[fw-wiz] (In)security of wireless LANs and the Cisco Wireless Security Sui te

From: Stewart, John (johns_at_artesyncp.com)
Date: 11/04/03

  • Next message: Melson, Paul: "RE: [fw-wiz] Odd PIX / router behavior"
    To: "'firewall-wizards@honor.icsalabs.com'" <firewall-wizards@honor.icsalabs.com>
    Date: Mon, 3 Nov 2003 17:49:27 -0600
    
    

    I've been getting a lot of heat from management at one of our sites to
    implement wireless networking. I've been adamant in the past that it would
    not be feasible due to the inherent insecurities with WEP under 802.11.

    My opinion has been that if they want to use wireless LANs, we can set up a
    seperate leg on the firewall, treat it like a completely untrusted network,
    and they can VPN in to get access to internal networks.

    However, of course the pointy-hairs in that office want to be able to walk
    around with their laptops as if they were wired. I don't know why it would
    be so hard to plug the laptop into the wall in the conference room, but I do
    understand that it would be "nice to have". I use a WAP at home, and like
    it.

    Anyhow, the Cisco offering in this area does look to be somewhat promising
    at ameliorating the risks involved with wireless. Here is their white paper
    on their Wireless Security Suite offering:

    http://www.cisco.com/en/US/products/hw/wireless/ps430/products_white_paper09
    186a00800b469f.shtml

    It does sound like they're doing some good things, and I'm wondering what
    the opinion is from you wizards on it. Anyone used it? Is it Good Enough?

    While I understand that adding wireless access points, even when done
    properly, is inherently adding security risk that I did not have before, my
    job (of course) is to balance business need versus security.

    I guess the question is, with this product, am I taking a larger risk than I
    am with, say, some of these other issues which would not be necessary in an
    ideal, secured, world:

    - Allowing VPNs from users' PCs (a software firewall is required in that
    case, but certainly this is riskier than not allowing it)
    - HTTP access to everywhere from the internal (Windows) desktops
    - Email on Outlook/Exchange. While we disallow executable attachments, and
    run virus/trojan scanners on the server and desktop, this is certainly
    another worrisome vector of attack.

    So, with this "Wireless Security Suite" on some Aironet access points, is a
    wireless LAN (connected to our internal network) really a bigger risk than
    these other risks, necessitated by our business requirements?

    thanks!

    johnS
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Melson, Paul: "RE: [fw-wiz] Odd PIX / router behavior"

    Relevant Pages

    • TidBITS#785/27-Jun-05
      ... Jeff Carlson continues his exploration of computerized poker ... and Adam examines both the Canary Wireless ... Rogue Amoeba's Audio Hijack Pro ... A Canary in the Network ...
      (comp.sys.mac.digest)
    • Re: Linksys NAS200 Network Storage adapter
      ... The only two wireless network settings that are of any consequence are the SSID and the encryption method and password. ... either click the "Print Network Settings" button on the final screen of the Wizard or simply access the appropriate XML file and get at them that way and then use the information to configure the router manually as I explained earlier. ... I've read thru some of the MS web site on that product and it appears to do everything a NAS will do plus other cool features, such as, with an xbox360 with the wireless adapter, I can stream my video/pics to my TV for family viewing. ...
      (microsoft.public.windowsxp.network_web)
    • [NMRC Advisory] Microsoft Windows Wireless Exposure on Laptops
      ... Application: Wireless Network Connection ... This advisory documents an anomaly involving Microsoft's Wireless Network ... If a laptop connects to an ad-hoc network it can later start ... This is known as a Link-Local address, and by default Link-Local is turned on on all Windows platforms on all interfaces, including wireless interfaces. ...
      (Bugtraq)
    • RE: palm VIIx wireless modem
      ... Here is a Wireless LAN Security FAQ, ... What are solutions to minimizing WLAN risk? ... that connects clients to the internal network. ...
      (Security-Basics)
    • only 1299.99
      ... With the arrival of the Sony Vaio VGN-UX280P Micro PC, ... Advanced Wireless Mobility ... integrates wireless Wide Area Network, ... and check e-mail without having to plug in your Sony Vaio notebook PC, ...
      (comp.periphs.printers)