Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Worms, Wireless

From: "Kelly, Chris W." <ckelly () hsutx edu>
Date: Mon, 10 May 2004 10:29:48 -0500
 Time costly?  Guess that depends on your equipment.  Took me about an
hour to fix up a wireless VLAN, secure it with an access list and test
it.  We're considering "filtering" out ports on internal dorms, but that
creates a lot of headaches.  AND, the Administration has to make the
decision to do it - which they so far won't.  We'll probably have to
wait for the kid that shows up with a PC and a nice big ol' something on
it that just totally wreaks havoc on the internals.  The worms like to
probe on the MS ports and with us being an Exchange shop...well, we're
just stuck with that.  We are now pushing security updates to the admin
desktops, so that helps. 

As for more access from the wireless LAN, we just give them a copy of
the VPN client and let them go through the VPN gateway.  Paid big money
for it - might as well use it for something (we have a grand total of
about 6 remote users for a box that will handle 100).  For the wireless,
it's not really all about "security"  - it was way easier for me to do
the VLAN than try and sort out the !@#$# wireless secure protocols and
buy more licesnes for software (like Funk stuff) for clients that just
don't exist in numbers that justify the expense.  Maybe later, but by
then it'll be a new set of problems.  

 An interesting approach that many universities 

and medium sized business have being taking is to isolate 
mobile users in a network (or VLAN) regardless of their 
security state. As most of the mobile user's needs are to 
read/send e-mail and use the web, they are restricted, with 
packet filters, to do just these activities. This minimizes 
the threat and is a good solution for many companies and 
univerisities. 
Implementing it is time costly, but a cost that is worth 
paying in many environments.

Regards,
vmm.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: