Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Off Topic: 802.11 Dongles

From: TSimons () Delphi-Tech com
Date: Wed, 13 Aug 2003 20:46:49 -0400
Thanks for your input and description of your layout!  I've been looking for
info in wireless in all areas so you helped out a lot.

Along the lines of "dongle", yeah, I should have been clearer, I'm looking
to try to standardize PCMCIA cards that could become standard issue in our
corporate laptops.  Users will then be responsible for getting their own
WAP.

~Todd

-----Original Message-----
From: Crispin Cowan [mailto:crispin () immunix com]
Sent: Wednesday, August 13, 2003 3:50 PM
To: TSimons () Delphi-Tech com
Cc: firewall-wizards () honor icsalabs com
Subject: Re: [fw-wiz] Off Topic: 802.11 Dongles


TSimons () Delphi-Tech com wrote:


This is a little off topic, but something that could benifit all...  Our
laptop users are pushing for wireless, we'd rather not have to support

every

dongle thats out there.  We're thinking compromize, we buy the dongle and
set it up, the end user matches the WEP setting on their WAP.  


I'm not sure what you mean by "dongle", other than "brand of WiFi card" 
perhaps?

In any case, WEP is useless; easy to crack.

What we deployed:

    * put the WAP outside the firewall, on its own subnet where it can't
      sniff DMZ traffic
    * no WEP
    * casual drive-by users can access the internet, but only have about
      as much leverage on our LAN as Internet users in Bombay
    * for access to internal LAN services, make the wireless users use a
      VPN, just like remote users do

This network architecture seems to surprise a lot of people, who keep 
wishing for a level 2 security solution that will work. Conversely, I've 
always been surprised at the desire for level 2 security: I always act 
as if the attacker is clamped to my personal ethernet port, and only 
send encrypted traffic if it matters at all. Use level 3 crypto if it 
matters.

Of course, that does raise a problem that we haven't solved: what is a 
good VPN/IPSec solution that works for both Windows and Linux clients? I 
know, FreeSWAN, but it's flaky, and taking up a lot of our admin's time 
trying to debug it.

Crispin

-- 
Crispin Cowan, Ph.D.           http://immunix.com/~crispin/
Chief Scientist, Immunix       http://immunix.com
            http://www.immunix.com/shop/

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: