Security Basics mailing list archives
Re: Cisco Secure ACS vs. Firewall
From: DocValde <DocValde () gmx de>
Date: Fri, 25 Oct 2002 02:45:52 +0200
Hallo mario.walter () bluewin ch, am Mittwoch, 23. Oktober 2002 um 11:13:36 schrieben Sie:
Hi List
we are going to setup a WLAN in a warehouse to enable the forklifters to communicate with with the warehouse management (WM) system. The company, which will install all the equipment suggested to setup a Cisco Secure ACS for security reasons. However, I would prefer the installation of a firewall and having a separate network segment for this WLAN, because the traffic between the WM system and the forklifts isn't critical at all, but the traffic on the company LAN is. So, my idea is to restrict the traffic going through this firewall to only the needed protocols and IPs (outgoing and incoming), to protect the rest of the companys LAN. Any thoughts, caveats, comments?
TIA
Mario
Hi Mario, two completely different ways: 1) securing the wireless traffic. Establishing strong AAA and (with Cisco wireless equipment) quite secure communication on the wLAN. Quite cheap: Only the Cisco Secure ACS is needed, if you already use Cisco wLAN equipment. It is quite easy to configure and maintain, but be sure to keep it redundant. Synchronization works well. 2) securing the internal network. Equally valid and good. You don't see the need to secure the wireless communication, but the internal network. Needed: stateful inspection box. CAVE: What will be your filtering criterium at the firewall? The source ip? Bad idea at a wLAN. But if you are experienced in firewalling, it'll do what you want. The point is: it is surely more secure, when you keep intruders completely out. And you can do that by a TACACS+-Server and Cisco EAP-TLS. Seems quite good until now. I think, costs for buying and maintaining a firewall (e.g. Cisco PIX 501) and Cisco Secure ACS are quite similar, setup is easier with the ACS. And it's end-to-end security. Seems the better solution. Just my 3.141 euro-cents, Best regards, Malte von dem Hagen. -- DocValde web: http://www.DocValde.net eMail: DocValde () gmx de icq: 71581747
Current thread:
- Cisco Secure ACS vs. Firewall mario . walter (Oct 24)
- Re: Cisco Secure ACS vs. Firewall DocValde (Oct 25)
- Re: Cisco Secure ACS vs. Firewall Srecko Jovancevic (Oct 25)
- Re: Cisco Secure ACS vs. Firewall Rudolf Eggelbusch (Oct 25)
- Re: Cisco Secure ACS vs. Firewall shawnmer (Oct 28)
- <Possible follow-ups>
- RE: Cisco Secure ACS vs. Firewall Ogden, Earl (Oct 25)
- Cisco Secure ACS vs. Firewall Eric Young (Oct 25)