I finally settled on a strategy for wireless security. As wireless access points began appearing on our company's network, we configured them with Cisco's Lightweight Extensible Access Protocol (read my previous article, Migrate WLANs away from Cisco's LEAP). LEAP forces users to authenticate to the access point with their enterprise credentials - the same credentials used for virtual private network access, as well as services such as payroll and Microsoft Exchange e-mail. That's because we use a centralised directory that ties into most of our core applications and lets employees use a single password to sign on.Although LEAP works well, we didn't want to take the chance that those enterprise credentials would become compromised if someone hacked the wireless infrastructure. So I decided to use Protected Extensible Access Protocol (PEAP) with RSA SecurID token authentication. This combination requires a wireless user to enter his user identity and his SecurID token, which is a personal identification number followed by a dynamic number that changes every 60 seconds. This way, even if PEAP is compromised to the extent that the user ID is obtained, the hacker would still need a SecurID token to gain access.
Read this full article at TechWorld
|
|
Only registered users can write comments.
Please login or register.
Powered by AkoComment!