[fw-wiz] WLAN DMZ Ideas

• Previous message: Melson, Paul: "RE: [fw-wiz] how prevelant"
• Next in thread: Kevin Sheldrake: "Re: [fw-wiz] WLAN DMZ Ideas"
• Reply: Kevin Sheldrake: "Re: [fw-wiz] WLAN DMZ Ideas"
• Reply: R. DuFresne: "Re: [fw-wiz] WLAN DMZ Ideas"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <firewall-wizards@honor.icsalabs.com>
Date: Tue, 12 Oct 2004 14:18:08 -0400

Just wanted to thank everyone who answered with ideas. The main theme, based on the large campus-like environment, was VLANs. The proposal I suggested then was to implement 3DES encryption and MAC filtering on the WLAN (which goes without saying, of course). The AP's are then placed on a VLAN which is connected to the default VLAN through a Cisco Router with a very restrictive access list. This is made simpler based on the proprietary ports used to talk with the Management station, no standard http or netbios stuff needs to cross VLANs, which means that all the standard exploitable ports will be closed. In addition, physical security is excellent. The "campus" is highly secured and restricted with gates/security guards, the LAN equipment is further secured in restricted access buildings, rooms and cabinets. In addition we are a "secured" area within a larger "secured" campus, which really helps limit the eavesdropping on the WAPs. Anything else to consider? Thanks!
Mark

Mark F.
MCP, CCNA
"You can spend your life any way you want... But you can only spend it once."

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Melson, Paul: "RE: [fw-wiz] how prevelant"
• Next in thread: Kevin Sheldrake: "Re: [fw-wiz] WLAN DMZ Ideas"
• Reply: Kevin Sheldrake: "Re: [fw-wiz] WLAN DMZ Ideas"
• Reply: R. DuFresne: "Re: [fw-wiz] WLAN DMZ Ideas"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]