Feb Project - Radius? Network Security

Deleted74295

I just don't give out the private wifi key. Works a lot here.

mlnews

@Breffni-Potter said:

I just don't give out the private wifi key. Works a lot here.

I find unplugging the wifi most effective.

hobbit666

@Breffni-Potter & @mlnews
Both excellent options........BUT!!!! not the one I was hoping for lol.

Is Radius still the "in thing" to handle authentication on Wireless stuff or is there a new and better thing we can look into. I don't moind spending company money!!

scottalanmiller

Radius is still quite standard. Don't know if it is the "in thing" anymore, but still very common, popular and accepted.

Dashrender

If you have Active Directory, you could look at their implementation of RADIUS so you only have one user account to worry about, though that probably wouldn't solve your phones on the wrong network problem.

hobbit666

@Dashrender said:

If you have Active Directory, you could look at their implementation of RADIUS so you only have one user account to worry about, though that probably wouldn't solve your phones on the wrong network problem.

Yeah we have AD.
Is just using Username good enough or should we look at using certificates?

Dashrender

@hobbit666 said:

@Dashrender said:

If you have Active Directory, you could look at their implementation of RADIUS so you only have one user account to worry about, though that probably wouldn't solve your phones on the wrong network problem.

Yeah we have AD.
Is just using Username good enough or should we look at using certificates?

That would be up to you - do you want to have to deploy certs to end user devices? Is device level security that important?

Carnival Boy

@Breffni-Potter said:

I just don't give out the private wifi key. Works a lot here.

What's to stop people from simply getting it off their laptop (or their colleague's laptop)?

I will watch this thread with interest as I have a similar problem. At the moment I go into Unifi and manually block any devices that I don't recognise, which keeps things under control but isn't ideal.

hobbit666

@Carnival-Boy said:

@Breffni-Potter said:

I just don't give out the private wifi key. Works a lot here.

What's to stop people from simply getting it off their laptop (or their colleague's laptop)?

I will watch this thread with interest as I have a similar problem. At the moment I go into Unifi and manually block any devices that I don't recognise, which keeps things under control but isn't ideal.

Similar to us at the moment. What I want as a end goal is once a machine has been imaged and logged on with new user Via a cable. It will get WiFi settings from GPO and just connect when the machine is out and about.

Then change the SSID to Corp leaving the guest one for phones and other devices that's isolated already

Deleted74295

@Carnival-Boy said:

@Breffni-Potter said:

I just don't give out the private wifi key. Works a lot here.

What's to stop people from simply getting it off their laptop (or their colleague's laptop)?

What happens is the moment I see your personal device on my network, you hear about it.

If I see it again, your manager hears about it.

Or...

https://community.spiceworks.com/topic/269617-windows-7-and-hiding-the-wireless-password
http://www.thewindowsclub.com/disable-password-reveal-button-windows-8