RE: [fw-wiz] Locking down public wireless access
From: Mark Gumennik (mgumennik_at_mitre.org)
Date: 02/22/05
- Previous message: Behm, Jeffrey L.: "RE: [fw-wiz] Username password VS hardware token plus PIN"
- In reply to: Chris Bills: "[fw-wiz] Locking down public wireless access"
- Next in thread: John Adams: "RE: [fw-wiz] Locking down public wireless access"
- Reply: John Adams: "RE: [fw-wiz] Locking down public wireless access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Chris Bills'" <billschr@gmail.com>, <firewall-wizards@honor.icsalabs.com> Date: Tue, 22 Feb 2005 12:29:43 -0500
Chris,
The way wireless RFC is written :
- you can secure the data; you can not secure the communication itself.
Your plan is adequate for today's technologies for university environment,
but: user names and pwds can be easily spoofed on wireless com, you don't
even have to be a hacker for this: just use existing tools. I would not do
my banking on wireless; let your customers be aware of it.
Did somebody on the list actually written a policy on using wireless? - if
yes please send me a copy
Mark
-----Original Message-----
From: firewall-wizards-admin@honor.icsalabs.com
[mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf Of Chris Bills
Sent: Saturday, February 19, 2005 1:31 PM
To: firewall-wizards@honor.icsalabs.com
Subject: [fw-wiz] Locking down public wireless access
At my university, the computer science department would like to offer
wireless access to computer science students, but would like the
access to not be anonymous. Current problems with unrestricted access
to the internet are obvious, anonymous kids downloading porn, movies,
mp3s, etc, and as the university allowed this to happen, they could be
held liable.
enforcing a logon policy would help limit the university's liability
in said situations.
ideally, we would like to implement a system in which the user will
connect to un-encrypted wireless, but any attempts to get out will be
redirected to the authentication page. Once the user logs in, they
will be given the WEP key of the day, and then they will have
unrestricted access.
I'm investigating the usage of Linksys WRT45G routers, with a modified
firmware, but I have no actual experience with this. I would like to
look into other methods of doing this, as well, such as Perfigo (which
has now been acquired by Cisco)...
If you have any suggestions for hardware, or existing documentation
floating on the net about how to achieve this sort of setup, please
let me know.
Chris
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Behm, Jeffrey L.: "RE: [fw-wiz] Username password VS hardware token plus PIN"
- In reply to: Chris Bills: "[fw-wiz] Locking down public wireless access"
- Next in thread: John Adams: "RE: [fw-wiz] Locking down public wireless access"
- Reply: John Adams: "RE: [fw-wiz] Locking down public wireless access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
