Re: [fw-wiz] Discretionary WiFi Access

vbwilliams_at_neb.rr.com
Date: 07/08/05

  • Next message: Sp0oKeR Labs: "Re: [fw-wiz] Discretionary WiFi Access"
    To: Dave Null <noid23@gmail.com>
    Date: Thu, 07 Jul 2005 20:22:41 -0500
    
    

    Here's what I'd do:

    Get a separate cheapo internet pipe; lowest-end DSL or the like, put a
    wireless router/access point on it, no filtering.

    When there are guests, they sign a simple waiver that says whatever
    happens to their PC while they are on this *guest* network you aren't
    liable/responsible for. Have your legal team make sure it's legit.

    Problem solved. If management wants it, they better be able to accept
    responsibility for it or fund it being done the *right* way.

    ----- Original Message -----
    From: Dave Null <noid23@gmail.com>
    Date: Thursday, July 7, 2005 3:46 pm
    Subject: [fw-wiz] Discretionary WiFi Access

    > Its not firewall related, but there's some smart minds on this list.
    > My company has started looking into campus-wide WiFi. I'll keep my
    > personal feeling on this to myself though. One thing that keeps
    > comming up is that one of the largest user communities that would take
    > advantage of this would be non-employees. Vendors, Salesmen, people
    > meeting with GMs/VPs/Execs are probably going to be the main users of
    > this. My question is, if you currently have a similar situation in
    > your work environment, how do you handle granting these people
    > temp/guest WiFi access.
    >
    > Access controls for employees can be fairly stringent (i.e. only
    > connect from company owned assets who's MAC is inventoried, use of 2
    > factor authentication, etc), but a lot of this isnt applicable for
    > temporary visitors. I know one company that would give you a WiFi card
    > when you signed in that was in their database of 'allowed' MAC
    > addresses (I know, dont get me started on MAC spoofing), however I
    > would bet cash money that those cards walked away regularly. Similar
    > thing with issuing a temporary token fob (SecureID or the like).
    >
    > I know the easy answer here is 'Dont give them WiFi access', but I
    > don't think that is going to be an option. Thoughts, comments, flames?
    >
    > -noid
    > _______________________________________________
    > firewall-wizards mailing list
    > firewall-wizards@honor.icsalabs.com
    > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    >
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Sp0oKeR Labs: "Re: [fw-wiz] Discretionary WiFi Access"

    Relevant Pages

    • Re: [fw-wiz] Discretionary WiFi Access
      ... I know one company that would give you a WiFi card ... > when you signed in that was in their database of 'allowed' MAC ... > addresses (I know, dont get me started on MAC spoofing), however I ... > I know the easy answer here is 'Dont give them WiFi access', ...
      (Firewall-Wizards)
    • [fw-wiz] Discretionary WiFi Access
      ... My company has started looking into campus-wide WiFi. ... when you signed in that was in their database of 'allowed' MAC ... I know the easy answer here is 'Dont give them WiFi access', ...
      (Firewall-Wizards)
    • RE: [fw-wiz] Discretionary WiFi Access
      ... Have a separate Firewall and provide outbound access, ... I know one company that would give you a WiFi card when you signed ... in that was in their database of 'allowed' MAC addresses (I know, ... I know the easy answer here is 'Dont give them WiFi access', ...
      (Firewall-Wizards)
    • Re: HELP! "Permissions denied"
      ... Jim wrote: ... Has someone changed the config on the WiFi access point so that your MAC ...
      (comp.sys.mac.system)
    • Re: HELP! "Permissions denied"
      ... Has someone changed the config on the WiFi access point so that your MAC ... Or have you changed computers and not ...
      (comp.sys.mac.system)