HPE Community
Communications and Wireless
1849214 Members
7197 Online
104041 Solutions
New Discussion

Re: secure WLAN

 
kcpant
Trusted Contributor

‎09-29-2005 08:59 PM

‎09-29-2005 08:59 PM

secure WLAN

Hi friends,

One of my customer is going to invest on wireless networking inside his campus having around 2 kilometers area. this is an institute where object of WLAN is to provide seemless connectivity to students and visitors thourout the campus. while designing the network, customer asks for some mandatory security measure:

1. all network should run on a very good security key exchange policy. this key should chnage automatically after a certain period (say, 1 hour), and whenever a student goes out of campus and comes back , the system should ask for a new key on conectivity request.

2. the key management should be such that a system administrator could be able to provide proper security key remotely from his cabin to the requeting machine.
3. wireless network will be used only for Internet availability. the system should log any other activity from any system which tries to intrude inside the wired domain network. this log should be mailed automatically to system admin's group.
4. there should be a mechanism which will assign certain hours to every user account, and these hours will decrease automatically upon usage.

thanks in advance, 10 pointers are ready for every good sugestion ;)

regards,
PreSales Specialist
0 Kudos
2 REPLIES 2
Philip Doragh
Trusted Contributor

‎09-29-2005 11:24 PM

‎09-29-2005 11:24 PM

Re: secure WLAN

1. I don't think this will work, how is anyone going to know the new key to be allowed back on? Most groups and enterprises use machine/user authentication within a 802.1x architecture. Once the user/machine is authenticated, they are given the key that allows them on the network. But this means that they need to create a user/machine database and have an authentication infrastructure.

2. How many people does this admin plan to support. Again as with number 1, I don't believe this is a practical solution... better to use a 802.1x based solution using authenication to provide the keys automatically.

3. If the WLAN is only internet connectivity, then either physically isolate the WLAN APs or logically isolate them from the rest of the physical network via VLAN technology within their switching infrastructure. This is mainly "setting up the infrastructure correctly" job.

4. This can be done again if they use a 802.1x based solution. Most authenication servers have policy engines that allow admins to filter who and when the network can be used. For this particular request, it is unlikely to be a default policy, so someone will need to write an authenication server extension to provide that kind of functionality.
0 Kudos
kcpant
Trusted Contributor

‎09-21-2006 06:43 PM

‎09-21-2006 06:43 PM

Re: secure WLAN

Closing open threads..
PreSales Specialist
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.