Security Basics mailing list archives
Re: Wireless Security vs Performance
From: Jon Janego <jonjanego () gmail com>
Date: Mon, 6 Jul 2009 11:19:02 -0500
HI, TKIP and WEP don't work together. TKIP is a replacement for the keying handshake in WEP and will only work with a WPA or WPA2 implementation. (See: the 802.11i specification) That being said... if you have control over all of the clients that will be using the domain (i.e. they are all on the same domain), using an encryption method of WPA2 + AES and an authentication method of EAP-TLS (via a FreeRADIUS or Windows 2003/08 RADIUS implementation) is probably going to be the easiest and most secure way for the users. You can deploy client certificates over the domain and tie authentication to the domain accounts. VPN will work, but from the perspective of the users it is more labor intensive. When deploying a secure WLAN network I find it preferable to make the security as transparent and painless to the users as possible. This will allow less chances for them to break it, also! VPN in a controlled enterprise environment should probably only be considered if you are having your trusted users share the network with a loosely-controlled guest network as well. For most other cases a secure encryption + secure 802.1X authentication solution is going to be much easier to maintain. Best, Jon Janego GAWN, CEH On Tue, Jun 23, 2009 at 4:11 PM, Leandro Quibem Magnabosco<leandro.magnabosco () fcdl-sc org br> wrote:
Hello guys, I am modeling a new wireless network and I need it to be the most secure possible and still provide access to our local network. That being said, TKIP + WEP + VPN sounds like a good way to get security and still provide access to the local network. What worries me is the performance on such configuration. If anyone has such configuration or ever tested something like that, please what you think of it. Suggestions of other models are also really welcome. -- *Leandro Quibem Magnabosco Consultor de TI (48) 3251-5323 *leandro.magnabosco () fcdl-sc org br <mailto:leandro.magnabosco () fcdl-sc org br> www.fcdl-sc.org.br <http://www.fcdl-sc.org.br> Rua: Rafael Bandeira, 41 CEP. 88015-450 Florianópolis - SC "Este é um e-mail oriundo da Federação das Câmaras de Dirigentes Lojistas de Santa Catarina, e seu conteúdo é confidencial e destinado exclusivamente a seu(s) destinatário(s), não podendo ser copiado ou repassado,no todo ou em parte, a terceiros. Se esta mensagem foi-lhe enviada por engano, pedimos o obséquio de entrar em contato conosco. This is an e-mail from the Federação das Câmaras de Dirigentes Lojistas de Santa Catarina and its contents are privileged and confidential to the ordinary user(s) of the e-mail address(es) to which it was addressed, and no one else may copy or forward all or any of it in any form. If this e-mail was sent to you in error, please contact us." ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff! http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Re: Wireless Security vs Performance Johnny Wong (Jul 02)
- RE: Wireless Security vs Performance juan | ToBe Security (Jul 06)
- RE: Wireless Security vs Performance Marc Rivero López (Jul 06)
- <Possible follow-ups>
- Re: Wireless Security vs Performance Jon Janego (Jul 06)
- RE: Wireless Security vs Performance juan | ToBe Security (Jul 06)