[prev in list] [next in list] [prev in thread] [next in thread]
List: firewall-wizards
Subject: Re: [fw-wiz] WLAN DMZ Ideas
From: "Kevin Sheldrake" <kev () electriccat ! co ! uk>
Date: 2004-10-13 8:10:43
Message-ID: opsfsub5lkyl48zk () wintony
[Download RAW message or body]
Have you considered the availability requirements of your WLAN? You don't
need to be within eavesdropping distance to suitably disrupt one. The
only other immediate thought I had was that you might like to plot a map
of WLAN reach at different times of day within different weather
conditions. This would demonstrate that your physical security measures
appropriately mitigate your WLAN risks.
Kev
> Just wanted to thank everyone who answered with ideas. The main theme,
> based on the large campus-like environment, was VLANs. The proposal I
> suggested then was to implement 3DES encryption and MAC filtering on the
> WLAN (which goes without saying, of course). The AP's are then placed on
> a VLAN which is connected to the default VLAN through a Cisco Router
> with a very restrictive access list. This is made simpler based on the
> proprietary ports used to talk with the Management station, no standard
> http or netbios stuff needs to cross VLANs, which means that all the
> standard exploitable ports will be closed. In addition, physical
> security is excellent. The "campus" is highly secured and restricted
> with gates/security guards, the LAN equipment is further secured in
> restricted access buildings, rooms and cabinets. In addition we are a
> "secured" area within a larger "secured" campus, which really helps
> limit the eavesdropping on the WAPs. Anything else to consider? Thanks!
> Mark
>
> Mark F.
> MCP, CCNA
> "You can spend your life any way you want... But you can only spend it
> once."
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>
>
--
Kevin Sheldrake MEng MIEE CEng CISSP
Electric Cat (Bournemouth) Ltd
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic