Re: Protecting the enterprise wireless network

[Orlin Gueorguiev <orlin () baturov com>]

Hi Zeffy,
I read Sergio's suggestion. I should say that if you really seak security, 
then you should enforce VPN (OpenVPN for example is a good solution). Basicly 
your topology will look like this:
1. End user connect via wireless to your wifi and connects via VPN to VPN 
Endpoint
2. The wifi point knows only to allow connections to VPN  Endpoint. There is 
no need to use WEP/WPA because the traffic will be encrypted between each 
host and your VPN Endpoint.
3. VPN Endpoint: once the VPN traffic is decrypted, you can use the firewall 
of your choice (iproute2 is a good one, I think (never tested) that it 
supports load balancing).

Cheers,
Orlin

На Friday 16 May 2008 07:50:35 zefferno () gmail com написа:
> Hey all.
>
> We want to implement a separated secure Internet Wireless network which
> will be used by guests or users from our company in our building.
>
> We will use Access Points, managed switch and Gateway device that you might
> offer. The Gateway can be also a Linux (open-source) based solution -  it
> is much better for us :)
>
> We are looking for the following features:
>
> 1. Only HTTP, HTTPS, SMTP will be permitted, and it will be great if it is
> also analyzes the protocol, not just blocking a port.
>
> 2. QOS - Some kind of traffic shaping to balance the Internet between all
> users.
>
> 3. We want to limit the access from specific time range.
>
> 4. Since there is a chance that a User from our company will accidentally
> connect the LAN cable without disconnecting the Wireless network. Is there
> any way to block all access between all connected Wireless users? So that
> an attacker won't be able to access any of the Wireless clients?
>
> Best Regards,
> Zeffy.