| *** mick_laptop has quit (Changing host) | 02:31 | |
| *** mick_laptop (~mick@clamwin/admin/mickhome) has joined #wikid | 02:31 | |
| *** perestrelka (~vlad@194.242.5.47) has joined #wikid | 07:14 | |
| *** perestre1ka has quit (Ping timeout: 276 seconds) | 07:15 | |
| *** Raj (7d15f1b1@gateway/web/freenode/ip.125.21.241.177) has joined #wikid | 09:37 | |
| Raj | hi | 09:37 |
|---|---|---|
| *** Raj has quit (Quit: Page closed) | 09:47 | |
| *** nowen (~nowen@adsl-98-66-164-120.asm.bellsouth.net) has joined #wikid | 12:13 | |
| *** simplehometech (40471102@gateway/web/freenode/ip.64.71.17.2) has joined #wikid | 17:43 | |
| simplehometech | hello | 17:43 |
| nowen | h | 17:43 |
| simplehometech | i need to secure a corporate wireless using 2 factor auth | 17:43 |
| nowen | ok | 17:43 |
| simplehometech | can you explain how wikid can help with that? | 17:43 |
| simplehometech | it looks like you use tokens | 17:43 |
| simplehometech | can you use someother method also? | 17:44 |
| simplehometech | i would perfer to not use tokens | 17:44 |
| nowen | WiKID is a software-only token system | 17:44 |
| simplehometech | so how would that work to secure wireless | 17:44 |
| nowen | but, our tokens communicate with the server so, it might not work in your scenario | 17:45 |
| nowen | but it depends | 17:45 |
| nowen | how does authentication work currently? | 17:45 |
| simplehometech | do you have any white papers on how that would work? | 17:46 |
| nowen | not specific to wireless | 17:46 |
| nowen | but you can see how it works here: http://www.wikidsystems.com/learn-more/technology/overview | 17:46 |
| simplehometech | do you have customers that use wikid to secure wireles? | 17:46 |
| nowen | mostly it is vpn, but to be honest, we don't necessarily know what people use it for. | 17:47 |
| simplehometech | ah | 17:47 |
| nowen | I seem to recall some using for wifi | 17:47 |
| simplehometech | can you ask around to see if anyone has more info? | 17:48 |
| nowen | here's the rub as I see it: the WiKID token needs to communicate to the server to get the OTP. If you PCs don't yet have internet access, then you are limited to the smart phone tokens. | 17:49 |
| nowen | if you are implemented more of a 'walled garden' wireless setup and the PC tokens can get access to the WiKID server, then that would also work | 17:50 |
| simplehometech | currently the company has a wireless network that is more like a guest network | 17:50 |
| simplehometech | external internet only | 17:50 |
| simplehometech | then they vpn in | 17:50 |
| simplehometech | we are looking to streamline that process | 17:51 |
| simplehometech | so that the wireless would be internal | 17:51 |
| simplehometech | but it needs to be secure | 17:51 |
| simplehometech | this company is treated like a bank | 17:51 |
| simplehometech | and have to follow PCI | 17:51 |
| nowen | when you move it to "internal" how will authentication handled? | 17:51 |
| nowen | ^ be handled | 17:51 |
| simplehometech | everyone is on a 2003 active directory domain | 17:52 |
| simplehometech | but we need to use 2 factor | 17:52 |
| simplehometech | so im looking to get the second factor | 17:52 |
| nowen | so, you will need to implement radius on top of 2003 | 17:52 |
| simplehometech | right | 17:53 |
| simplehometech | so wifi -> radius -> wikid? | 17:53 |
| nowen | yes | 17:53 |
| simplehometech | when the wikid phase is reached - does wikid open up a web site on the users computer? | 17:53 |
| simplehometech | or do they have to have a client installed | 17:53 |
| nowen | unprotected wifi >> radius >> IAS/2003AD >> wikid >> IAS/2003 >> protected wifi | 17:53 |
| nowen | installed client | 17:54 |
| simplehometech | what OS's do you support | 17:54 |
| simplehometech | and how would it work for something like an iphone/android | 17:54 |
| nowen | windows, mac, linux, iphone, bb, android, html5 | 17:54 |
| simplehometech | for html5 you dont need to install the client? | 17:54 |
| nowen | well, technically, it is just an easier install. the private keys are still on the local machine | 17:55 |
| simplehometech | ah | 17:55 |
| nowen | and the token is 'tied' to the browser | 17:55 |
| simplehometech | what windows versions do you support? | 17:55 |
| nowen | but if you are using some type of web gateway that would be coo | 17:55 |
| nowen | l | 17:55 |
| nowen | xp, 7, vista | 17:55 |
| simplehometech | 32 and 64 bit? | 17:56 |
| nowen | yes, it is a java app | 17:56 |
| simplehometech | how does IAS pass authentication to wikid? | 17:56 |
| nowen | radius. wikid is configured as the radius server in ias | 17:56 |
| simplehometech | ah | 17:57 |
| nowen | http://www.wikidsystems.com/support/wikid-support-center/how-to/how-to-configure-ias-to-support-two-factor-authentication/?searchterm=ias | 17:57 |
| simplehometech | gotcha | 17:57 |
| simplehometech | very cool | 17:57 |
| simplehometech | you've been a big help | 17:57 |
| simplehometech | thanks | 17:57 |
| nowen | np | 17:57 |
| simplehometech | one more question | 18:01 |
| nowen | ok | 18:01 |
| simplehometech | what do i loose with the community version of wikid | 18:01 |
| simplehometech | would it work for what I need? | 18:01 |
| nowen | http://www.wikidsystems.com/community-version/support/wikid-support-center/faq/whats-the-difference-between-the-community-release-and-enterprise-release/ | 18:01 |
| nowen | no | 18:02 |
| nowen | because windows server has no mechanism to proxy an ldap auth, to my knowledge | 18:02 |
| simplehometech | so ... i would need to use the enterprise version? | 18:07 |
| nowen | that would be my guess | 18:08 |
| simplehometech | ok | 18:08 |
| nowen | or write a plugin for freeradius or somesuch | 18:08 |
| *** simplehometech has quit (Ping timeout: 252 seconds) | 20:46 | |
| *** nowen has quit (Quit: Leaving.) | 22:25 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!