Re: [fw-wiz] WLAN DMZ Ideas

From: Mark (firewalladmin_at_bellsouth.net)
Date: 10/13/04

  • Next message: Dave Piscitello: "[fw-wiz] increased SQL probes"
    To: Kevin Sheldrake <kev@electriccat.co.uk>
    Date: Wed, 13 Oct 2004 06:29:22 -0400
    
    

    Actually no, I hadn't considered that one. It may not be necessary
    though, as the implementation is more of a "this will help us be more
    accurate and will be faster than the old way" rather than "mission
    critical". Still, it's a valid point since "convenience" often becomes
    "must have" in the eyes of those who make the policy.
    Thanks,
    Mark

    On Wed, 2004-10-13 at 04:10, Kevin Sheldrake wrote:
    > Have you considered the availability requirements of your WLAN? You don't
    > need to be within eavesdropping distance to suitably disrupt one. The
    > only other immediate thought I had was that you might like to plot a map
    > of WLAN reach at different times of day within different weather
    > conditions. This would demonstrate that your physical security measures
    > appropriately mitigate your WLAN risks.
    >
    > Kev
    >
    > > Just wanted to thank everyone who answered with ideas. The main theme,
    > > based on the large campus-like environment, was VLANs. The proposal I
    > > suggested then was to implement 3DES encryption and MAC filtering on the
    > > WLAN (which goes without saying, of course). The AP's are then placed on
    > > a VLAN which is connected to the default VLAN through a Cisco Router
    > > with a very restrictive access list. This is made simpler based on the
    > > proprietary ports used to talk with the Management station, no standard
    > > http or netbios stuff needs to cross VLANs, which means that all the
    > > standard exploitable ports will be closed. In addition, physical
    > > security is excellent. The "campus" is highly secured and restricted
    > > with gates/security guards, the LAN equipment is further secured in
    > > restricted access buildings, rooms and cabinets. In addition we are a
    > > "secured" area within a larger "secured" campus, which really helps
    > > limit the eavesdropping on the WAPs. Anything else to consider? Thanks!
    > > Mark
    > >
    > > Mark F.
    > > MCP, CCNA
    > > "You can spend your life any way you want... But you can only spend it
    > > once."
    > >
    > > _______________________________________________
    > > firewall-wizards mailing list
    > > firewall-wizards@honor.icsalabs.com
    > > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    > >
    > >
    >
    >

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Dave Piscitello: "[fw-wiz] increased SQL probes"

    Relevant Pages

    • Re: Mit WLAN kein Netzzugang
      ... Medienstatus steht auf dem WLAN PC, ... Gruß ... "Mark Mai" schrieb im Newsbeitrag ... eine individuelle SSID und MAC Adresse. ...
      (microsoft.public.de.german.windowsxp.networking)
    • Re: Mit WLAN kein Netzzugang
      ... Medienstatus steht auf dem WLAN PC, ... Gruß ... "Mark Mai" schrieb im Newsbeitrag ... eine individuelle SSID und MAC Adresse. ...
      (microsoft.public.de.german.windowsxp.networking)
    • Re: DSL WLAN als Hauptbenutzer
      ... Verwende die MS eigene Konfiguration fürs WLAN. ... Mark Heitbrink - MVP Windows Server ... Prev by Date: ... Next by Date: ...
      (microsoft.public.de.german.win2000.networking)
    • Re: [fw-wiz] WLAN DMZ Ideas
      ... Have you considered the availability requirements of your WLAN? ... need to be within eavesdropping distance to suitably disrupt one. ... > based on the large campus-like environment, was VLANs. ... > Mark F. ...
      (Firewall-Wizards)
    • Re: =?ISO-8859-1?Q?WPA-Verschl=FCsselung_-_Verst=E4ndnisfrag?= =?ISO-8859-1?
      ... Es macht für den Betreiber des WLAN Sinn. ... der nicht für das WLAN zahlt oder eben den Key ... eigenen Zugang (VLAN) zum AP. ...
      (de.comp.security.misc)