Security

Reply
MVP
Posts: 2,958
Registered: ‎10-25-2011

Secure Wireless LAN Deployment checklist

[ Edited ]

Hello again

I would like to ask if there is anything else important i would be missing in a secure wireless lan deployment

 

I already set up a laboratory having the fallowing things for security:

 

1-EAP TLS

2-Enforce Machine Authentication

3-Enforce DHCP

4-User Dervation rules, aeach group of users will have their own role in which its defined where they can go.

 

5-IPS/IDS with Air monitor

a-Rogue AP Containment

b-tarpid non valid stations

c-Protect from AP impersonating

d-Protect valid clients


What else could i add to this Securte Wireless Lan Deployment? 

i know i need to work more with the IPS/IDS...  any suggestions are welcome

What else i could add for a really secure wireless deployment what things are missing on my list that i should add to my demo network for my presentations for new clients? :)  it also will help to see what else i could configure to clients that already got the solution and they dont have...

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Guru Elite
Posts: 20,811
Registered: ‎03-29-2007

Re: Secure Wireless LAN Deployment checklist

With EAP-TLS you have a great start.  With the rest of your list, you are certainly very well rounded!



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 2,958
Registered: ‎10-25-2011

Re: Secure Wireless LAN Deployment checklist

Well i did my first demo on my lab today which went okay.. and i realize that i will have to add like a powerpoint when im explaining what this is all about...

The client does have EAP PEAP and i was trying to expliain him the difference between EAP PEAP and EAP TLS(and also the requirements) and well after that i realize that its better having a powerpoint  and also trying to explain it in a non soo technical way as i was presenting also to some managers... im actually new doing this kind of stuff as my main role is installing and configuring Wireless solution and routing and switching and firewall equipoments.... but im sure i will learn!

At the end he liked the idea of having EAP TLS, and specially the derived roles :)

 

Im focusing more with Aruba as is the solution i like the most of what we sell....

 

The next step is adding to this lab its  IPS/IDS  as i just presented  from point 1 to 4 today, as he just wanted a presentation of what else he could do for security  without buying new liceses or hardware(as he will need air monitors for IPS/IDS)

 

After im done with this ill create a lab to demostrate performace and features of aruba 

 

Then i need to add it the airwaves

 

Then i need to add aruba switch

 

My boss willl help with the clearpass...

 

There is a lot i need to be done... :)

 

 

 

Anyways thanks for the comment Collin at least i know now im going in the correc way after your comment!

 

Cheers

Carlos

 

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Search Airheads
Showing results for 
Search instead for 
Did you mean: