wireless internal vs external

From: William Stegman (stegmanw_at_comcast.net)
Date: 07/13/05

  • Next message: routerg: "Re: Cisco ACL doubt"
    Date: Wed, 13 Jul 2005 12:47:55 -0400
    To: security-basics@securityfocus.com

    fter researching wireless security, and testing deployment of an
    internal wireless solution, that is wireless connected to the corporate
    LAN, and external wireless, an AP connected to the Internet, I’m
    convinced the internal solution is the most secure. The problem is that
    the “higher ups” are not convinced. My rationale is that using eap/tls
    with tkip or aes on an aironet 1200 provides much more security and
    scalability than using a lniksys that sits on the Internet. I can create
    access-lists on the aironet to prevent unauthorized attempts to the http
    protocol, vlans, and it has VoIP capability. The biggest problem with
    the outside wireless solution is that it is using WEP, and if I’m
    connected to my LAN and then also connect to the outside, I’ve
    essentially turned my laptop into a gateway that offers very little
    firewall protection, zonelabs is installed on most laptops. So, does
    anyone have any experience or opinion I can consider? I feel that the
    “inside wireless solution” has had a sort of unjustified boogeyman aura
    to it, but perhaps someone else has some further insight.

    Thank you,

    /William Stegman - Network Administrator/

    TransCore - Hummelstown

  • Next message: routerg: "Re: Cisco ACL doubt"

    Relevant Pages

    • RE: wireless internal vs external
      ... Secondly, it's not usually placement of APs on the raw unfiltered Internet, ... WPA2 and will provide a fair bit of security for your 'DMZ'. ... Subject: wireless internal vs external ... The biggest problem with the outside wireless solution is ...
    • Re: XP Wake-up ?
      ... Have you considered the "wake on LAN" option? ... Then you can wake it up remotely at anytime even if it is shut off with the ... I haven't tried this with a wireless solution though. ...