Re: Wireless access

From: John S.Whitford (jswhitford_at_acm.org)
Date: 03/27/04

  • Next message: Eric Brown: "RE: Wireless access" 
    To: security-basics@securityfocus.com
Date: Fri, 26 Mar 2004 17:13:53 -0600

    On Fri, 26 Mar 2004 16:42:16 -0500, you wrote:

    >How do you handle wireless network security in a corporate environment? A
    >couple of the people here want me to setup a wireless network so visitors
    >can setup there laptop in a conference room, or anywhere in the office and
    >connect to the network, internet not our internal network. I'm not to
    >comfortable with this idea but I don't have the final say. It sounds like I
    >would have to leave MAC access control turned off, or obtain the users MAC
    >address then enter it into control list, and also provide the visitor with
    >the SSID and the WEP password. Am I correct in this assumption. Wireless
    >networking was suppose to make things easier in their eyes. Unless I leave
    >everything wide open it's probably easier to plug an Ethernet cable in the
    >PC.

    I'd put the access point outside the firewall if you have the public DHCP address space. If not I'd put it on an isolated DMZ
    segment. SSID of "meetingroom" or "visitor" with WEP disabled. That gives them the Internet with no more rights than any other
    outsider.

    HTH

    Best Regards,

    John S. Whitford CCNA

    Whitford Enterprises
    Cisco Systems Registered Partner
    Microsoft Technical Partner
    APC Authorized Reliability Provider

    832-594-4825 mobile
    jswhitford@acm.org

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------

  • Next message: Eric Brown: "RE: Wireless access"

    Relevant Pages

    • Re: Two error messages
      ... Each computer can connect to the internet without ... >> visible in Network Neighborhood, ... >router and I entered the IP static address assigned to me by my ISP. ... The best way for a "clean sweep" would be for you to setup both computers to get ...
      (microsoft.public.windowsxp.network_web)
    • Re: making Samba work [not yet, it turns out]
      ... > network and return a list of machines and IP addresses. ... but with the same internet address I was getting the other ... instead of resolving StudyPC to the local Windows machine on my ... did you ever tell us about how you realized the DNS setup within ...
      (Fedora)
    • Re: [SLE] Size
      ... > visibility between some of the LAN machines and the internet as well ... > other network and file system features on this same machine. ... > this setup to take. ...
      (SuSE)
    • Re: Since when are Work and The Internet Network Settings????
      ... Setup everything for "Work"... ... > -If I set the wireless setting to 'Work', ... > on the network but when I try to browse the internet I get a popup ... > -If I setup the wireless setting to 'The Internet' I can connect to ...
      (microsoft.public.pocketpc.wireless)
    • RE: Securing a Local Network
      ... Show the Management of your company the insecurity of the Peer to Peer ... setup and discuss what risks are they willing to accept. ... -Cost of getting the web server and the mail server internally versus having ... -Use an older box for Intrusion Detection on the internal network as well. ...
      (Security-Basics)
    Loading