[prev in list] [next in list] [prev in thread] [next in thread]
List: firewall-wizards
Subject: Re: [fw-wiz] WLAN DMZ Ideas
From: "R. DuFresne" <dufresne () sysinfo ! com>
Date: 2004-10-12 23:38:55
Message-ID: Pine.LNX.4.05.10410121937590.4410-100000 () darkstar ! sysinfo ! com
[Download RAW message or body]
WAP is not a secure encryption boundry, so you need to add another layer
to protect all the wifi on the vlan prior to it getting to the wlan.
Thanks,
Ron DuFresne
On Tue, 12 Oct 2004 firewalladmin@bellsouth.net wrote:
> Just wanted to thank everyone who answered with ideas. The main theme, based on the \
> large campus-like environment, was VLANs. The proposal I suggested then was to \
> implement 3DES encryption and MAC filtering on the WLAN (which goes without saying, \
> of course). The AP's are then placed on a VLAN which is connected to the default \
> VLAN through a Cisco Router with a very restrictive access list. This is made \
> simpler based on the proprietary ports used to talk with the Management station, no \
> standard http or netbios stuff needs to cross VLANs, which means that all the \
> standard exploitable ports will be closed. In addition, physical security is \
> excellent. The "campus" is highly secured and restricted with gates/security \
> guards, the LAN equipment is further secured in restricted access buildings, rooms \
> and cabinets. In addition we are a "secured" area within a larger "secured" campus, \
> which really helps limit the eavesdropping on the WAPs. Anything else to consider? \
> Thanks! Mark
>
> Mark F.
> MCP, CCNA
> "You can spend your life any way you want... But you can only spend it once."
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart
testing, only testing, and damn good at it too!
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic