Security

last person joined: 20 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Secure Wireless LAN Deployment checklist

This thread has been viewed 0 times

  • 1.  Secure Wireless LAN Deployment checklist

    Posted Sep 01, 2012 01:42 PM

    Hello again

    I would like to ask if there is anything else important i would be missing in a secure wireless lan deployment

     

    I already set up a laboratory having the fallowing things for security:

     

    1-EAP TLS

    2-Enforce Machine Authentication

    3-Enforce DHCP

    4-User Dervation rules, aeach group of users will have their own role in which its defined where they can go.

     

    5-IPS/IDS with Air monitor

    a-Rogue AP Containment

    b-tarpid non valid stations

    c-Protect from AP impersonating

    d-Protect valid clients


    What else could i add to this Securte Wireless Lan Deployment? 

    i know i need to work more with the IPS/IDS...  any suggestions are welcome

    What else i could add for a really secure wireless deployment what things are missing on my list that i should add to my demo network for my presentations for new clients? :)  it also will help to see what else i could configure to clients that already got the solution and they dont have...



  • 2.  RE: Secure Wireless LAN Deployment checklist

    EMPLOYEE
    Posted Sep 04, 2012 09:44 PM

    With EAP-TLS you have a great start.  With the rest of your list, you are certainly very well rounded!



  • 3.  RE: Secure Wireless LAN Deployment checklist

    Posted Sep 04, 2012 10:05 PM

    Well i did my first demo on my lab today which went okay.. and i realize that i will have to add like a powerpoint when im explaining what this is all about...

    The client does have EAP PEAP and i was trying to expliain him the difference between EAP PEAP and EAP TLS(and also the requirements) and well after that i realize that its better having a powerpoint  and also trying to explain it in a non soo technical way as i was presenting also to some managers... im actually new doing this kind of stuff as my main role is installing and configuring Wireless solution and routing and switching and firewall equipoments.... but im sure i will learn!

    At the end he liked the idea of having EAP TLS, and specially the derived roles :)

     

    Im focusing more with Aruba as is the solution i like the most of what we sell....

     

    The next step is adding to this lab its  IPS/IDS  as i just presented  from point 1 to 4 today, as he just wanted a presentation of what else he could do for security  without buying new liceses or hardware(as he will need air monitors for IPS/IDS)

     

    After im done with this ill create a lab to demostrate performace and features of aruba 

     

    Then i need to add it the airwaves

     

    Then i need to add aruba switch

     

    My boss willl help with the clearpass...

     

    There is a lot i need to be done... :)

     

     

     

    Anyways thanks for the comment Collin at least i know now im going in the correc way after your comment!

     

    Cheers

    Carlos