Jump to content



Photo

wireless log in tips?


  • Please log in to reply
13 replies to this topic

#1 Original Poster

Original Poster

    Systems Developer

  • Tech Issues Solved: 1
  • Joined: 15-July 08
  • Location: my room
  • OS: windows 7/8, Kali, ubuntu, OSx 10.9
  • Phone: Android

Posted 14 October 2012 - 13:22

Ok basically I am designing a large network which has to handle anywhere between 500-2000 people and have wireless.... fine wireless all good no problem but the network has sensitive information within it and I need to log everyone who uses the wireless so no generic passwords...

I need every user to have an individual login to the internet/wirless, so I am guessing leave the wireless open and then have a server as a middle man and wait for some kind of authentication?

I can think how it would work in theory but I dont really know what I should do any pointers you can give would help ?


#2 Detection

Detection

    Detecting stuff...

  • Joined: 30-October 10
  • Location: UK
  • OS: 7 SP1 x64

Posted 14 October 2012 - 13:30

Sounds like you would need something similar to how BT Openzone / BT FON works, anyone can connect to any AP but they need their own credentials to log in with.

Some sort of hotspot software may be able to recreate that

#3 n_K

n_K

    Neowinian Senior

  • Tech Issues Solved: 3
  • Joined: 19-March 06
  • Location: here.
  • OS: FreeDOS
  • Phone: Nokia 3315

Posted 14 October 2012 - 13:31

2 Universities I've been to use BlueSocket which is open-wifi, people connect to it, and have to authenticate on an HTTPS server before being given full network/internet access. It's a bit of a pain in the arse in that after login it sends all users to one page (not the page they were attempting to view) and sometimes you get 'Session Error. Please close this browser/tab and start a new session to authenticate'.

Or you could do LEAP/PEAP with WPA2 Enterprise and make uses have to connect using their login details to even connect to the wireless.

#4 OP Original Poster

Original Poster

    Systems Developer

  • Tech Issues Solved: 1
  • Joined: 15-July 08
  • Location: my room
  • OS: windows 7/8, Kali, ubuntu, OSx 10.9
  • Phone: Android

Posted 14 October 2012 - 13:40

2 Universities I've been to use BlueSocket which is open-wifi, people connect to it, and have to authenticate on an HTTPS server before being given full network/internet access. It's a bit of a pain in the arse in that after login it sends all users to one page (not the page they were attempting to view) and sometimes you get 'Session Error. Please close this browser/tab and start a new session to authenticate'.

Or you could do LEAP/PEAP with WPA2 Enterprise and make uses have to connect using their login details to even connect to the wireless.


this leap sounds interesting ... hmm i may have to research all of your suggestions

#5 TPreston

TPreston

    Neowinian Senior

  • Tech Issues Solved: 1
  • Joined: 18-July 12
  • Location: Ireland
  • OS: Windows 8.1 Enterprise & Server 2012R2/08R2 Datacenter
  • Phone: Nokia Lumia 1520

Posted 14 October 2012 - 13:43

Active Directory network ? If so use a Windows NPS to authenticate WPA2 Enterprise users

#6 +djdanster

djdanster

    Neowin elite

  • Tech Issues Solved: 2
  • Joined: 28-October 08
  • Location: England, Great Britain
  • OS: Windows 8.1
  • Phone: Samsung Galaxy S4 White Frost

Posted 14 October 2012 - 13:53

From my understanding you'd be after something such as a Captive Portal.

#7 OP Original Poster

Original Poster

    Systems Developer

  • Tech Issues Solved: 1
  • Joined: 15-July 08
  • Location: my room
  • OS: windows 7/8, Kali, ubuntu, OSx 10.9
  • Phone: Android

Posted 14 October 2012 - 14:10

are any of these free? I mean I have 7-10 servers and loads of switches and routers avalible but I have a 0 budget for software

Active Directory network ? If so use a Windows NPS to authenticate WPA2 Enterprise users


well we could use a windows server but we were hoping for just linux

#8 +djdanster

djdanster

    Neowin elite

  • Tech Issues Solved: 2
  • Joined: 28-October 08
  • Location: England, Great Britain
  • OS: Windows 8.1
  • Phone: Samsung Galaxy S4 White Frost

Posted 14 October 2012 - 14:18

For captive portals, A whole list can be found here with tidbits of info about each one and what it runs on.

#9 Detection

Detection

    Detecting stuff...

  • Joined: 30-October 10
  • Location: UK
  • OS: 7 SP1 x64

Posted 14 October 2012 - 14:25

are any of these free? I mean I have 7-10 servers and loads of switches and routers avalible but I have a 0 budget for software



well we could use a windows server but we were hoping for just linux


If you flashed your routers with DD-WRT firmware, you may be able to do it all for free

Posted Image


Posted Image

#10 OP Original Poster

Original Poster

    Systems Developer

  • Tech Issues Solved: 1
  • Joined: 15-July 08
  • Location: my room
  • OS: windows 7/8, Kali, ubuntu, OSx 10.9
  • Phone: Android

Posted 14 October 2012 - 15:18

If you flashed your routers with DD-WRT firmware, you may be able to do it all for free

Posted Image


if i did this I Would probably be beaten with a stick .... while I am in charge of the project im very limited in what I am allowed to do... I can install what ever I want on the servers... the firmware on the cisco equipment must remain as it is... it has to be air tight security while still being able to have a vpn connection from a certain location

#11 Detection

Detection

    Detecting stuff...

  • Joined: 30-October 10
  • Location: UK
  • OS: 7 SP1 x64

Posted 14 October 2012 - 15:29

if i did this I Would probably be beaten with a stick .... while I am in charge of the project im very limited in what I am allowed to do... I can install what ever I want on the servers... the firmware on the cisco equipment must remain as it is... it has to be air tight security while still being able to have a vpn connection from a certain location


Bad luck, DD-WRT can do all that and more and is probably more secure than stock

Maybe give them it as an option / adding extra APs with DD-WRT and leave the current routers as they are

#12 n_K

n_K

    Neowinian Senior

  • Tech Issues Solved: 3
  • Joined: 19-March 06
  • Location: here.
  • OS: FreeDOS
  • Phone: Nokia 3315

Posted 14 October 2012 - 20:30

Haha cisco secure? No :p

#13 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 96
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 16 October 2012 - 16:40

What wireless routers/APs are you using? Cisco AP, are they standalone or thin (managed via controller)?

How many wireless users, you keep mentioning 500-2000 users - your talking an enterprise setup if your talking 2000 wireless users and I would assume you have way more than just 1 AP, and that you would use a controller that yes could point to radius for auth. You could run freeradius if you needed to, or if windows then sure you could use their own built in radius service - what flavor of windows are you running?

This is that hospital with medical records that your securing access for? Like I said in your other thread you seem to be way way over your head for these projects. And how would you have zero budget for securing medial records? Was I correct this is some hut in the middle of the 3rd world somewhere?

#14 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 28
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 16 October 2012 - 17:46

The hospitals that I have worked at all have a healthy budget for IT infrastructure provided you can prove you need it, you can't just want to have it.