Firewall Wizards mailing list archives
RE: Worms, Wireless
From: "Kelly, Chris W." <ckelly () hsutx edu>
Date: Mon, 10 May 2004 10:29:48 -0500
Time costly? Guess that depends on your equipment. Took me about an hour to fix up a wireless VLAN, secure it with an access list and test it. We're considering "filtering" out ports on internal dorms, but that creates a lot of headaches. AND, the Administration has to make the decision to do it - which they so far won't. We'll probably have to wait for the kid that shows up with a PC and a nice big ol' something on it that just totally wreaks havoc on the internals. The worms like to probe on the MS ports and with us being an Exchange shop...well, we're just stuck with that. We are now pushing security updates to the admin desktops, so that helps. As for more access from the wireless LAN, we just give them a copy of the VPN client and let them go through the VPN gateway. Paid big money for it - might as well use it for something (we have a grand total of about 6 remote users for a box that will handle 100). For the wireless, it's not really all about "security" - it was way easier for me to do the VLAN than try and sort out the !@#$# wireless secure protocols and buy more licesnes for software (like Funk stuff) for clients that just don't exist in numbers that justify the expense. Maybe later, but by then it'll be a new set of problems. An interesting approach that many universities
and medium sized business have being taking is to isolate mobile users in a network (or VLAN) regardless of their security state. As most of the mobile user's needs are to read/send e-mail and use the web, they are restricted, with packet filters, to do just these activities. This minimizes the threat and is a good solution for many companies and univerisities. Implementing it is time costly, but a cost that is worth paying in many environments. Regards, vmm.
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Worms, Wireless Kelly, Chris W. (May 10)