0

I have a base of users that use mobile devices to access back to the office.

there is already lots of existing security. however I would like to add some form of RADIUS authentication on the firewall to further protect access.

My question is there some software that can do this? Can it be done with no end user interaction? ideally I would like to do this using the device IMEI number

The firewall does support the RADIUS protocol Thanks for the help

MK

45networker
  • 1
  • 1
  • *I would like to add some form of RADIUS authentication on the firewall to further protect access.* how does that work without user interaction as per your wish further on in the question? Anyone can pick up the device and use it, so there might be a use case for radius authentication of the user before granting access to sensitive stuff but not otherwise. Sorry if this sounds rude but I'm getting the impression you want to turn it on because its "more secure" and "more secure" is a good thing, not because you have a specific threat which RADIUS would specifically address. – Rob Moir Mar 03 '11 at 12:26
  • I think the way you need to go is have your own mobile phone APN i would speak with your provider about this. You can then setup your radius authentication on the phone, there is no user interaction at all as you configure advanced settings depending on the handset. – JamesK Mar 03 '11 at 12:31
  • The firewall adds the security RADIUS adds the means to authenticate. There is already security preventing access to sensative data. The aim is to add a way of the firewall denieing access to devices not in the database. – 45networker Mar 03 '11 at 12:34
  • Already have APN – 45networker Mar 03 '11 at 12:35
  • Use VPN. Android and iPhone has built-in support for that. I doubt that someone with a non-smartphone is accessing your corporate network. – Andrejs Cainikovs Jan 25 '12 at 14:57

2 Answers2

1

As far as I know (and hope), the IMEI doesn't get sent over TCP/IP, so you would need some special software installed on your users phones that connect to your system.

Sven
  • 98,649
  • 14
  • 180
  • 226
  • IMEI is as i can see this in some other SW that i use. It is also used by the mobile phone network in there back end, also leading me to think it does. – 45networker Mar 03 '11 at 12:26
  • @45networker: But the mobile phone network doesn't use IP, it has its own protocols. – user1686 Mar 03 '11 at 14:18
0

Your best bet here would be to run RADIUS with EAP-SIM and installing the certs from the SIM on the RADIUS server - this could be done to provide IPsec VPN access, or to authenticate WLAN clients. In the latter case the certs need to be installed RADIUS server depending much on your how you built your WLAN.

Geir
  • 1
  • 1
    No, this will not work, as SIM triplets are known only to the mobile operator. As far as I understand, the question is about connection *to* the office network, no *within* the office. – Andrejs Cainikovs Jan 25 '12 at 14:55