Hi Listonians, I am in the process of deploying a large number of Wireless Routers for a large customers teleworkers (AP/Routers will be at their homes). I am requesting input on best practices and easiest/most secure deployment. Laptops will be used at the office and also at their homes.
Here is what I have so far: 1) Wireless Router with multiple ssid capability. One ssid for the roaming employee to authenticate/associate and a 2nd ssid for rest of family (default ssid?). 2) I Will not be broadcasting ssid's I want to know if Mac filtering will be too much of a headache vs. having the AP proxy the authentication/association to a radius server? If I use Radius, can I make it so only the employee needs to authenticate? I was considering 802.1x (WPA). How do I secure the connection across the Internet from the AP/Router to the Radius server? If I use 802.1x, I am thinking the Radius server back at the corporate location will be on their DMZ. Is the shared Secret in clear text between the AP/Router to the Radius server? What disadvantages/security risks would this design bring? Is PEAP, the most logical choice here? Why wouldn't I use it? Thanks, Jerry
