[fw-wiz] WLAN DMZ Ideas

firewalladmin_at_bellsouth.net
Date: 10/12/04

  • Next message: Bennett Todd: "Re: [fw-wiz] VM system for firewall use"
    To: <firewall-wizards@honor.icsalabs.com>
    Date: Tue, 12 Oct 2004 14:18:08 -0400
    
    

    Just wanted to thank everyone who answered with ideas. The main theme, based on the large campus-like environment, was VLANs. The proposal I suggested then was to implement 3DES encryption and MAC filtering on the WLAN (which goes without saying, of course). The AP's are then placed on a VLAN which is connected to the default VLAN through a Cisco Router with a very restrictive access list. This is made simpler based on the proprietary ports used to talk with the Management station, no standard http or netbios stuff needs to cross VLANs, which means that all the standard exploitable ports will be closed. In addition, physical security is excellent. The "campus" is highly secured and restricted with gates/security guards, the LAN equipment is further secured in restricted access buildings, rooms and cabinets. In addition we are a "secured" area within a larger "secured" campus, which really helps limit the eavesdropping on the WAPs. Anything else to consider? Thanks!
    Mark

    Mark F.
    MCP, CCNA
    "You can spend your life any way you want... But you can only spend it once."

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Bennett Todd: "Re: [fw-wiz] VM system for firewall use"