Original Poster Posted October 14, 2012 Share Posted October 14, 2012 Ok basically I am designing a large network which has to handle anywhere between 500-2000 people and have wireless.... fine wireless all good no problem but the network has sensitive information within it and I need to log everyone who uses the wireless so no generic passwords... I need every user to have an individual login to the internet/wirless, so I am guessing leave the wireless open and then have a server as a middle man and wait for some kind of authentication? I can think how it would work in theory but I dont really know what I should do any pointers you can give would help ? Link to comment Share on other sites More sharing options...
Detection Posted October 14, 2012 Share Posted October 14, 2012 Sounds like you would need something similar to how BT Openzone / BT FON works, anyone can connect to any AP but they need their own credentials to log in with. Some sort of hotspot software may be able to recreate that Link to comment Share on other sites More sharing options...
n_K Posted October 14, 2012 Share Posted October 14, 2012 2 Universities I've been to use BlueSocket which is open-wifi, people connect to it, and have to authenticate on an HTTPS server before being given full network/internet access. It's a bit of a pain in the arse in that after login it sends all users to one page (not the page they were attempting to view) and sometimes you get 'Session Error. Please close this browser/tab and start a new session to authenticate'. Or you could do LEAP/PEAP with WPA2 Enterprise and make uses have to connect using their login details to even connect to the wireless. Link to comment Share on other sites More sharing options...
Original Poster Posted October 14, 2012 Author Share Posted October 14, 2012 2 Universities I've been to use BlueSocket which is open-wifi, people connect to it, and have to authenticate on an HTTPS server before being given full network/internet access. It's a bit of a pain in the arse in that after login it sends all users to one page (not the page they were attempting to view) and sometimes you get 'Session Error. Please close this browser/tab and start a new session to authenticate'. Or you could do LEAP/PEAP with WPA2 Enterprise and make uses have to connect using their login details to even connect to the wireless. this leap sounds interesting ... hmm i may have to research all of your suggestions Link to comment Share on other sites More sharing options...
TPreston Posted October 14, 2012 Share Posted October 14, 2012 Active Directory network ? If so use a Windows NPS to authenticate WPA2 Enterprise users Link to comment Share on other sites More sharing options...
djdanster Posted October 14, 2012 Share Posted October 14, 2012 From my understanding you'd be after something such as a Captive Portal. Link to comment Share on other sites More sharing options...
Original Poster Posted October 14, 2012 Author Share Posted October 14, 2012 are any of these free? I mean I have 7-10 servers and loads of switches and routers avalible but I have a 0 budget for software Active Directory network ? If so use a Windows NPS to authenticate WPA2 Enterprise users well we could use a windows server but we were hoping for just linux Link to comment Share on other sites More sharing options...
djdanster Posted October 14, 2012 Share Posted October 14, 2012 For captive portals, A whole list can be found here with tidbits of info about each one and what it runs on. Link to comment Share on other sites More sharing options...
Detection Posted October 14, 2012 Share Posted October 14, 2012 are any of these free? I mean I have 7-10 servers and loads of switches and routers avalible but I have a 0 budget for software well we could use a windows server but we were hoping for just linux If you flashed your routers with DD-WRT firmware, you may be able to do it all for free Link to comment Share on other sites More sharing options...
Original Poster Posted October 14, 2012 Author Share Posted October 14, 2012 If you flashed your routers with DD-WRT firmware, you may be able to do it all for free if i did this I Would probably be beaten with a stick .... while I am in charge of the project im very limited in what I am allowed to do... I can install what ever I want on the servers... the firmware on the cisco equipment must remain as it is... it has to be air tight security while still being able to have a vpn connection from a certain location Detection 1 Share Link to comment Share on other sites More sharing options...
Detection Posted October 14, 2012 Share Posted October 14, 2012 if i did this I Would probably be beaten with a stick .... while I am in charge of the project im very limited in what I am allowed to do... I can install what ever I want on the servers... the firmware on the cisco equipment must remain as it is... it has to be air tight security while still being able to have a vpn connection from a certain location Bad luck, DD-WRT can do all that and more and is probably more secure than stock Maybe give them it as an option / adding extra APs with DD-WRT and leave the current routers as they are Link to comment Share on other sites More sharing options...
n_K Posted October 14, 2012 Share Posted October 14, 2012 Haha cisco secure? No :p Link to comment Share on other sites More sharing options...
+BudMan MVC Posted October 16, 2012 MVC Share Posted October 16, 2012 What wireless routers/APs are you using? Cisco AP, are they standalone or thin (managed via controller)? How many wireless users, you keep mentioning 500-2000 users - your talking an enterprise setup if your talking 2000 wireless users and I would assume you have way more than just 1 AP, and that you would use a controller that yes could point to radius for auth. You could run freeradius if you needed to, or if windows then sure you could use their own built in radius service - what flavor of windows are you running? This is that hospital with medical records that your securing access for? Like I said in your other thread you seem to be way way over your head for these projects. And how would you have zero budget for securing medial records? Was I correct this is some hut in the middle of the 3rd world somewhere? Link to comment Share on other sites More sharing options...
sc302 Veteran Posted October 16, 2012 Veteran Share Posted October 16, 2012 The hospitals that I have worked at all have a healthy budget for IT infrastructure provided you can prove you need it, you can't just want to have it. Link to comment Share on other sites More sharing options...
Recommended Posts