Re: [fw-wiz] Discretionary WiFi Access

From: Chris Byrd (cbyrd01_at_gmail.com)
Date: 07/08/05

  • Next message: Jim Seymour: "Re: [fw-wiz] Discretionary WiFi Access" 
    To: Dave Null <noid23@gmail.com>
Date: Fri, 8 Jul 2005 08:57:05 -0500

    Many APs support 802.1x with dynamic VLAN membership. This means that
    authenticated users get into a internal access VLAN (still should be
    seperated from the internal network by firewall - this is the
    firewalls list after all), non-authenticated users get an Internet
    access VLAN. You can use queueing techniques to rate-limit the
    guests.

    A captive portal would allow you to make guests sign off on acceptable
    use terms before giving them access.

    - Chris

    On 7/7/05, Dave Null <noid23@gmail.com> wrote:
    > Its not firewall related, but there's some smart minds on this list.
    > My company has started looking into campus-wide WiFi. I'll keep my
    > personal feeling on this to myself though. One thing that keeps
    > comming up is that one of the largest user communities that would take
    > advantage of this would be non-employees. Vendors, Salesmen, people
    > meeting with GMs/VPs/Execs are probably going to be the main users of
    > this. My question is, if you currently have a similar situation in
    > your work environment, how do you handle granting these people
    > temp/guest WiFi access.
    >
    > Access controls for employees can be fairly stringent (i.e. only
    > connect from company owned assets who's MAC is inventoried, use of 2
    > factor authentication, etc), but a lot of this isnt applicable for
    > temporary visitors. I know one company that would give you a WiFi card
    > when you signed in that was in their database of 'allowed' MAC
    > addresses (I know, dont get me started on MAC spoofing), however I
    > would bet cash money that those cards walked away regularly. Similar
    > thing with issuing a temporary token fob (SecureID or the like).
    >
    > I know the easy answer here is 'Dont give them WiFi access', but I
    > don't think that is going to be an option. Thoughts, comments, flames?
    >
    > -noid
    > _______________________________________________
    > firewall-wizards mailing list
    > firewall-wizards@honor.icsalabs.com
    > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    >
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Jim Seymour: "Re: [fw-wiz] Discretionary WiFi Access"

    Relevant Pages

    • Re: [fw-wiz] Discretionary WiFi Access
      ... > advantage of this would be non-employees. ... Vendors, Salesmen, people ... > I know the easy answer here is 'Dont give them WiFi access', ... access to the Internet with little or no firewalling or access ...
      (Firewall-Wizards)
    • Re: Choosing best conneciton
      ... wifi access point, it says will this connect me to the internet or to ... and i set them all to internet. ... both to being INTERNET connections rather than being Work ... are selecting how the device actually connects to the internet. ...
      (microsoft.public.pocketpc)
    • Re: cs3 and cs4
      ... mainly to support customers with various versions, but I always keep PS6 ... Internet, and I don't want to be stuck in the boonies with no Internet and ... Photoshop needs an internet connection to activate, ... have wifi access - at the same time, at 95 megabytes, it costs me almost ...
      (comp.graphics.apps.photoshop)
    • Re: Gazing at laptops, pilots missed city
      ... I searched on it and it looks like NWA offers wifi access to the ... internet for $12.95 on flights over 3 hours. ...
      (rec.sport.football.college)