Security Basics mailing list archives

Re: Cisco Secure ACS vs. Firewall

From: DocValde <DocValde () gmx de>
Date: Fri, 25 Oct 2002 02:45:52 +0200

Hallo mario.walter () bluewin ch,
am Mittwoch, 23. Oktober 2002 um 11:13:36 schrieben Sie:

Hi List

we are going to setup a WLAN in a warehouse to enable the forklifters to
communicate with with the warehouse management (WM) system. The company,
which will install all the equipment suggested to setup a Cisco Secure ACS
for security reasons. However, I would prefer the installation of a firewall
and having a separate network segment for this WLAN, because the traffic
between the WM system and the forklifts isn't critical at all, but the traffic
on the company LAN is. So, my idea is to restrict the traffic going through
this firewall to only the needed protocols and IPs (outgoing and incoming),
to protect the rest of the companys LAN.
Any thoughts, caveats, comments?

TIA

Mario


Hi Mario,

two completely different ways:

1)  securing  the  wireless  traffic.  Establishing  strong  AAA  and (with Cisco wireless
equipment)  quite secure communication on the wLAN. Quite cheap: Only the Cisco Secure ACS
is  needed, if you already use Cisco wLAN equipment.
It is quite easy to configure and maintain, but be sure to keep it redundant.
Synchronization works well.

2) securing the internal network. Equally valid and good. You don't see the need to secure
the wireless communication, but the internal network. Needed: stateful inspection box.

CAVE:  What will be your filtering criterium at the firewall? The source ip? Bad idea at a
wLAN. But if you are experienced in firewalling, it'll do what you want.

The  point  is:  it is surely more secure, when you keep intruders completely out. And you
can  do  that  by a TACACS+-Server and Cisco EAP-TLS. Seems quite good until now. I think,
costs  for buying and maintaining a firewall (e.g. Cisco PIX 501) and Cisco Secure ACS are
quite  similar,  setup  is  easier  with the ACS. And it's end-to-end security.  Seems the
better solution.

Just my 3.141 euro-cents,

Best regards,

Malte von dem Hagen.
-- 

DocValde

web:   http://www.DocValde.net
eMail: DocValde () gmx de
icq:   71581747

Current thread:

Cisco Secure ACS vs. Firewall mario . walter (Oct 24)
- Re: Cisco Secure ACS vs. Firewall DocValde (Oct 25)
- Re: Cisco Secure ACS vs. Firewall Srecko Jovancevic (Oct 25)
- Re: Cisco Secure ACS vs. Firewall Rudolf Eggelbusch (Oct 25)
  - Re: Cisco Secure ACS vs. Firewall shawnmer (Oct 28)
- <Possible follow-ups>
- RE: Cisco Secure ACS vs. Firewall Ogden, Earl (Oct 25)
- Cisco Secure ACS vs. Firewall Eric Young (Oct 25)