Re: [fw-wiz] Off Topic: 802.11 Dongles

From: Crispin Cowan (crispin_at_immunix.com)
Date: 08/13/03

  • Next message: Mordechai T. Abzug: "[fw-wiz] worm + VPN + firewall" 
    To: TSimons@Delphi-Tech.com
Date: Wed, 13 Aug 2003 12:50:28 -0700

    TSimons@Delphi-Tech.com wrote:

    >This is a little off topic, but something that could benifit all... Our
    >laptop users are pushing for wireless, we'd rather not have to support every
    >dongle thats out there. We're thinking compromize, we buy the dongle and
    >set it up, the end user matches the WEP setting on their WAP.
    >
    I'm not sure what you mean by "dongle", other than "brand of WiFi card"
    perhaps?

    In any case, WEP is useless; easy to crack.

    What we deployed:

        * put the WAP outside the firewall, on its own subnet where it can't
          sniff DMZ traffic
        * no WEP
        * casual drive-by users can access the internet, but only have about
          as much leverage on our LAN as Internet users in Bombay
        * for access to internal LAN services, make the wireless users use a
          VPN, just like remote users do

    This network architecture seems to surprise a lot of people, who keep
    wishing for a level 2 security solution that will work. Conversely, I've
    always been surprised at the desire for level 2 security: I always act
    as if the attacker is clamped to my personal ethernet port, and only
    send encrypted traffic if it matters at all. Use level 3 crypto if it
    matters.

    Of course, that does raise a problem that we haven't solved: what is a
    good VPN/IPSec solution that works for both Windows and Linux clients? I
    know, FreeSWAN, but it's flaky, and taking up a lot of our admin's time
    trying to debug it.

    Crispin 

    -- 
Crispin Cowan, Ph.D.           http://immunix.com/~crispin/
Chief Scientist, Immunix       http://immunix.com
            http://www.immunix.com/shop/
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
  • Next message: Mordechai T. Abzug: "[fw-wiz] worm + VPN + firewall"

    Relevant Pages

    • Re: Wireless & Ethernet network on same computer
      ... you don't need the nintendo USB wireless "dongle" to go online. ... You can use a wireless router. ...
      (microsoft.public.windowsxp.network_web)
    • RE: [fw-wiz] Off Topic: 802.11 Dongles
      ... info in wireless in all areas so you helped out a lot. ... Along the lines of "dongle", yeah, I should have been clearer, I'm looking ... WEP is useless; ... wishing for a level 2 security solution that will work. ...
      (Firewall-Wizards)
    • Re: Wifi question
      ... failry sure the dongle you refer to that you have seen is at the PC end not ... there is not any wireless network in the house. ... internet access is via Pipex budget broadband, ...
      (uk.local.lincolnshire)
    • Re: Mobile broadband
      ... umra I took a mobile b/b dongle with me. ... camp site's wireless network, ... I wanno OP that the Snells park their camper on top of Alans tent. ...
      (uk.media.radio.archers)
    • Wireless Keyboard & Mouse
      ... recently i purchased a wireless mocrosoft comfort ... curve keyboard to go along with the mouse. ... little usb dongle wireless reciever and the keyboard comes with that big ...
      (microsoft.public.windows.vista.hardware_devices)