Re: Certificates for Wireless Networks
- From: CJespersen <asktheexperts@xxxxxxxxxxxxxxxx>
- Date: Tue, 12 Aug 2008 02:54:01 -0700
Hi
I am just wondering if it would be feasible for you to use computer
authentication instead of user authentication for the wireless access. Then
you would only have to install one cert per PC. Still, as Brian indicates, an
Enterprise CA would be preferred and if you have that, the enrollment would
not be a big issue as it would happen automatically.
Even though EAP-TLS implies use of both computer and user certificates, both
authentications are independent and if computer auth succeds, you should be
able to log in using any user account. I understand that this may impose a
risk, that you don't want, as anyone with valid PC logon credentials could
access the wireless network in this case. - just a thought....
--
Claus Jespersen
"S. Pidgorny <MVP>" wrote:
"Windows Server 2008 PKI and Certificate Security ".
The previous edition had "2003" in it.
--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-
* http://sl.mvps.org * http://msmvps.com/blogs/sp *
"Redleg6" <redleg6@xxxxxxxxxxxxxxxx> wrote in message
news:e7uqXpf8IHA.4988@xxxxxxxxxxxxxxxxxxxxxxx
What is the title of your book?
"Brian Komar (MVP)" <brian.komar@xxxxxxxxxxxxxxxxx> wrote in message
news:C72CFB88-BE30-479C-810F-82F6B93DA585@xxxxxxxxxxxxxxxx
The best solution will be to upgrade the CA server to enterprise edition
and use autoenrollment, to be honest with you.
You are growing to the number of workstations where autoenrollment is the
only way to go. You have a management nightmare unless you use
autoenrollment.
Alternatively, look at the enroll.vbs script included in my 2003 PKI
book. A scripted enrollment could be used.
Brian
"Redleg6" <redleg6@xxxxxxxxxxxxxxxx> wrote in message
news:%23IJvHeZ8IHA.4988@xxxxxxxxxxxxxxxxxxxxxxx
In our hospital we have a Win2003 domain with about 150 workstations.Six
workstations are "Cows" (computer on wheels) that use a wireless
connection to pass senstive medical information. AP's are Cisco. The
wireless part of the connection is secured using EAP-TLS with user
certificates. We are using an Enterprise CA to issue the certificates.
We cannot use autoenrollment for certificates because we do not have a
Window2003
Enterprise server.
We are considering expanding the use of wireless workstations to 50 or
more. This presents an issue for our very small IT staff. Each wireless
workstation is used by about 20 people which means 20 user certificates
have to be installed/manged on each COW.
Question: is there another design that would still provide EAP-TLS level
security for our wireless network with having so many certificates to
manage? Or is there a way to install the certificates, in-mass, rather
than one at a time.
- Prev by Date: Re: Utility to Monitor Registry Change
- Next by Date: icacls inheritance options
- Previous by thread: achat zocor canada sur internet un Achat de acheter zocor en France avec livraison commander zocor en France par mail acheter du achat zocor canada acheter achat zocor canada commander en ligne
- Next by thread: Re: Certificates for Wireless Networks
- Index(es):
Relevant Pages
|
