close

Privacy guaranteed - Your email is not shared with anyone.

Welcome to Glock Talk

Why should YOU join our Glock forum?

  • Converse with other Glock Enthusiasts
  • Learn about the latest hunting products
  • Becoming a member is FREE and EASY

If you consider yourself a beginner or an avid shooter, the Glock Talk community is your place to discuss self defense, concealed carry, reloading, target shooting, and all things Glock.

Corp. level wireless security

Discussion in 'Tech Talk' started by havensal, Jan 4, 2006.

  1. havensal

    havensal Nozzle Jockey CLM

    2,939
    1
    Aug 14, 2003
    Western, NY
    We are running a small NT2000 DHCP server with about 30 clients. I have been tasked to look into adding wirless capability for the dozen or so laptops. I have wireless network at home and have done all of the normal steps, (WPA, no SSID broadcast, Etc.).

    What else can be done on a corperate level to make the wireless as secure as posible?

    I am reading up on WPA2.

    Is there any software available to add security?

    How much security does the DHCP add?

    Would we be more vulnerable through the T1 than the wirless with the normal security steps taken?

    Sorry for all of the questions, but I am new to this security thing. Thanks. ;c
     
  2. Egyas

    Egyas Troll Hater

    Because wireless is broadcast, others have the ability to at least "sniff" at the traffic, or attempt to "hack" into the network. The company I work for is very serious about security. Previously, wireless networking was forbidden.

    Now it is acceptable, in limited applications. The access points are plugged into the switches, and the ports that are plugged into are configured to accept VPN traffic only (along with all the other security options). This way, anyone that wants to connect wirelessly must establish a VPN connection (which requires the company mandated software and hardware token).
     


  3. havensal

    havensal Nozzle Jockey CLM

    2,939
    1
    Aug 14, 2003
    Western, NY
    That sounds like a lot of hassle. How user friendly is the login?
     
  4. Egyas

    Egyas Troll Hater

    Well, it depends. The login itself (to windows) is handled by the Windows Domain Server (for account authentication). If they're not currently logged in, it uses cached domain credentials to authenticate login. To connect to the wireless, they choose the wireless network network from the available list, and jump through all the normal hoops (WPA, etc, etc) to connect. After the connection, there is no throughput however. Everything is blocked except VPN traffic.

    Basically, it all the same as your users are doing now, but with one extra step. After connecting to the wireless connection, the user has to fire up the Nortel VPN client (that's the one my company uses for Window$ users, or Apani for us Linux folks), and we enter all our VPN stuff (account name, PIN#, Hardware access token code, etc) to establish the VPN connection. Then traffic runs as normal, if just a bit more slowly.