networking]" <noreply@xxxxxxxxxxx>
- Date: Thu, 12 Jul 2007 11:52:04 -0500
Agree. That is what we are using.
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"Pieman" <bullens_at_no_spam_nifcoeu.com> wrote in message news:OZlFabIxHHA.3588@xxxxxxxxxxxxxxxxxxxxxxx
Health
certificates are a lot more secure than password strings. The use of
certificates demands a PKI infrastructure whether this be an internal MS
windows CA or a third party CA (i.e. Thwart, Veri-Sign, etc).
The idea behind certificates is that client A trusts client B certificate
and vice versa, so in your case computer certificates would be deployed
across the LAN for the clients and servers, when the client boots and
attempts to connect to the WLAN the request for the computer account to be
authenticated to the LAN is passed via IAS, as long as the computer account
is a member of the allowed group and the computer certificate is valid then
the computer would be allowed to authenticated and logon to the wireless
LAN, after this the client would then receive the Ctrl + Alt + Del screen
allowing the "user" to enter logon credentials to login to the PC and access
resources that they have been granted permissions to.
"Heath" <Heath@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:ECB91673-D85F-42BB-A7A9-25AAF806185B@xxxxxxxxxxxxxxxx
>I have been looking into setting up a wireless LAN and I am debating
>between
> using certificates or not. I read the documents on Securing Wireless using
> certs and Securing using PEAP and passwords. The one using PEAP and
> passwords
> seems to be less complicated but I wondering how much less secure it is.
>
> Lets say I set up the following: RADIUS server (IAS), Microsoft root CA
> (Windows 2003), Wireless Access Points (Proxim), Windows XP clients, WPA
> encryption, settings using group policy. Also, in IAS, I create a group
> with
> the users and computers that can use wireless.
>
> How will the computer authentication work? What does it check for exactly?
> At what point does it get an IP address? What is the risk of being hacked
> compared to installing certificates on the client PC's?
- References:
- Prev by Date: Re: removing remembered drives?
- Next by Date: WIN2003 DHCP expand - Urgent
- Previous by thread: Re: Choosing which way to secure WLANs (IAS, WPA and certs or passwd)
- Next by thread: VPN PPTP on 2003 server wont connect remotely, but will if on same network.. Assistance?
- Index(es):
Relevant Pages
|
Loading
