secure enough?

[nath01]

what do you guys think of this. im going to use radius set up as per this guide:

http://www.windowsnetworking.com/articles_tutorials/Wireless-Networking-Windows-2003.html

using wpa-tkip (256bit) and turn off ssid brawdcast.

do you think this is secure enough for a corp lan?

 

[sostek]

Three things can be done to limit the possibility of illicit use of your wireless network.

1) Don't broadcast the SSID. This does mean you'll have to manually set it on each machine though.

2) Use WEP/WPA and use a decent passphrase to generate the key.

3) Consider MAC filtering.

If those three are in place it'll be fairly difficult for someone to tap in via your wireless network. If you want a good read btw, check out Kevin Mitnick's "The Art of Intrusion". If it doesn't scare the crap out of you I don't know what will.

 

[netmanrick]

How do you manage the AP's?The newer "thin" AP's can be managed by a security switch.
Cisco purchased AireSpace which has good management tools.
Good suggestions from sostek.

Rick Harris
SC Dept of Motor Vehicles
Network Operations

 

[RookThis]

I agree with Netman... Centralized management controller with thin APs, WPA or WPA2 where possible.

 

[rn4it]

Even with what sostek mentions I'd wouldn't allow direct access to the internal corporate VLAN. I'd either terminate the APs into the DMZ and allow only the necessary ports through.

 

[dput]

You could always use 802.1x authentication too.

Dan