What are you using for your company's wireless authentication?

TesseracT

Just wondering how people are securiing their corporate wireless networks...

At my company we currently use RSA authentication, secure enough but to connect to the wireless the client needs an RSA EAP agent. Fine for our Windows computers but no clients exist on apple devices which is really becoming a problem... We really don't want to create a new network just for ipads/iphones etc.

Have been playing with the idea of scrapping RSA for wireless (but keeping it for our remote access) and implementing another system that's a but friendlier to our iDevices. Have looked at Aruba Clearpass (looks quite nice but I'm not convinced), or just using a Microsoft Cert server (meh) but would like to see how everyone else is locking theirs down

Mstavridis

Right now I deploy WAP2000, but I recently convinced uppermangment to switch to PFsense. Soon we will be rocking the best for the least amount of money.

dustinmurphy

For our "guest" wireless... we used WPA.

At my last company, for our IT vlan wireless, I believe we used PEAP... for guest wireless we used WPA.

Jack2

On my two wireless networks with 700+ active wireless devices. I have a Milton Security NAC: Edgewall 7200 system supporting 4 multi-story buildings inline with Fortinet Firewalls. Supporting two other Buildings a BlueSocket 5200 controller w/ Blueprotect. Both authenticate via Active Directory

unclerico

This isn't necessarily just for wireless, but we are going to be taking a look at Forescout. The Director at my company went to the last Gartner conference and mid-market CIO conference and BYOD was the big topic at hand. Forescout looks to have some pretty decent solutions to the problem. Right now our Guest WLAN is open/unsecured using a captive portal that is on a schedule from 6AM to 6PM, our secured WLAN is EAP/TLS, and our third wireless network is for our Intermec devices secured with WEP (I know, I shouldn't use WEP and secured in the same sentence). Our AP's have stateful firewalls built-in so I am able to simply lock down the destination host addresses and ports that they need access to and shut everything else off. I'm not as paranoid now as I was before our Aerohive implementation with somone compromising the WEP key and gaining access to the network...

ptilsen

For most of our clients (who are small) we are using WPA2 PSKs. At out office and some clients, we use WPA2 with RADIUS.

In your situation, I would use WPA2 with RADIUS and have non-PC devices use their domain credentials. Alternatively, if they don't even need domain-authenticated access, just use a PSK and rotate it quarterly.

Roguetadhg

ptilsen wrote: »

For most of our clients (who are small) we are using WPA2 PSKs. At out office and some clients, we use WPA2 with RADIUS.

In your situation, I would use WPA2 with RADIUS and have non-PC devices use their domain credentials. Alternatively, if they don't even need domain-authenticated access, just use a PSK and rotate it quarterly.

Considering the company doesn't want to spend anything more than a few bucks - a cheapo linksys - wpa2 personal. I was thinking about doing further research into wireless. But making Wireless accessible is on the very low list of priorities for research.

qcomer

Ruckus wireless equipment.

Microsoft nps server for computer based radius authentication for secure network, wpa2 for our guest network.