Security Basics mailing list archives
RE: wireless internal vs external
From: "Burton Strauss" <BStrauss3 () comcast net>
Date: Mon, 18 Jul 2005 17:24:04 -0500
First off, it would help if you were doing and apples to apples comparison. The issue of WEP vs. WPA/WPA2 is irrelevant to the location of the AP. There are hosted services for WPA/WPA2 available, or you can extend your internal structure to APs in the DMZ via a few well chosen firewall holes. Secondly, it's not usually placement of APs on the raw unfiltered Internet, but rather behind even a minimal firewall in some form of a DMZ. Third, even the (current generation) Linksys box you malign offers WPA or WPA2 and will provide a fair bit of security for your 'DMZ'. That said, your reasoning is exposed as specious. The issue becomes whether to place the APs in the DMZ and require an additional layer of VPN authentication for access to corporate resources, or to place them in the LAN and forego that extra authentication. Given the principle of layered security, the answer should be obvious. -----Burton -----Original Message----- From: William Stegman [mailto:stegmanw () comcast net] Sent: Wednesday, July 13, 2005 11:48 AM To: security-basics () securityfocus com Subject: wireless internal vs external fter researching wireless security, and testing deployment of an internal wireless solution, that is wireless connected to the corporate LAN, and external wireless, an AP connected to the Internet, I'm convinced the internal solution is the most secure. The problem is that the "higher ups" are not convinced. My rationale is that using eap/tls with tkip or aes on an aironet 1200 provides much more security and scalability than using a lniksys that sits on the Internet. I can create access-lists on the aironet to prevent unauthorized attempts to the http protocol, vlans, and it has VoIP capability. The biggest problem with the outside wireless solution is that it is using WEP, and if I'm connected to my LAN and then also connect to the outside, I've essentially turned my laptop into a gateway that offers very little firewall protection, zonelabs is installed on most laptops. So, does anyone have any experience or opinion I can consider? I feel that the "inside wireless solution" has had a sort of unjustified boogeyman aura to it, but perhaps someone else has some further insight. Thank you, /William Stegman - Network Administrator/ TransCore - Hummelstown
Current thread:
- wireless internal vs external William Stegman (Jul 18)
- RE: wireless internal vs external Burton Strauss (Jul 20)
- RE: wireless internal vs external David Gillett (Jul 20)
- RE: wireless internal vs external Dean De Beer (Jul 20)