Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: WLAN DMZ Ideas

From: Mark <firewalladmin () bellsouth net>
Date: Wed, 13 Oct 2004 06:29:22 -0400
Actually no, I hadn't considered that one. It may not be necessary
though, as the implementation is more of a "this will help us be more
accurate and will be faster than the old way" rather than "mission
critical". Still, it's a valid point since "convenience" often becomes
"must have" in the eyes of those who make the policy.
Thanks, 
Mark

On Wed, 2004-10-13 at 04:10, Kevin Sheldrake wrote:

Have you considered the availability requirements of your WLAN?  You don't  
need to be within eavesdropping distance to suitably disrupt one.  The  
only other immediate thought I had was that you might like to plot a map  
of WLAN reach at different times of day within different weather  
conditions.  This would demonstrate that your physical security measures  
appropriately mitigate your WLAN risks.

Kev


Just wanted to thank everyone who answered with ideas. The main theme,  
based on the large campus-like environment, was VLANs. The proposal I  
suggested then was to implement 3DES encryption and MAC filtering on the  
WLAN (which goes without saying, of course). The AP's are then placed on  
a VLAN which is connected to the default VLAN through a Cisco Router  
with a very restrictive access list. This is made simpler based on the  
proprietary ports used to talk with the Management station, no standard  
http or netbios stuff needs to cross VLANs, which means that all the  
standard exploitable ports will be closed. In addition, physical  
security is excellent. The "campus" is highly secured and restricted  
with gates/security guards, the LAN equipment is further secured in  
restricted access buildings, rooms and cabinets. In addition we are a  
"secured" area within a larger "secured" campus, which really helps  
limit the eavesdropping on the WAPs. Anything else to consider? Thanks!
Mark

Mark F.
MCP, CCNA
"You can spend your life any way you want... But you can only spend it  
once."

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards







_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: