Reaching out for Enterprise Security Help

My current environment is a medium size hospital with mulitple campuses. We have a number of different types of devices; Laptops, CoW's (Computer on Wheels) 7921's, BlackBerry's. Currently the majority of my clients are running WPA/WPA2-PSK. Personally, I'm sick to death of PSK. It's an easy and samll footprint, but managing keys is a major pain in the butt. At any one time I have an average of 500 clients connected to my WLC's (4.2.205). I've been trying to run a project on moving the devices to an EAP scenerio. Laptops work fine in EAP-TLS as do BlackBerry's but as everyone knows, EAP-TLS has some authentication overhead. Here's my problem, the CoW's. The CoW is simply a mini-pc put into a specialized cart that the nurses pull from room to room for BedSide Meds and such. With EAP-TLS testing I'm having a lot of issues with the authentication taking to long and the user getting kicked out of their app, Meditech. Our version of Meditech is basically a crap telnet application and if it doesn't get a response quickly it'll throw you to the desktop. Also, although I know EAP-TLS had some overhead, I'm dissapointed in it's roaming ability and how slow it is. As I see it, the users I have testing EAP-TLS on laptops and Blackberry's are not truely mobile. They typically don't attempt to use their device while on the move versus's the CoW. Here are a few things I've ran into in trying to figure out a security solution and hopefully you guys can help me out and suggest somethings I haven't thought of:
EAP-TLS - Obvious overhead issues as stated above. Is anyone running this in a similiar environment, how do you deal with it?
PEAP - Rely's on a strong user/pass which does not work in our world. The nurses log into the CoW witha generic username/password that pretty much everyone is aware of. Although Windows it's self is locked WAY down, your still on the network if you have access to this user/pass.
EAP-FAST - As I understand it, with EAP-FAST and MSCHAPv2, there's a PAC for each user. If the user logs in more then once from different locations, I suspect this would be a problem. Not to mention I'm not sure how the manageability on usernames would work. I looked at using the Certificate on the machine to do the authentication and setting EAP-FAST to require this for autehntication and it works fine for my laptop and the IntelPro/Set Wireless utility but on the CoW's, not so.. The Cow's have an Atheros AR5006x chip and with the Atheros Client Utility, the utility will only allow you to select a personal cert, not a machine certificate for anything. Does anyone know of an Client Utility that will allow me to do this with out spending $$$$ or of Atheros Client that will allow me to do this?
How is everyone else providing an enterprise solution with manageabillity and stability?

Extensible Authentication Protocol (EAP) is an IETF RFC that stipulates that an authentication protocol must be decoupled from the transport protocol used to carry it. This allows the EAP protocol to be carried by transport protocols such as 802.1X, UDP, or RADIUS without having to make changes to the authentication protocol itself.
•PEAP MSCHAPv2-Protected EAP MSCHAPv2. Uses a Transport Layer Security (TLS) tunnel, (the IETF standard of an SSL) to protect an encapsulated MSCHAPv2 exchange between the WLAN client and the authentication server.
•PEAP GTC-Protected EAP Generic Token Card (GTC). Uses a TLS tunnel to protect a generic token card exchange; for example, a one-time password or LDAP authentication.
•EAP-FAST-EAP-Flexible Authentication via Secured Tunnel. Uses a tunnel similar to that used in PEAP, but does not require the use of Public Key Infrastructure (PKI).
•EAP-TLS-EAP Transport Layer Security uses PKI to authenticate both the WLAN network and the WLAN client, requiring both a client certificate and an authentication server certificate.
http://www.cisco.com/application/pdf/en/us/guest/netsol/ns386/c649/ccmigration_09186a0080871da5.pdf

Similar Messages

  • Setting time outs for a secure connection

    I am researching on setting up a secure application incorporating two authentication
    mechanisms:
    a) Mutual Authentication to verify certificates
    b) RDBMS Security Realm to validate username/password combinations
    I desire a time out to take place after an hour of dormant time passes on the
    connection forcing the user to re-authenticate. Any suggestions on how to configure
    such behavior? I have been digging around the documentation for a while now and
    I have not found anything specific controlling this time out duration.
    Thanks for the help.
    -cb

    http://www.bulletsandbones.com/GB/GBFAQ.html#exportexactlength

  • Spdif out for Audigy (please help as soon as possib

    Plz i need help in this matter...i read all the related topics about it in this board but i still dont get it and still not working..
    I copied some movies (dvds) to my pc (on the hard disk)and i tried to play them from the pc using windvd software..i connect my soundcard from the spdif out to the coaxial input(digital in) in my onkyo receiver but still the sound not working.
    I selected the 'SPDIF' as the audio output method in my windvd software and i selected the 'SPDIF Pass-through' in my audigy 5.soundcard .
    Please could i know what to do so the spdif output work..i tried all the ways but couldn't know whats the problem..please waiting for the reply..
    Thanking you in advacnce.
    regards,
    shadi

    Download the freeware utility Renamer4Mac (VersionTracker or MacUpdate.)

