Security Basics mailing list archives
RE: Wireless security and VPN
From: "Dozal, Tim" <tdozal () cisco com>
Date: Mon, 18 Nov 2002 16:02:54 -0800
LEAP authentication to a RADIUS server is what we use in-house. Sounds like what your looking for but its not supported except for with the Cisco Aironet, at least I don't know any other vendors with a current EAP solution. -Tim -----Original Message----- From: Chris Martin [mailto:chris.martin () smartech com au] Sent: Sunday, November 17, 2002 5:18 PM To: Brian Bettger Cc: security-basics () securityfocus com Subject: RE: Wireless security and VPN The 802.11x (I think that's what it's called) system may be what you are looking for. This system utilises the client authenticating to a RADIUS server via EAP. Most Cisco wireless gear has this WEP type (called LEAP). It's quite strong and the keys change regularly at predetermined intervals. Even if you use VPN stuff like L2TP or PPTP you'll still have an authentication process, however LEAP/802.11x integrates all that very seamlessly. Hope this helps, Chris Martin -----Original Message----- From: Brian Bettger [mailto:brianb () diversint com] Sent: Friday, 15 November 2002 4:12 AM To: security-basics () securityfocus com Subject: Wireless security and VPN Hello, I am searching for a product that incorporates a Wireless Access Point AND VPN authentication to use for nearly all of our wireless rollouts. As you know SSID and WEP are possibly not enough to keep people out of networks. An integrated VPN authentication after SSID and WEP, BUT before network authentication would be REALLY nice. In other words, I turn on my laptop, PDA or workstation, it establishes the primary connection through the use of SSID and WEP, then stops, leaving port 1723 open, dropping all other traffic or attack attempts until I make a secure VPN connection. As soon as I establish the VPN connection I am then prompted (or not) with my NT, Novell, or whatever login. The thought is, a war driver could possibly crack WEP, access to the WAP but is then faced with needing to establish a VPN connection even before he can gain information about the network. The war driver / cracker could only scan and see port 1723. Please pass this on as a request for development if possible. Another point is that it would be nice to have this bundled into one appliance. Additionally pass this on to anyone else you feel may help. Yes, I have looked into Proxim's solution, but it is over priced for my clients (SOHO to medium size business, 25-100 users) and requires two appliances, the WAP and then the VPN appliance. Brian Bettger Systems Engineer Diversint, Inc. Diversified Internet Services Group 360-404-2044 www.diversint.com Technology is Business
Current thread:
- Wireless security and VPN Brian Bettger (Nov 16)
- Re: Wireless security and VPN Steve Cooper (Nov 16)
- <Possible follow-ups>
- RE: Wireless security and VPN Keith T. Morgan (Nov 16)
- RE: Wireless security and VPN Chris Martin (Nov 18)
- RE: Wireless security and VPN Dozal, Tim (Nov 19)
- RE: Wireless security and VPN Robinson, Sonja (Nov 22)
- Re: RE: Wireless security and VPN peter.ve () pandora be (Nov 25)
- RE: RE: Wireless security and VPN Ashcraft, Brian S (Contractor) (Nov 26)
- RE: RE: Wireless security and VPN Robinson, Sonja (Nov 26)
- RE: RE: Wireless security and VPN Jeffrey Eliasen (Nov 27)