Firewall Wizards mailing list archives

Re: Discretionary WiFi Access

From: Chris Byrd <cbyrd01 () gmail com>
Date: Fri, 8 Jul 2005 08:57:05 -0500

Many APs support 802.1x with dynamic VLAN membership.  This means that
authenticated users get into a internal access VLAN (still should be
seperated from the internal network by firewall - this is the
firewalls list after all), non-authenticated users get an Internet
access VLAN.  You can use queueing techniques to rate-limit the
guests.

A captive portal would allow you to make guests sign off on acceptable
use terms before giving them access.

- Chris

On 7/7/05, Dave Null <noid23 () gmail com> wrote:

Its not firewall related, but there's some smart minds on this list.
My company has started looking into campus-wide WiFi. I'll keep my
personal feeling on this to myself though. One thing that keeps
comming up is that one of the largest user communities that would take
advantage of this would be non-employees. Vendors, Salesmen, people
meeting with GMs/VPs/Execs are probably going to be the main users of
this. My question is, if you currently have a similar situation in
your work environment, how do you handle granting these people
temp/guest WiFi access.

Access controls for employees can be fairly stringent (i.e. only
connect from company owned assets who's MAC is inventoried, use of 2
factor authentication, etc), but a lot of this isnt applicable for
temporary visitors. I know one company that would give you a WiFi card
when you signed in that was in their database of 'allowed' MAC
addresses (I know, dont get me started on MAC spoofing), however I
would bet cash money that those cards walked away regularly. Similar
thing with issuing a temporary token fob (SecureID or the like).

I know the easy answer here is 'Dont give them WiFi access', but I
don't think that is going to be an option. Thoughts, comments, flames?

                           -noid
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

RE: Discretionary WiFi Access, (continued)
- - RE: Discretionary WiFi Access StefanDorn (Jul 14)
  - Re: Discretionary WiFi Access Vinicius Moreira Mello (Jul 21)
    - Re: Discretionary WiFi Access Jim Seymour (Jul 21)
- Re: Discretionary WiFi Access Josh Welch (Jul 14)
  - Re: Discretionary WiFi Access Paul D. Robertson (Jul 21)
    - Re: Discretionary WiFi Access Jim Seymour (Jul 21)
    - Re: Discretionary WiFi Access Josh Welch (Jul 22)
    - Re: Discretionary WiFi Access Roger Rustad (Jul 21)
    - Re: Discretionary WiFi Access Josh Welch (Jul 22)
- Re: Discretionary WiFi Access Tom Carmichael (Jul 14)
- Re: Discretionary WiFi Access Chris Byrd (Jul 14)
- Re: Discretionary WiFi Access Jim Seymour (Jul 14)
- RE: Discretionary WiFi Access Brian Loe (Jul 21)
- Re: Discretionary WiFi Access vbwilliams (Jul 08)
- RE: Discretionary WiFi Access Orca (Jul 21)