+ Reply to Thread
Results 1 to 3 of 3
  1. Member
    Join Date
    Nov 2011
    Posts
    73
    #1

    Default best practice - giving out work wifi pwd?

    What's the best way to allow a user to connect to a work wifi network (without him knowing the pwd)? we're using both win7 and mac os x.

    if i type it in for him/her, he/she would still know what it is by going to security tab and show text.

    so, what are my options?
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Apr 2012
    Location
    Philippines
    Posts
    800

    Certifications
    MCSA Win7, MCSA 2003 & 2008, MCS, CCNA, VCP5
    #2
    You can create a non-admin account on the user's machine and safely type the password. To reveal it, the user will have to provide admin's credentials.
    Also, you may consider creating a guest network with limited access to the internal network.
    Reply With Quote Quote  

  4. Junior Starcraft Engineer
    Join Date
    Mar 2007
    Location
    Twin Cities, Minnesota
    Posts
    2,777

    Certifications
    A+, Net+, Security+, MCSA 2003, MCTS Win 7, AD, Net Infrastructure
    #3
    If your goal is to provide employees access without providing a pre-shared key, there are several possible solutions.

    Given an AD environment (for Windows) and any kind of device management solution for the Mac(s), you can deploy PSKs/wireless settings via GPO and scripts, respectively. This can be used to provide access to the wireless without actually telling the users the PSK. However, given admin rights and sufficient knowledge users could still retrieve it. I would assume in this context that is acceptable.

    A better approach would be to deploy 802.1x and RADIUS ("Enterprise" authentication). This can allow you to use smart cards, computer certificates, other tokens or even biometrics to authenticate, rather than passwords. Once again, given the proper management solutions in place, these can be deployed transparently on a per-user and/or per-computer basis. AD (or any LDAP) credentials can also be used, meaning each user would connect using his or her standard credentials. In the case of the latter, this doesn't prevent users from sharing credentials, but they have those credentials anyway and could still share them.

    As a compliment to any solution, I generally recommend deploying an Internet-only WiFi for guests or other employees. If the idea is to prevent employees from sharing WiFi passwords with unauthorized users, this helps prevent the desire to do so in the first place.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks