[fw-wiz] WLAN DMZ Ideas

Date: 10/12/04

  • Next message: Bennett Todd: "Re: [fw-wiz] VM system for firewall use"
    To: <firewall-wizards@honor.icsalabs.com>
    Date: Tue, 12 Oct 2004 14:18:08 -0400

    Just wanted to thank everyone who answered with ideas. The main theme, based on the large campus-like environment, was VLANs. The proposal I suggested then was to implement 3DES encryption and MAC filtering on the WLAN (which goes without saying, of course). The AP's are then placed on a VLAN which is connected to the default VLAN through a Cisco Router with a very restrictive access list. This is made simpler based on the proprietary ports used to talk with the Management station, no standard http or netbios stuff needs to cross VLANs, which means that all the standard exploitable ports will be closed. In addition, physical security is excellent. The "campus" is highly secured and restricted with gates/security guards, the LAN equipment is further secured in restricted access buildings, rooms and cabinets. In addition we are a "secured" area within a larger "secured" campus, which really helps limit the eavesdropping on the WAPs. Anything else to consider? Thanks!

    Mark F.
    "You can spend your life any way you want... But you can only spend it once."

    firewall-wizards mailing list

  • Next message: Bennett Todd: "Re: [fw-wiz] VM system for firewall use"