RE: [fw-wiz] Worms, Wireless

• Previous message: Paul D. Robertson: "Re: [fw-wiz] Worms, Air Gaps and Responsibility"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <firewall-wizards@honor.icsalabs.com>
Date: Mon, 10 May 2004 10:29:48 -0500

 Time costly? Guess that depends on your equipment. Took me about an
hour to fix up a wireless VLAN, secure it with an access list and test
it. We're considering "filtering" out ports on internal dorms, but that
creates a lot of headaches. AND, the Administration has to make the
decision to do it - which they so far won't. We'll probably have to
wait for the kid that shows up with a PC and a nice big ol' something on
it that just totally wreaks havoc on the internals. The worms like to
probe on the MS ports and with us being an Exchange shop...well, we're
just stuck with that. We are now pushing security updates to the admin
desktops, so that helps.

As for more access from the wireless LAN, we just give them a copy of
the VPN client and let them go through the VPN gateway. Paid big money
for it - might as well use it for something (we have a grand total of
about 6 remote users for a box that will handle 100). For the wireless,
it's not really all about "security" - it was way easier for me to do
the VLAN than try and sort out the !@#$# wireless secure protocols and
buy more licesnes for software (like Funk stuff) for clients that just
don't exist in numbers that justify the expense. Maybe later, but by
then it'll be a new set of problems.

 An interesting approach that many universities
> and medium sized business have being taking is to isolate
> mobile users in a network (or VLAN) regardless of their
> security state. As most of the mobile user's needs are to
> read/send e-mail and use the web, they are restricted, with
> packet filters, to do just these activities. This minimizes
> the threat and is a good solution for many companies and
> univerisities.
> Implementing it is time costly, but a cost that is worth
> paying in many environments.
>
> Regards,
> vmm.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Paul D. Robertson: "Re: [fw-wiz] Worms, Air Gaps and Responsibility"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: [Full-Disclosure] Wireless ISPs ... If they put WEP in, that's one more thing for customer to do and they'll ... Therefore end-user security ... Im using this venue to influence several wireless ISPs ... >> All transactions done via secure websites are ... (Full-Disclosure) Re: can they hack into my computer? ... The whole issue of responsibility for wireless ... encryption and the time allowed. ... relatively secure if I had a limited amount of time to recover the ... The major difference between Linux and Windoze security is philosophy. ... (alt.internet.wireless) Re: ALERT: WPA can be less secure than WEP ... 2wire.com can do it on every wireless router they ship. ... And this is considered secure? ... is it currently recommended security practice to write your ... (alt.internet.wireless) Re: DHCP and VLANs ... wired, wireless trusted, and wireless guests. ... vs wireless hosts if we put the access points on a separate VLAN? ... This is the normal "scope" of DHCP configuration, ... (microsoft.public.windows.server.networking) Re: Security Question (Wireless) ... Only if all of the OS stack is replaced with secure code. ... The discussion is about secure wireless, ... the OS is moot at this point since the wireless adaptor is not an entry ... security guards etc. it was about securing the wiress adaptor ... (alt.internet.wireless)