05-02-2012 07:32 AM
i was wondering what possibility for extra security i have beyond dot1x. because of course it is quite save, but once a username and password is known then anyone could use those.
certificates and machine authentication against radius seems some way to make things more secure, but is there anything else to use?
what are the possibilties to add a token (i.e. RAS, safeword, ...) to the mix? is that something Aruba can take care of or something that requires extra client software?
05-02-2012 07:36 AM
Please read the whitepaper "Building Global Security Policy for Wireless LANs" here: http://www.arubanetworks.com/pdf/technology/whitep
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
05-02-2012 10:26 AM
You could tie the .1X and certificates together with the ClearPass Policy manager to use role-based enforcement per user/device. A token would help during authentication but you may also want to include some post authentication features as well (health checks, ability to define QoS, etc)
05-03-2012 12:13 AM - edited 05-03-2012 12:32 AM
thank you both. that was an interesting read which confirmed some of my ideas and provided some new ones.
the document also mentions the use of tokens. is there any aruba up to date documentation about intergrating a token solution with aruba? i found some old RSA documentation, but not much more.
the best would be to do the intergration with extra software, either on client side (other wireless client then default windows client) and on server side (so no ClearPass or other Radius server then the token one). is that at all possible?