-2

I have a big wireless network, and I would like to know if there is a mechanism of assuring users legitimacy:

I have 10 access points in the company and all have the same WPA-PSK password. I want a mechanism for protecting users if anyone broke wireless encryption or stole the key from a legitimate user. I want to protect them from sniffing attacks .. and I want a mechanism to ban a sepcific user from the network even if he accessed the wireless network, I want him to be banned from accessing any network facility

I cant use radios servers, and does IpSec help me with my problem (preventing new attackers and stop a specific user) ?

CnativeFreak
  • 712
  • 12
  • 27

2 Answers2

1

In universities, they don't encrypt WLAN at all but use VPN for providing access. With this, intruders can only access WLAN but they can't do anything.

belgther
  • 2,544
  • 17
  • 15
  • is this the only way ? i need to setup a vpn server and make all users connect through vpn to a local server then to the rest of the network facilities ? – CnativeFreak Feb 13 '12 at 12:40
  • I manage a personal OpenVPN server (cert based) for just a few users. This would be a giant pain with students (in particular) on a large scale. But yes probably the only way to guarantee what you're trying to do. By the way the college I went to did use encryption so that blanket statement is false. – Timeout Feb 13 '12 at 13:21
0

An enterprise WPA2 (cert based access) would probably work too, but your hardware has to support it. Search for 802.1x (it also works with wired networks if you have the right switches).

Makdaam
  • 51
  • 3