  • "Copy Selected Albums" Option Grayed Out for Synchronizing Photos--Help!!

    I purchased a 60GB Video iPod a week ago. I cannot get it to sync my photos. When I select "Synchronize photos from iPhoto," the option to "Copy all photos and albums" is selected and the option to "Copy Selected Albums" is grayed out. If I try to sync all the albums, I get an Error -50. I can, however, copy & sync photos by selecting my Pictures folder (either all folders or selected folders). But, that won't give me my photos organized by album in iPhoto.
    I rebuilt the iPhoto database and deleted/trashed preferences. No help. Any thoughts would be appreciated. Apple has been no help and I have searched and searched these forums over many days, with no success.

    I had this problem after I imported a bunch of photos. I narrowed it down and found that two of my pictures had the word "photo" in the filename, example(photo003.jpg and photo004.jpg). I deleted these files and the "copy selected ablums" was available again.
    Hope this helps!!

  • Ipad frozen in voiceover mode. will not accept my passcode and has locked me out for one hour. help?

    while watching movie, it failed to download remainder. I had turned  it off to try to reset and then ended up freezing in Voiceover mode. It's  not acceping my passcode either and I'm wondering if it reset to factory passcode. Have it hooked to my laptop and it doesn't seem to want to open there either (though maybe because it's locked). I am backed up to iCloud but how do I get it to unlock???

    Try triple-click Home button (must be quick)

  • Using Microsoft Security Essential as Enterprise security solution and deploy via domain policy

    hi, All,
    I am trying to deploy Microsoft Security Essential in a enterprise via domain policy, and met following questions ,Would anyone help?
    1. Is Microsoft Security Essential the right choice for enterprise security protection solution and if Security essential will cover enterprise security scenario in future? It seems Microsoft had Forefront Endpoint Protection as enterprise security
    solution but it was deprecated.   While, Security Essential is mainly target for consumers.
    2. I can extract msi from setup.exe, but is there an official MSI version of Security Essential? Is there any document about the MSI parameters? 
    3. Is there a domain policy template(admx) for Security Essential?
    4. As Security Essential has x86 and x64 versions. and it has built-in in win8. How would I make sure
             x86 computers install x86 msi of security essential.
             x64 computers install x64 msi of securit yessential.
            win8,win8.1 computers ignore the installation request.
            through  Group Policy Editor > Computer Configuration > Software Settings > Software Installation > New > Package

    Hi
    You are correct, Microsoft Security Essential is not for Enterprise use.
    Technical you can deploy it but its hard to manage central.
    Microsoft Enterprise solution for antimalware is System Center 2012 Endpoint Protection which is included in System Center 2012 Configuration Manager.

  • Internal SD Encryption & Enterprise Security

    Does Sony has any plans for the above?
    Internal SD encryption is something that a lot of users have been seeking. And the fact that Android doesn't have this feature built in or there's no such app in the Play store makes it more appealing to have it built in on Xperia phones. The current Android encryption only effect the 'data' partition and not the internal sd card. Which becomes an issue when an Xperia phone is lost or stolen. All one need to do is flash a new os, erasing all user data, but the content in the internal sd is still intact.
    As for Enterprise Security, it's something that Xperia phones need to have if it wants to penetrate the Enterprise Market that are still being dominated by Blackberrys. Samsung has Knox, and it's about time Xperia has one of it's own. 

    I continue to refer Sony's whitepapers. ;-) This time the section about memory in Android devices from http://www-support-downloads.sonymobile.com/c6602/whitepaper_EN_c6602_xperia_z.pdf
    "In Sony Mobile 2013 products, “Internal Storage” is now the union of what was previously known as “Phone Memory” (for applications and their data. “/data”) and “Internal Storage” (for user’s content, “/sdcard”). The reason for this change is to make the use of available memory more flexible, and also to enable the optional encryption of user’s content."
    This basically means that there are no such things as  "data partition" or " internal sd-card" anymore, only one big "internal storage" that holds everything. When it is encrypted, everything stored on the phone is encrypted.

