RE: Wireless access

From: Cesar Osorio (COsorio_at_awb.com.au)
Date: 03/31/04

  • Next message: Mitchell Rowton: "RE: Wireless access"
    To: Robert Mezzone <Robert.Mezzone@PJSolomon.Com>
    Date: Wed, 31 Mar 2004 09:27:30 +1000
    
    

    Hi all,

    Well, How about setting your wireless in a complete DMZ off the Firewall,
    and only HTTP traffic can flow out to the internet and nothing else.
          Plus (This is a maybee) could setup and user ID and password @ the
    firewall so, any client that connects to it needs to authenticate to the FW
    before is allow out ... this will help knowing how legit and who the user
    is ...
          Plus change the password on this FW user regularly and do not publish
    it or give it away untill needed.

                                                                                                                            
                          Robert Mezzone
                          <Robert.Mezzone@PJS To: "'jswhitford@acm.org'" <jswhitford@acm.org>,
                          olomon.Com> security-basics@securityfocus.com
                                                     cc:
                          30/03/2004 03:17 Subject: RE: Wireless access
                                                                                                                            
                                                                                                                            

    As an example, what happens if a person (unknowingly) connects wirelessly
    and downloads a music file? They are outside our firewall but they are
    still connected to our network. Wouldn't the company still be liable?

    Thanks.

    Robert

    -----Original Message-----
    From: John S.Whitford [mailto:jswhitford@acm.org]
    Sent: Friday, March 26, 2004 8:26 PM
    To: security-basics@securityfocus.com
    Subject: Re: Wireless access

    On Fri, 26 Mar 2004 16:42:16 -0500, you wrote:

    >How do you handle wireless network security in a corporate environment?
    >A couple of the people here want me to setup a wireless network so
    >visitors can setup there laptop in a conference room, or anywhere in
    >the office and connect to the network, internet not our internal
    >network. I'm not to comfortable with this idea but I don't have the
    >final say. It sounds like I would have to leave MAC access control
    >turned off, or obtain the users MAC address then enter it into control
    >list, and also provide the visitor with the SSID and the WEP password.
    >Am I correct in this assumption. Wireless networking was suppose to
    >make things easier in their eyes. Unless I leave everything wide open
    >it's probably easier to plug an Ethernet cable in the PC.

    I'd put the access point outside the firewall if you have the public DHCP
    address space. If not I'd put it on an isolated DMZ segment. SSID of
    "meetingroom" or "visitor" with WEP disabled. That gives them the Internet
    with no more rights than any other outsider.

    HTH

    Best Regards,

    John S. Whitford CCNA

    Whitford Enterprises
    Cisco Systems Registered Partner
    Microsoft Technical Partner
    APC Authorized Reliability Provider

    832-594-4825 mobile
    jswhitford@acm.org

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the
    skills of an Ethical Hacker to better assess the security of your
    organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less

    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the
    skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------


  • Next message: Mitchell Rowton: "RE: Wireless access"