Re: Protecting the enterprise wireless network

From: Orlin Gueorguiev <orlin@xxxxxxxxxxx>
Date: Sat, 17 May 2008 04:31:19 +0200

Hi Zeffy,
I read Sergio's suggestion. I should say that if you really seak security,
then you should enforce VPN (OpenVPN for example is a good solution). Basicly
your topology will look like this:
1. End user connect via wireless to your wifi and connects via VPN to VPN
Endpoint
2. The wifi point knows only to allow connections to VPN Endpoint. There is
no need to use WEP/WPA because the traffic will be encrypted between each
host and your VPN Endpoint.
3. VPN Endpoint: once the VPN traffic is decrypted, you can use the firewall
of your choice (iproute2 is a good one, I think (never tested) that it
supports load balancing).

Cheers,
Orlin

На Friday 16 May 2008 07:50:35 zefferno@xxxxxxxxx написа:

Hey all.

We want to implement a separated secure Internet Wireless network which
will be used by guests or users from our company in our building.

We will use Access Points, managed switch and Gateway device that you might
offer. The Gateway can be also a Linux (open-source) based solution - it
is much better for us :)

We are looking for the following features:

1. Only HTTP, HTTPS, SMTP will be permitted, and it will be great if it is
also analyzes the protocol, not just blocking a port.

2. QOS - Some kind of traffic shaping to balance the Internet between all
users.

3. We want to limit the access from specific time range.

4. Since there is a chance that a User from our company will accidentally
connect the LAN cable without disconnecting the Wireless network. Is there
any way to block all access between all connected Wireless users? So that
an attacker won't be able to access any of the Wireless clients?

Best Regards,
Zeffy.

References:
- Protecting the enterprise wireless network
  - From: zefferno

Prev by Date: Re: Getting the value of an asset and the probability of a risk to it
Next by Date: ISA Server Proxy/Firewall Audit
Previous by thread: RE: Protecting the enterprise wireless network
Next by thread: Skype readies for Enterprise?
Index(es):
- Date
- Thread

Relevant Pages

Re: Industry Standard Security and guest wifi access best practice
... VPN use-This is something I want to rule out from the start. ... don't support WPA, and if they did then rule out changing the key ever. ... Use WPA to encrypt wireless traffic, ... Connection is simple for the end user and requires no VPN client ...
(alt.internet.wireless)
Re: VPN vs. Cisco LEAP for wireless security ?
... use the wireless, and then (assuming you have adequate user account password ... the latest version of the client and access point ... VPN does nothing to guard the front door, so to speak--which is what the ... > Does it make sense use VPN to provide wireless security in my ...
(microsoft.public.security)
Re: RE: Wireless security and VPN
... It is imperative that you use VPN to secure any ... >that will be much more secure for wireless however, a GOOD VPN set up will ... Most Cisco wireless gear has this WEP type (called ...
(Security-Basics)
Re: Is wireless viable on and SBS network?
... I have trouble believing the point you are suggesting that the wireless ... I've seen machines that don't have proper time sync ignore policy and logon ... Roaming profiles work fine over a VPN, all assuming you are not either too ... the VPN Dialup connection, connect, then initiate the user authentication. ...
(microsoft.public.backoffice.smallbiz2000)
RE: RE: Wireless security and VPN
... IPSec alone is enough to secure all your network data. ... Subject: Wireless security and VPN ... authorized to receive the communication. ...
(Security-Basics)