Re: [fw-wiz] WLAN DMZ Ideas
From: Mark (firewalladmin_at_bellsouth.net)
Date: 10/13/04
- Previous message: Karl Vogel: "RE: [fw-wiz] VM system for firewall use"
- In reply to: Kevin Sheldrake: "Re: [fw-wiz] WLAN DMZ Ideas"
- Next in thread: Paul D. Robertson: "Re: [fw-wiz] WLAN DMZ Ideas"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Kevin Sheldrake <kev@electriccat.co.uk> Date: Wed, 13 Oct 2004 06:29:22 -0400
Actually no, I hadn't considered that one. It may not be necessary
though, as the implementation is more of a "this will help us be more
accurate and will be faster than the old way" rather than "mission
critical". Still, it's a valid point since "convenience" often becomes
"must have" in the eyes of those who make the policy.
Thanks,
Mark
On Wed, 2004-10-13 at 04:10, Kevin Sheldrake wrote:
> Have you considered the availability requirements of your WLAN? You don't
> need to be within eavesdropping distance to suitably disrupt one. The
> only other immediate thought I had was that you might like to plot a map
> of WLAN reach at different times of day within different weather
> conditions. This would demonstrate that your physical security measures
> appropriately mitigate your WLAN risks.
>
> Kev
>
> > Just wanted to thank everyone who answered with ideas. The main theme,
> > based on the large campus-like environment, was VLANs. The proposal I
> > suggested then was to implement 3DES encryption and MAC filtering on the
> > WLAN (which goes without saying, of course). The AP's are then placed on
> > a VLAN which is connected to the default VLAN through a Cisco Router
> > with a very restrictive access list. This is made simpler based on the
> > proprietary ports used to talk with the Management station, no standard
> > http or netbios stuff needs to cross VLANs, which means that all the
> > standard exploitable ports will be closed. In addition, physical
> > security is excellent. The "campus" is highly secured and restricted
> > with gates/security guards, the LAN equipment is further secured in
> > restricted access buildings, rooms and cabinets. In addition we are a
> > "secured" area within a larger "secured" campus, which really helps
> > limit the eavesdropping on the WAPs. Anything else to consider? Thanks!
> > Mark
> >
> > Mark F.
> > MCP, CCNA
> > "You can spend your life any way you want... But you can only spend it
> > once."
> >
> > _______________________________________________
> > firewall-wizards mailing list
> > firewall-wizards@honor.icsalabs.com
> > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
> >
> >
>
>
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Karl Vogel: "RE: [fw-wiz] VM system for firewall use"
- In reply to: Kevin Sheldrake: "Re: [fw-wiz] WLAN DMZ Ideas"
- Next in thread: Paul D. Robertson: "Re: [fw-wiz] WLAN DMZ Ideas"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
