Re: Wireless Security
- From: Wayne Tilton <Wayne_Tilton@xxxxxxxxxxxxxxxx>
- Date: Tue, 29 Jul 2008 14:42:38 -0700
"Redleg6" <redleg6@xxxxxxxxxxxxxxxx> wrote in
news:ONtzmeZ8IHA.5712@xxxxxxxxxxxxxxxxxxxx:
In our hospital we have a Win2003 domain with about 150
workstations.Six workstations are "Cows" (computer on wheels) that use
a wireless connection to pass senstive medical information. AP's are
Cisco. The wireless part of the connection is secured using EAP-TLS
with user certificates. We are using an Enterprise CA to issue the
certificates. We cannot use autoenrollment for certificates because we
do not have a Window2003 Enterprise server.
We are considering expanding the use of wireless workstations to 50 or
more. This presents an issue for our very small IT staff. Each
wireless workstation is used by about 20 people which means 20 user
certificates have to be installed/manged on each COW.
Question: is there another design that would still provide EAP-TLS
level security for our wireless network with having so many
certificates to manage? Or is there a way to install the certificates,
in-mass, rather than one at a time.
I see two choices, switch from EAP/TLS to PEAP, which only requires a
cert on the RADIUS server, or swtich the machines to do machine
authentication only via the registry:
HKLM\Software\Microsoft\EAPOL\Parameters\General\Global\AuthMode=2
HTH,
Wayne Tilton
.
- Follow-Ups:
- Re: Wireless Security
- From: Miles Li [MSFT]
- Re: Wireless Security
- References:
- Wireless Security
- From: Redleg6
- Wireless Security
- Prev by Date: Re: Trouble accessing shares
- Next by Date: Backup and Restore DHCP
- Previous by thread: Wireless Security
- Next by thread: Re: Wireless Security
- Index(es):
Relevant Pages
|
