Re: Wireless Access Point

There is an issue with ISA, IAS, and VPN. It's described in Owen's document
(link below), but you should definitely look into it if you're using VPN.
If you can switch to RWW instead of VPN, you won't have this problem, but
otherwise, you will.

There are three things to consider when just manually configuring WPA: You
have to do it every time, so as PCs come and go, it's another configuration
step. If someone leaves, you should change the WPA keys as a precaution.
And, the wireless clients will not authenticate to the network until a user
logs in. What the last one means is that if you use Owen's method with
certificates, the PC authenticates during startup, so things like login
scripts and WSUS work whether the user logs in or not.

The thing with having the computer authenticate instead of the user is
pretty cool - you get a wired equivalent experience when working
wirelessly - but if you're using VPN that's probably a deal breaker.

To answer the specific question of WPA and security, that should be fine.
With the certificates, there's two way authentication, so your client PC
will not authenticate to a rogue access point. Other than that, my
understanding is that the security is about the same either way. They're
both WPA.

Configuring Secure Wireless Network Access with Microsoft® Windows® Small
Business Server 2003
http://home.comcast.net/~clearviewtc/


"Ripley" <Ripley@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:FE5F7DDF-9558-4F59-8CEF-EBC373352FD2@xxxxxxxxxxxxxxxx
Chris,

Thanks for your reply and comments.
I guess that was my question really - what possible security risks am I
running by just plugging in this WAP with WPA encryption to my LAN?

Is there a standard method of deployment of WAP's which must be followed
(generally)? And if so, does this config (IAS) and the such have any
bearing
or configuration conflict with my current setup (using ISA 2004 and people
logging in over the VPN from home).

Thanks.

"Cris Hanna [SBS-MVP]" wrote:

The whole issue is not about whether or not it will work as you set it
up, but we all know the security issues surrounding Wireless Networking.
The intent of those instructions and those also written to by Owen
Williams also an SBS-MVPs are to provide you with the highest level of
security possible.

--
Cris Hanna [SBS-MVP]
-------------------------------------------------
Microsoft MVPs
Independent Experts (MVPs do not work for MS)
Real World Answers
---------------------------------------------------------
Please do not contact me directly regarding issues

"Ripley" <Ripley@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:CB7C2797-B357-4841-A6A3-F77538AC7E90@xxxxxxxxxxxxxxxx
This isn't really a problem (I don't think) but more of a question ..

I have an SBS 2003 (Premium with ISA 2004) wired LAN which is running
ok. I
purchased a D-Link Wireless Access Point and downloaded some detailed
notes
on how to configure wireless networking on an SBS2003 network. These
notes
can be found under the heading of "Configure Wireless Networking on
Windows
Small Business Server 2003" under Technet's Library path: Windows Small
Business Server Technical Library - Windows Small Business Server 2003
Technical Library - Operations.

They seemed a bit involved to say the least and involved installing IAS
onto
my SBS 2003 server. As a tester, I connect this Wireless Access Point
to my
laptop, configure it with an IP address and gateway (the gateway being
my SBS
2003 server), then patched it into my wired LAN. I also enabled WPA
encryption too, by the way. I then set my laptop back to DHCP, found
the
wireless network, joined it, entered the key, and hey presto I'm on the
SBS
2003 LAN through the WAP.

This all seems too easy and although I have full access and can see no
problems ... my question is, have I missed something?? Do I really need
to go
through the detailed notes and install IAS as a RADIUS server? All I
want is
for my LAN clients to be able to come into the office and connect to
the SBS
2003 network via wireless.

I am a little naive and inexperienced when it comes to Wireless
networking
so apologies if this question seems a bit silly or I've got the wrong
end of
the stick. I'd just like to check that I've done everything ok .... ??

Thanks


.

Relevant Pages

  • Re: Wireless Access Point
    ... connection, I disconnected the Ethernet cable, turned on the wireless, ... There was no manual configuration on the Vista laptop: ... can be found under the heading of "Configure Wireless Networking on Windows ... Small Business Server 2003" under Technet's Library path: ...
    (microsoft.public.windows.server.sbs)
  • Re: Industry Standard Security and guest wifi access best practice
    ... VPN use-This is something I want to rule out from the start. ... don't support WPA, and if they did then rule out changing the key ever. ... Use WPA to encrypt wireless traffic, ... Connection is simple for the end user and requires no VPN client ...
    (alt.internet.wireless)
  • Re: VPN vs. Cisco LEAP for wireless security ?
    ... use the wireless, and then (assuming you have adequate user account password ... the latest version of the client and access point ... VPN does nothing to guard the front door, so to speak--which is what the ... > Does it make sense use VPN to provide wireless security in my ...
    (microsoft.public.security)
  • Re: RE: Wireless security and VPN
    ... It is imperative that you use VPN to secure any ... >that will be much more secure for wireless however, a GOOD VPN set up will ... Most Cisco wireless gear has this WEP type (called ...
    (Security-Basics)
  • Re: Is wireless viable on and SBS network?
    ... I have trouble believing the point you are suggesting that the wireless ... I've seen machines that don't have proper time sync ignore policy and logon ... Roaming profiles work fine over a VPN, all assuming you are not either too ... the VPN Dialup connection, connect, then initiate the user authentication. ...
    (microsoft.public.backoffice.smallbiz2000)