  • I'm trying to set up an iPad for work and the apple id I was trying to use came back expired. I set a new password and then it said it was invalid. Now I'm locked out for too many tries answering security questions that I don't remember setting up. Help!

    I seem to be stuck in apple ID ****. First the password was expired only two minutes after I finished setting up the account and then the new password was invalid.  I don't know what to try next but this is making me crazy.  And I'm locked out for eight hours for too many attempts at answering questions that I never set up in the first place. I don't know what gives but something is way off. I need to set up this iPad for work but I can't get past the login.

    Place the iOS device in Recovery Mode and then connect to your computer and restore via iTunes. The iPod will be erased. Some glitch occured and you have to restore/erse the iPod. Y will have to restore from an existing backup if y ohave one.
    iOS: Wrong passcode results in red disabled screen                         
    If recovery mode does not work try DFU mode.                        
    How to put iPod touch / iPhone into DFU mode « Karthik's scribblings        
    For how to restore:
    iTunes: Restoring iOS software
    To restore from backup see:
    iOS: How to back up     
    If you restore from iCloud backup the apps will be automatically downloaded. If you restore from iTunes backup the apps and music have to be in the iTunes library since synced media like apps and music are not included in the backup of the iOS device that iTunes makes.
    You can redownload most iTunes purchases by:
    Downloading past purchases from the App Store, iBookstore, and iTunes Store        

  • The OMS is not set up for Enterprise Manager Security

    Hi, I'm trying to add an agent to grid control and its not connecting with the management server because i cant secure it...
    bash-2.05$ ../../bin/emctl secure agent <password>
    Oracle Enterprise Manager 10g Release 3 Grid Control 10.2.0.3.0.
    Copyright (c) 1996, 2007 Oracle Corporation. All rights reserved.
    Agent is already stopped... Done.
    Securing agent... Started.
    Requesting an HTTPS Upload URL from the OMS... Failed.
    The OMS is not set up for Enterprise Manager Security.
    i have tried this on two seperate servers, both do the exact same thing. However, on my repository server where the OMS is housed, i can secure the agent no problem. Does anyone know what the problem could be? My OMS is on a Linux (SuSE 10.2) 32-bit machine.
    heres the emdctl.trc on the agent machine:
    2007-07-11 11:00:20 Thread-1 ERROR main: nmectla_agentctl: Error connecting to http://cbldb3:3872/emd/main/. Returning status code 1
    2007-07-11 11:00:21 Thread-1 WARN http: snmehl_connect: connect failed to (cbldb3:3872): Connection refused (error = 239)
    2007-07-11 11:00:21 Thread-1 ERROR main: nmectla_agentctl: Error connecting to http://cbldb3:3872/emd/main/. Returning status code 1
    2007-07-11 11:00:21 Thread-1 WARN http: snmehl_connect: connect failed to (cbldb3:3872): Connection refused (error = 239)
    2007-07-11 11:00:21 Thread-1 ERROR main: nmectla_agentctl: Error connecting to http://cbldb3:3872/emd/main/. Returning status code 1
    2007-07-11 11:00:22 Thread-1 WARN http: snmehl_connect: connect failed to (cbldb3:3872): Connection refused (error = 239)
    2007-07-11 11:00:22 Thread-1 ERROR main: nmectla_agentctl: Error connecting to http://cbldb3:3872/emd/main/. Returning status code 1
    2007-07-11 11:05:10 Thread-1 WARN http: snmehl_connect: connect failed to (cbldb3:3872): Connection refused (error = 239)
    2007-07-11 11:05:10 Thread-1 ERROR main: nmectla_agentctl: Error connecting to http://cbldb3:3872/emd/main/. Returning status code 1
    2007-07-11 11:10:08 Thread-1 WARN http: snmehl_connect: connect failed to (cbldb3:3872): Connection refused (error = 239)
    2007-07-11 11:10:08 Thread-1 ERROR main: nmectla_agentctl: Error connecting to http://cbldb3:3872/emd/main/. Returning status code 1
    bash-2.05$ lsof | grep 3872
    bash-2.05$
    seems to be failing the connect but nothing is running on the port so i'm not sure why
    Thanks in advance
    Message was edited by:
    user581869

