Firewall Wizards mailing list archives
Re: WLAN DMZ Ideas
From: Mark <firewalladmin () bellsouth net>
Date: Wed, 13 Oct 2004 06:29:22 -0400
Actually no, I hadn't considered that one. It may not be necessary though, as the implementation is more of a "this will help us be more accurate and will be faster than the old way" rather than "mission critical". Still, it's a valid point since "convenience" often becomes "must have" in the eyes of those who make the policy. Thanks, Mark On Wed, 2004-10-13 at 04:10, Kevin Sheldrake wrote:
Have you considered the availability requirements of your WLAN? You don't need to be within eavesdropping distance to suitably disrupt one. The only other immediate thought I had was that you might like to plot a map of WLAN reach at different times of day within different weather conditions. This would demonstrate that your physical security measures appropriately mitigate your WLAN risks. KevJust wanted to thank everyone who answered with ideas. The main theme, based on the large campus-like environment, was VLANs. The proposal I suggested then was to implement 3DES encryption and MAC filtering on the WLAN (which goes without saying, of course). The AP's are then placed on a VLAN which is connected to the default VLAN through a Cisco Router with a very restrictive access list. This is made simpler based on the proprietary ports used to talk with the Management station, no standard http or netbios stuff needs to cross VLANs, which means that all the standard exploitable ports will be closed. In addition, physical security is excellent. The "campus" is highly secured and restricted with gates/security guards, the LAN equipment is further secured in restricted access buildings, rooms and cabinets. In addition we are a "secured" area within a larger "secured" campus, which really helps limit the eavesdropping on the WAPs. Anything else to consider? Thanks! Mark Mark F. MCP, CCNA "You can spend your life any way you want... But you can only spend it once." _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- WLAN DMZ Ideas firewalladmin (Oct 12)
- Re: WLAN DMZ Ideas Kevin Sheldrake (Oct 14)
- Re: WLAN DMZ Ideas Mark (Oct 14)
- Re: WLAN DMZ Ideas Paul D. Robertson (Oct 14)
- Re: WLAN DMZ Ideas R. DuFresne (Oct 14)
- Re: WLAN DMZ Ideas Kevin Sheldrake (Oct 14)