RE: Wireless security and VPN

From: Chris Martin (chris.martin@smartech.com.au)
Date: 11/18/02

  • Next message: SaiKrishna: "query on firewall throughput....." 
    Date: Mon, 18 Nov 2002 12:17:55 +1100
From: "Chris Martin" <chris.martin@smartech.com.au>
To: "Brian Bettger" <brianb@diversint.com>

    The 802.11x (I think that's what it's called) system may be what you are
    looking for. This system utilises the client authenticating to a RADIUS
    server via EAP. Most Cisco wireless gear has this WEP type (called
    LEAP). It's quite strong and the keys change regularly at predetermined
    intervals.

    Even if you use VPN stuff like L2TP or PPTP you'll still have an
    authentication process, however LEAP/802.11x integrates all that very
    seamlessly.

    Hope this helps,

    Chris Martin

    -----Original Message-----
    From: Brian Bettger [mailto:brianb@diversint.com]
    Sent: Friday, 15 November 2002 4:12 AM
    To: security-basics@securityfocus.com
    Subject: Wireless security and VPN

    Hello,

    I am searching for a product that incorporates a Wireless Access Point
    AND VPN authentication to use for nearly all of our wireless rollouts.
    As you know SSID and WEP are possibly not enough to keep people out of
    networks. An integrated VPN authentication after SSID and WEP, BUT
    before network authentication would be REALLY nice. In other words, I
    turn on my laptop, PDA or workstation, it establishes the primary
    connection through the use of SSID and WEP, then stops, leaving port
    1723 open, dropping all other traffic or attack attempts until I make a
    secure VPN connection. As soon as I establish the VPN connection I am
    then prompted (or not) with my NT, Novell, or whatever login.

    The thought is, a war driver could possibly crack WEP, access to the WAP
    but is then faced with needing to establish a VPN connection even before
    he can gain information about the network. The war driver / cracker
    could only scan and see port 1723.

    Please pass this on as a request for development if possible. Another
    point is that it would be nice to have this bundled into one appliance.
    Additionally pass this on to anyone else you feel may help.

    Yes, I have looked into Proxim's solution, but it is over priced for my
    clients (SOHO to medium size business, 25-100 users) and requires two
    appliances, the WAP and then the VPN appliance.

    Brian Bettger
    Systems Engineer
    Diversint, Inc.
    Diversified Internet Services Group

    360-404-2044

    www.diversint.com

    Technology is Business

    Relevant Pages

    • Re: DFL-300 IPSEC VPNs only works if your remote client is open wide open on the internet! Sucks!
      ... Encapsulating Security Mode (ESP) WITH AUTHENTICATION! ... I would think that the only way to correct this issue, and use the VPN ... >> Are you trying to make a VPN connection somewhere? ...
      (comp.security.firewalls)
    • RE: Wireless security and VPN
      ... LEAP authentication to a RADIUS server is what we use in-house. ... Subject: Wireless security and VPN ... Most Cisco wireless gear has this WEP type (called ...
      (Security-Basics)
    • Re: How do I deal with remote non domain PCs
      ... What may help is the user uses the option in the VPN connection to specify ... locally credentials are used for authentication for domain resources. ... member file server, what would you use to authenticate? ...
      (microsoft.public.windows.server.security)
    • Wireless security and VPN
      ... AND VPN authentication to use for nearly all of our wireless rollouts. ... An integrated VPN authentication after SSID and WEP, ... As soon as I establish the VPN connection I am ...
      (Security-Basics)
    • RE: Wireless security and VPN
      ... We always set the client default route through the VPN. ... this is the ONLY secure way to deploy wireless. ... An integrated VPN authentication after SSID and WEP, ... As soon as I establish the VPN connection I am ...
      (Security-Basics)