Wireless lan validating identity

Malicious insiders and attackers may also set up rogue or unauthorized wireless access points and trick employees into connecting.

Such access points allow attackers to monitor employee activities.

wireless lan validating identity-70

Cisco Meraki MR access points offer a number of authentication methods for wireless association, including the use of external authentication servers to support WPA2-Enterprise.

This article outlines Dashboard configuration to use a RADIUS server for WPA2-Enterprise authentication, RADIUS server requirements, and an example server configuration using Windows NPS.

Alternatively, network access control (NAC) systems could prevent the recognition of any unauthorized device.

A NAC system typically provides an IP address only after validating that the newly connected device is authorized, by means of some identification (such as a computer's physical address-MAC address-or certificate) or pre-installed client software.

Management should consider limiting the WLAN signal to authorized areas, within the boundaries of the institution, if feasible.

Management should use an industry-accepted level of encryption with strength commensurate with the institution's risk profile on the institution's wireless networks.

The following image provides a detailed breakdown of the PEAP with MSCHAPv2 association process: When WPA2-Enterprise with 802.1X authentication is configured, the following attributes are present in the Access-Request messages sent from the Cisco Meraki access point to the customer's RADIUS server.

Note: Certificate-based authentication using EAP-TLS is also supported by the Meraki platform, but is outside the scope of this document.

Wireless access points are the devices that broadcast the radio wave signals and should be physically secure to prevent compromise and securely configured to provide the same level of control as a wired connection.

Wireless gateways can allow management to implement more complex access controls, including advanced identity management capabilities and services to detect and remediate malicious software.

Policies should prohibit installation of wireless access points and gateways without approval and formal inclusion in the hardware inventory.

Tags: , ,