    some further information and hopefully someone can help me...
    I went to the OMS binary folder (fmc45712:$OMS_HOME/bin) and executed the following commands...
    $OMS_HOME/opmn/bin/opmnctl stopall
    $OMS_HOME/bin/emctl stop oms
    $OMS_HOME/bin/emctl secure oms
    $OMS_HOME/bin/emctl start oms
    $OMS_HOME/opmn/bin/opmnctl startall
    then i go to $AGENT_HOME on the OMS machine (fmc45712:$AGENT_HOME/bin) and execute..
    $AGENT_HOME/bin/emctl status agent -secure
    Oracle Enterprise Manager 10g Release 3 Grid Control 10.2.0.3.0.
    Copyright (c) 1996, 2007 Oracle Corporation. All rights reserved.
    Checking the security status of the Agent at location set in /opt/oracle/OracleHomes/agent10g/sysman/config/emd.properties... Done.
    Agent is secure at HTTPS Port 3872.
    Checking the security status of the OMS at http://fmc45712:4889/em/upload/... Done.
    OMS is secure on HTTPS Port 1159
    I then to go the server i deployed the agent on that i want to get communicating wtih my OMS...
    $AGENT_HOME/bin/emctl status agent -secure
    Oracle Enterprise Manager 10g Release 3 Grid Control 10.2.0.3.0.
    Copyright (c) 1996, 2007 Oracle Corporation. All rights reserved.
    Checking the security status of the Agent at location set in /u101/em/agent10g/sysman/config/emd.properties... Done.
    Agent is unsecure at HTTP Port 3872.
    Checking the security status of the OMS at http://fmc45712:4889/em/upload/... Done.
    OMS is running but has not been secured. No HTTPS Port available.
    same command, different computer, but on the same network, and it just doesn't work. The OMS is on Linux x86 and the agent on the alternate computer is on HP-UX. If anyone has any help it'd be much appreciated.

  • How to find out whats ur answer for the security question but they send the email to a different email account

    im trying to find out whats my security answer but there sending to a different account that i dont know about but i want them to send it to my email account please help me get my security answers

    Alternatives for Help Resetting Security Questions and/or Rescue Mail
         1. If you have a valid rescue email address, then use this procedure:
             Rescue email address and how to reset Apple ID security questions.
         2. Fill out and submit this form. Select the topic, Account Security. You must
             have a Rescue Email to use this option.
         3. This is the only option if you do not already have a valid Rescue Email.
             These are telephone numbers for contacting Apple Support in your country.
             Apple ID- Contacting Apple for help with Apple ID account security. Select
             the appropriate country and call. Ask to speak to the Account Security Team.
         4. Account security issues almost always require you to speak directly to an
             Apple representative to securely establish your identity as the account holder.
             You can set it up so that Apple calls you, either immediately or at a time
             convenient to you.
                1. Go to www.apple.com/support.
                2. Choose Contact Support and click Contact Us.
                3. Choose Other Apple ID Topics and choose the appropriate topic for
                    your issue.
                4. Follow the onscreen instructions.
             Note: If you have already forgotten your security questions, then you cannot
             set up a rescue email address in order to reset them. You must set up
             the rescue email address beforehand.
    Your Apple ID: Manage My Apple ID.
                            Apple ID- All about Apple ID security questions.

  • I cannot purchase anything at the itunes store because I am being ask for my security questions, but I don't remember them. How do you change you security questions with out knowing them?

    I cannot purchase anything at the itunes store because I am being ask for my security questions, but I don't remember the answers. I tried going to appleied.apple.com but I won't allow me to change my security answerswithout answering the original questions. How do you change you security questions with out knowing them? I need help.

    Welcome to the Apple Community.
    Start here, and reset your security questions, you will receive an email to your rescue address, use the link in the email and reset your security questions.
    If that doesn't help or you don't have a rescue address, you might try contacting Apple through iTunes Store Support

  • TS2446 I forgot my resuce email and my answers for the security questions. I need help please!!

    PLEASE HELP ME!!! THANK YOU!!

