RE: [fw-wiz] Off Topic: 802.11 Dongles
TSimons_at_Delphi-Tech.com
Date: 08/14/03
- Previous message: Mordechai T. Abzug: "[fw-wiz] worm + VPN + firewall"
- Maybe in reply to: TSimons_at_Delphi-Tech.com: "[fw-wiz] Off Topic: 802.11 Dongles"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: crispin@immunix.com Date: Wed, 13 Aug 2003 20:46:49 -0400
Thanks for your input and description of your layout! I've been looking for
info in wireless in all areas so you helped out a lot.
Along the lines of "dongle", yeah, I should have been clearer, I'm looking
to try to standardize PCMCIA cards that could become standard issue in our
corporate laptops. Users will then be responsible for getting their own
WAP.
~Todd
-----Original Message-----
From: Crispin Cowan [mailto:crispin@immunix.com]
Sent: Wednesday, August 13, 2003 3:50 PM
To: TSimons@Delphi-Tech.com
Cc: firewall-wizards@honor.icsalabs.com
Subject: Re: [fw-wiz] Off Topic: 802.11 Dongles
TSimons@Delphi-Tech.com wrote:
>This is a little off topic, but something that could benifit all... Our
>laptop users are pushing for wireless, we'd rather not have to support
every
>dongle thats out there. We're thinking compromize, we buy the dongle and
>set it up, the end user matches the WEP setting on their WAP.
>
I'm not sure what you mean by "dongle", other than "brand of WiFi card"
perhaps?
In any case, WEP is useless; easy to crack.
What we deployed:
* put the WAP outside the firewall, on its own subnet where it can't
sniff DMZ traffic
* no WEP
* casual drive-by users can access the internet, but only have about
as much leverage on our LAN as Internet users in Bombay
* for access to internal LAN services, make the wireless users use a
VPN, just like remote users do
This network architecture seems to surprise a lot of people, who keep
wishing for a level 2 security solution that will work. Conversely, I've
always been surprised at the desire for level 2 security: I always act
as if the attacker is clamped to my personal ethernet port, and only
send encrypted traffic if it matters at all. Use level 3 crypto if it
matters.
Of course, that does raise a problem that we haven't solved: what is a
good VPN/IPSec solution that works for both Windows and Linux clients? I
know, FreeSWAN, but it's flaky, and taking up a lot of our admin's time
trying to debug it.
Crispin
-- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ Chief Scientist, Immunix http://immunix.com http://www.immunix.com/shop/ _______________________________________________ firewall-wizards mailing list firewall-wizards@honor.icsalabs.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Mordechai T. Abzug: "[fw-wiz] worm + VPN + firewall"
- Maybe in reply to: TSimons_at_Delphi-Tech.com: "[fw-wiz] Off Topic: 802.11 Dongles"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
