Re: [fw-wiz] Securing a wireless network

From: Andras Kis-Szabo (kisza_at_securityaudit.hu)
Date: 10/29/04

  • Next message: Gary Flynn: "Re: [fw-wiz] Securing a wireless network"
    To: chris@compucounts.com
    Date: Fri, 29 Oct 2004 14:50:51 +0200
    
    

    Hi,

    > At my so-called place of business, there exists a completely insecure public wireless network that I wish to lock down (ignoring WEP, Radius, and other wireless security methods).
    Check the next product:
    AirFortress @ http://www.fortresstech.com/

    > I am looking for a means of forcing 'unverified' clients (by MAC address?; not at all worried about spoofing) to run a script or program of some sort before being able to interface with other network devices (to scan for viruses, check software configuration, and whatever else). The best bet at the moment seems to include VLAN's and some sort of destination NAT to a generic web server that says "hey, run this!", but I'm having trouble finding literature on the subject. Partly because I'm not entirely sure what I'm looking for.
    For this enforcement
            user offline - some minimal protection
            online - rstricted access, only to VPN
            VPN - logon
            in VPN - access to the Enterprise
    and the client must be up2date, have to run scripts, restricted access
    until he does not run the script:
    use the Integrity Secure Cleint from Check Point.
    The key part of it the Integrity personal firewall which will enforce
    the enforcement policies, online/offline/VPN/personal rulesets and it
    can be integrated with gateways. (example: he has to use EAP to network
    access and when the Integrity is out-of-compliance the server can
    deauthorize the client at the EAP server, too. It is useful when someone
    comes into the Enterprise w/ a laptop and plugs it into an empty slot.
    He won't be able to communicate.)

    > - Backbone: Cisco Catalyst 6509 multilayer switch
    > - Closets: various models of manged Catalyst switches running an enterprise IOS version
    > - Access Points: Cisco Aironet AP350's and 1120's
    This system can work together w/ AirFortress.
    (For the clients: the Integrity will be enough since you do not need the
    ISC.)

    Best regards,

    Andras

    -- 
         Andras Kis-Szabo       Security Development, Design and Audit
    -------------------------/        Zorp, NetFilter and IPv6
      kisza@SecurityAudit.hu /------------------------------------------->
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: Gary Flynn: "Re: [fw-wiz] Securing a wireless network"

    Relevant Pages

    • RE: Roaming Firewall Solution Information
      ... No matter what you take from this list, make sure you have time to test it ... As Keith says, Sygate has a similar solution in detail to Integrity, ... including client agent systems. ... > Keith Bucknall wrote: ...
      (Security-Basics)
    • Integrity Politics
      ... Integrity Politics ... TIGHTENING lobbying rules without doing something to improve ... House and Senate ethics committees. ... Ethics Enforcement Commission, composed of former judges and former ...
      (alt.politics.bush)
    • Re: Roaming Firewall Solution Information
      ... exactly what you are looking to do with the ZoneAlarm Integrity ... While the Integrity product does require a master server that the ... The Integrity client runs as a process that they ... >I'm seeking a firewall solution that I can deploy on my mobile users ...
      (Security-Basics)
    • Re: Roaming Firewall Solution Information
      ... rolling out ANYTHING in a week's notice is ... >As Keith says, Sygate has a similar solution in detail to Integrity, ... >including client agent systems. ...
      (Security-Basics)
    • RE: Roaming Firewall Solution Information
      ... exactly what you are looking to do with the ZoneAlarm Integrity ... While the Integrity product does require a master server that the ... The Integrity client runs as a process that they ... >Subject: Roaming Firewall Solution Information ...
      (Security-Basics)