Security Basics mailing list archives
Re: Protecting the enterprise wireless network
From: Orlin Gueorguiev <orlin () baturov com>
Date: Sat, 17 May 2008 04:31:19 +0200
Hi Zeffy, I read Sergio's suggestion. I should say that if you really seak security, then you should enforce VPN (OpenVPN for example is a good solution). Basicly your topology will look like this: 1. End user connect via wireless to your wifi and connects via VPN to VPN Endpoint 2. The wifi point knows only to allow connections to VPN Endpoint. There is no need to use WEP/WPA because the traffic will be encrypted between each host and your VPN Endpoint. 3. VPN Endpoint: once the VPN traffic is decrypted, you can use the firewall of your choice (iproute2 is a good one, I think (never tested) that it supports load balancing). Cheers, Orlin На Friday 16 May 2008 07:50:35 zefferno () gmail com написа:
Hey all. We want to implement a separated secure Internet Wireless network which will be used by guests or users from our company in our building. We will use Access Points, managed switch and Gateway device that you might offer. The Gateway can be also a Linux (open-source) based solution - it is much better for us :) We are looking for the following features: 1. Only HTTP, HTTPS, SMTP will be permitted, and it will be great if it is also analyzes the protocol, not just blocking a port. 2. QOS - Some kind of traffic shaping to balance the Internet between all users. 3. We want to limit the access from specific time range. 4. Since there is a chance that a User from our company will accidentally connect the LAN cable without disconnecting the Wireless network. Is there any way to block all access between all connected Wireless users? So that an attacker won't be able to access any of the Wireless clients? Best Regards, Zeffy.
Current thread:
- Protecting the enterprise wireless network zefferno (May 16)
- RE: Protecting the enterprise wireless network Sergio Castro (May 16)
- Re: Protecting the enterprise wireless network Orlin Gueorguiev (May 17)