Hmm, I want to access my organization's resources over Wi-Fi -- why treat it as untrusted? The security with WPA2 using AES is more than sufficient.
Frank -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of David Lang Sent: Saturday, April 06, 2013 12:34 AM To: Brian Gold Cc: [email protected] Subject: Re: [lopsa-tech] Wifi On Fri, 5 Apr 2013, Brian Gold wrote: > We've been using Cisco WCS controllers and APs here at $employer, but for a > smaller scale I've been very happy with Ubiquity APs and controllers. I > would HIGHLY recommend setting up radius authentication if you have > a centralized ldap system (Active Directory, OpenLDAP, etc). I would actually go the opposite direction. Your Wifi is an untrusted network that can be sniffed and attacked by anyone in the area. So don't let it connect directly to your internal network. Consider it a guest network, just like a hotel network, and have all your users connect to your company resources through a VPN, just like they would from home or a hotel. Then you can consider if you want to have the network locked down so that it can only be used for VPN traffic, or if you really do want it to be a guest network, able to reach the Intenet (for at least some things) David Lang _______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
