Wireless Security Best Practises - for a small University (700 Students)

Dazza_Random

Dazza_Random

Dazza_Random

Associate
Joined
14 Sep 2007
Posts
302
Hi,

I have been looking around for wireless network best security practises. However I cannot seem to find any conclusive documentation...

Currently at the University we have Linksys WAP54Gs with stock firmware/DD-WRT and no wireless security... However we do have the Bradford Network NAC version 4 with user authentication and the scanning agent running - is this sufficient?

Thoughts and opinions please.

Also kind of looking at this:
http://www.theregister.co.uk/2010/10/25/firesheep_cookie_capture_peril/

Thanks :cool:
 
Last edited:
If you've just got some sort of http-based login, that's not going to encrypt any of the traffic going across it. It's been a while since I've looked at this, but I'd have thought that running some sort of WPA/PEAP/RADIUS setup that talks back to your user database would be what you need.

That said, I hate the term 'best practice' because people who follow it don't normally have very well defined requirements. So, what exactly are you looking for from your wireless setup? If you're looking for user authentication and encryption of data across the network, then the above will fit that. However, there's no point spending money/time on that unless it does what you need.

My 2p :)
 
Last edited:
Dazza_Random said:
Also kind of looking at this:
http://www.theregister.co.uk/2010/10/25/firesheep_cookie_capture_peril/

Thanks :cool:
Click to expand...

Wired networks are just as vulnerable to 'Firesheep' style attacks, so don't let that be a concern to you other than to not use something silly like open or WEP.

Because you have a large number of users, I would suggest looking at using a RADIUS server for wlan authentication and auditing etc. Something like FreeRadius could be used to setup a unix box for the job, or you could invest in dedicated hardware (can't recommend any though, sure someone else can).

Couple a radius server with suitable access points secured with WPA2 and you should be fairly well setup.

Afraid I lack the hardware knowledge though to advise on that, but certainly strong authentication would be advised, a single pre shared key would be insufficient.
 
You must log in or register to reply here.
Back
Top Bottom