Firewall Wizards mailing list archives
Re: Off Topic: 802.11 Dongles
From: "Victor B. Williams" <vbwilliams () essvote net>
Date: Fri, 15 Aug 2003 08:11:58 -0500 (CDT)
Well, I can answer your last question. The Cisco VPN clients work like that...as long as you have a 3000 series concentrator or a PIX acting as the VPN server. The provide the same access for Linux and Windows hosts. The Linux client isn't GUI like the Windows one...but all the settings are identical, and the operation is identical. We have both deployed and it's been the only solution that satifies all OS'es. There's also a MAX OS X client. Crispin Cowan said:
TSimons () Delphi-Tech com wrote:This is a little off topic, but something that could benifit all... Our laptop users are pushing for wireless, we'd rather not have to support every dongle thats out there. We're thinking compromize, we buy the dongle and set it up, the end user matches the WEP setting on their WAP.I'm not sure what you mean by "dongle", other than "brand of WiFi card" perhaps? In any case, WEP is useless; easy to crack. What we deployed: * put the WAP outside the firewall, on its own subnet where it can't sniff DMZ traffic * no WEP * casual drive-by users can access the internet, but only have about as much leverage on our LAN as Internet users in Bombay * for access to internal LAN services, make the wireless users use a VPN, just like remote users do This network architecture seems to surprise a lot of people, who keep wishing for a level 2 security solution that will work. Conversely, I've always been surprised at the desire for level 2 security: I always act as if the attacker is clamped to my personal ethernet port, and only send encrypted traffic if it matters at all. Use level 3 crypto if it matters. Of course, that does raise a problem that we haven't solved: what is a good VPN/IPSec solution that works for both Windows and Linux clients? I know, FreeSWAN, but it's flaky, and taking up a lot of our admin's time trying to debug it. Crispin -- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ Chief Scientist, Immunix http://immunix.com http://www.immunix.com/shop/ _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
"Real men don't even use monitors! I've just got a guy that can draw real fast." Victor Williams Network Architect Election Systems & Software http://www.essvote.com vbwilliams () essvote com (402) 970-1100 CONFIDENTIALITY NOTICE: This e-mail transmission and any documents, files or previous e-mail messages attached to it may contain information that is confidential, protected by the attorney/client or other privileges, and may constitute non-public information. It is intended to be conveyed only to the designated recipient(s) named above. Any unauthorized use, reproduction, forwarding, distribution or other dissemination of this transmission is strictly prohibited and may be unlawful. If you are not an intended recipient of this e-mail transmission, please notify the sender by return e-mail and permanently delete any record of this transmission. Your cooperation is appreciated. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Off Topic: 802.11 Dongles TSimons (Aug 13)
- Re: Off Topic: 802.11 Dongles Crispin Cowan (Aug 15)
- Re: Off Topic: 802.11 Dongles Victor B. Williams (Aug 15)
- <Possible follow-ups>
- RE: Off Topic: 802.11 Dongles TSimons (Aug 15)
- Re: Off Topic: 802.11 Dongles Crispin Cowan (Aug 15)