RE: wireless internal vs external

From: Burton Strauss (BStrauss3_at_comcast.net)
Date: 07/19/05

  • Next message: Ivan C: "Re: force https" 
    To: "'William Stegman'" <stegmanw@comcast.net>, <security-basics@securityfocus.com>
Date: Mon, 18 Jul 2005 17:24:04 -0500

    First off, it would help if you were doing and apples to apples comparison.

    The issue of WEP vs. WPA/WPA2 is irrelevant to the location of the AP.
    There are hosted services for WPA/WPA2 available, or you can extend your
    internal structure to APs in the DMZ via a few well chosen firewall holes.

    Secondly, it's not usually placement of APs on the raw unfiltered Internet,
    but rather behind even a minimal firewall in some form of a DMZ.

    Third, even the (current generation) Linksys box you malign offers WPA or
    WPA2 and will provide a fair bit of security for your 'DMZ'.

    That said, your reasoning is exposed as specious.

    The issue becomes whether to place the APs in the DMZ and require an
    additional layer of VPN authentication for access to corporate resources, or
    to place them in the LAN and forego that extra authentication. Given the
    principle of layered security, the answer should be obvious.

    -----Burton

    -----Original Message-----
    From: William Stegman [mailto:stegmanw@comcast.net]
    Sent: Wednesday, July 13, 2005 11:48 AM
    To: security-basics@securityfocus.com
    Subject: wireless internal vs external

    fter researching wireless security, and testing deployment of an internal
    wireless solution, that is wireless connected to the corporate LAN, and
    external wireless, an AP connected to the Internet, I'm convinced the
    internal solution is the most secure. The problem is that the "higher ups"
    are not convinced. My rationale is that using eap/tls with tkip or aes on an
    aironet 1200 provides much more security and scalability than using a
    lniksys that sits on the Internet. I can create access-lists on the aironet
    to prevent unauthorized attempts to the http protocol, vlans, and it has
    VoIP capability. The biggest problem with the outside wireless solution is
    that it is using WEP, and if I'm connected to my LAN and then also connect
    to the outside, I've essentially turned my laptop into a gateway that offers
    very little firewall protection, zonelabs is installed on most laptops. So,
    does anyone have any experience or opinion I can consider? I feel that the
    "inside wireless solution" has had a sort of unjustified boogeyman aura to
    it, but perhaps someone else has some further insight.

    Thank you,

    /William Stegman - Network Administrator/

    TransCore - Hummelstown

  • Next message: Ivan C: "Re: force https"

    Relevant Pages

    • Re: Wi-Fi: Essential Checklist
      ... difficult to snoop wired Internet traffic than open wireless traffic. ... That really depends on which side of the network you're sitting on. ... and probably giving you a false sense of security. ...
      (alt.internet.wireless)
    • Re: WiFi
      ... I will be using the computer for stock trading and I ... Please share your thoughts about security with me. ... wired Internet at home or a wireless Internet hookup at a hotel. ...
      (comp.sys.laptops)
    • Re: Wireless security problem.
      ... secure Internet Connection and Secure Wireless there is No relation between ... Wireless Security has Nothing to do with Firewall. ... Each computer on your Network that has access to the Internet should have ...
      (microsoft.public.windowsxp.network_web)
    • Re: Your thoughts on my network security.
      ... Well from what I've read about internet and home network security, also from the advice of 2 internet security experts, one works for Telewest broadband and the other sets up bank security both have said that the my connection is unhackable from the internet side and as I'm using a completely random 63 character password WPA-PSK (example key: ... And about your wireless security and your key, why don't you hope over to alt.internet.wireless where the wireless experts and hackers frequent. ... In regards to Spybot, ad-adware they are recommended by 100s of sites to help find and remove problems with spyware etc and with my anti virus I am well covered. ...
      (comp.security.firewalls)
    • RE: wireless internal vs external
      ... I guess it really depends on what the wireless access is to be used for. ... convince the "higher ups" that it is better to have more control over access ... lniksys that sits on the Internet. ... The biggest problem with the outside wireless solution is ...
      (Security-Basics)