    Reset Security Questions
    Frequently asked questions about Apple ID
    Manage My Apple ID
    Or you can email iTunes Support at iTunes Store Support.
    If all else fails:
      1. Go to: Apple Express Lane;
      2. Under Product Categories choose iTunes;
      3. Then choose iTunes Store;
      4. Then choose Account Management;
      5. Now choose iTunes Store Security and answer the bullet questions, then click
          Continue;
      6. Sign in with your Apple ID and press Continue;
      7. Under Contact Options fill out the information and advise iTunes that you would
          like your security/challenge questions reset;
      8. Click Send/Continue.
    You should get a response within 24 hours by email.
    In the event you are unsuccessful then contact AppleCare - Contacting Apple for support and service.
    Another user had success doing the following:
    I got some help from an apple assistant on the phone. It is kind of round about way to get in.
    Here is what he said to do and it is working for me...
      a. on the device that is asking you for the security questions go to "settings", > "store" >
          tap the Apple ID and choose view"Apple ID" and sign in.
      b. Tap on payment information and add a credit/debit card of your preference then select
          "done", in the upper right corner
      c. sign out and back into iTunes on the device by going to "settings"> "store" > tap the
          Apple ID and choose "sign-out" > Tap "sign -in" > "use existing Apple ID" and you
          should be asked to verify your security code for the credit /debit card and NOT the
          security questions.
      d. At this time you can remove the card by going back in to edit the payment info and
          selecting "none" as the card type then saving the changes by selecting "done". You
          should now be able to use your iTunes store credit without answering the security
          questions.
    It's working for me ...I just have to put in my 3 digit security pin from the credit card I am using.
    Good Luck friends!

  • After mavericks updating ,i cant pair my wireless keyboard , plus my mac is logged out for logging in i need my keyboard back any help would be here? Ps: i dont have another keyboard

    After mavericks updating ,i cant pair my wireless keyboard keyboard working but just not pairing  , plus my mac is logged out for logging in to reach the preferences  i need my keyboard back any help would be here? Ps: i dont have another keyboard to connect .

    For the both of you.
    Turn your Mac on, wait until the login screen appears.
    Turn off your keyboard, wait several seconds. Hopefully a "Keyboard turned off" or "Keyboard disconnected" comes up. Then remove the batteries.
    Turn the Mac off then turn it back on.
    When it turns back on, it should say missing keyboard or something of the sort. Put the batteries back into the keyboard and turn it back on. Hopefully it should start talking again.
    It sounds like you two have a Mac that doesn't have a built-in keyboard. So you could easily reset the SMC...
    http://support.apple.com/kb/HT3964?viewlocale=en_US&locale=en_US
    KOT

  • I need to by apps but it keeps asking for my security questions ;/ but  forgot the answers to my security questions and the security/rescue email too (i dont have USA number to call please help me and send my rest to my email

    I need to by apps but it keeps asking for my security questions ;/ but  forgot the answers to my security questions and the security/rescue email too (i dont have USA number to call please help me and send my rest to my email

    You need to ask Apple to reset your security questions. To do this, click here and pick a method; if that page doesn't list one for your country or you're unable to call, fill out and submit this form.
    (115668)

  • I have set up as security password-code for home screen.  So when I turn it on, I forgotten the correct code and I'm locked out for 60 minutes ;(  How do I retrieve or reset so I can use phone

    I have set up as security password-code for home screen.  So when I turn it on, I forgotten the correct code and I'm locked out for 60 minutes ;(  How do I retrieve or reset so I can use phone again. Please help!

    You need to connect to iTunes and restore the iPhone to remove the passcode...then from a recent backup restore the content.

Maybe you are looking for

  • Error in creation of target node

    Sender MessageType: 1 .Root 1..1   2. Message header 1..1           3 -code            3-Name           3-HeaderNote 2. Data Range 1..1       3-No       3-type   2. Invoice header 1..unbounded       3 - Indicator        3 -invoicetype        3--invoi

  • Brain pick on an old problem of mine (squealing and poping sound when system is under heavy loa

    Firstly, my apologies if this post gets double posted as I am on a barely functional dsl connection?<SPAN> It get?s flaky when it rains which is only periodically for about 2 months of the year? I was wondering if someone in the know might be able to

  • How to fix system error 5364 in mac on os maverick ?

    Hi, I was trying to configure Linksys ADSL router with my iMac on OS maverick. Trying to run the set up disk I get an error message "System error 5364". Please help me fix this.

  • Unexpected error for file explorer

    I have a user that was trying to browse her document lib by using the explorer feature in sharepoint.  At first we were unable to even get the explorer working.. but then I followed these steps: 1- patch IE For windows 7 x32 machines this update need

  • Constrained values not generating correctly in Dashboard prompt

    Hi, I have a dashboard prompt which has 4 drop downs viz From Month, From Year, To Month, To year and one Mullti Select Product.The default and the drop down values for the first four prompts are controlled by SQL queries so that in drop down only th