RE: Wirless LAN

• Previous message: chort: "RE: suggestions on a good firewall"
• In reply to: Potter, Tim: "Wirless LAN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'Potter, Tim'" <Tim.Potter@clarkconsulting.com>, <security-basics@securityfocus.com>
Date: Mon, 23 Jun 2003 09:59:39 -0700

  There are two basic approaches to this:

1. Install one of the several GOOD "wireless switch" back-end boxes,
which handle the login and enforce per-user (by group or role) traffic
restrictions. Some of these offer advanced features, such as allowing
users to roam from one AP to another without re-authenticating.

2. Group access points on different VLANs, according to the rights
users need. Require some kind of login to access out of the VLAN.
This is clumsy and awkward and horrible; be aware that a few "wireless
switch" products just use the user login to group clients into VLANs,
and expect your core inter-VLAN routing access lists to do all policy
enforcement...

  [I'd prefer not to name names, but watch for boxes that boast how
many VLANs they allow. Oh, and note that on some boxes, roaming *may*
require proprietary APs made by the switch manufacturer.....]

David Gillett

> -----Original Message-----
> From: Potter, Tim [mailto:Tim.Potter@clarkconsulting.com]
> Sent: June 18, 2003 13:08
> To: security-basics@securityfocus.com
> Subject: Wirless LAN
>
>
> We're going to be taking the dive on a WLAN here soon. We have two
> floors and two wings on each floor. I'm thinking of 2 access
> points per
> wing. My question, is that I'm looking for opinions on how
> best to set
> this up security-wise. I've been reading a lot about this lately, but
> maybe someone on this list has set this up and give me some input. My
> Wireless knowledge is probably a 4 (out of 10). Thanks,
> -Tim
>
> --------------------------------------------------------------

---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------

• Previous message: chort: "RE: suggestions on a good firewall"
• In reply to: Potter, Tim: "Wirless LAN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: CentOS 4.2 problem switching from GUI to Character Screen using CTL-ALT-F1 in VMWare ... video card and as the guest OS I have loaded Cent OS 4.2. ... CentOS guest to a runlevel 5 so I get the GUI on vt7 I can login on that ... switch back to vt1 and blindly type ... In VMWare, the CTRL-ALT key combination is considered a "hot key". ... (comp.os.linux.x) Re: 7028 6C4 - Aix 5.1 - problem on login ... 7028 6C4 - Aix 5.1 - problem on login ... I believe it is not dns issue because it did try to telnet using i.p. ... I can ping from other machine to the problematic box. ... pinging and pinged boxes. ... (AIX-L) Re: The Box Stops Here ... >The Game Show Host showed Bert the four boxes and said, ... >boxes in the Grand Prize. ... >The boxes were marked with the letters A, B, C, and D. Bert picked box B. ... I can improve my odds of winning if I switch boxes!". ... (rec.puzzles) Re: NFS client slow on amd64 6.2-PRERELEASE #2 ... indeed the Cisco labelled them as auto-100/full, ... Both boxes reported auto-neg and being at 100/full ... set the switch ports to 100/full, then rebooted both boxes (yes, ... (freebsd-stable) Re: The Box Stops Here ... The other three boxes are empty. ... I can improve my odds of winning if I switch boxes!". ... Would switching back improve my chances, ... (rec.puzzles)