Re: WLAN in a secure SME environment

[Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>]

On 2004-11-03 Shaineel Singh wrote:
> I am in the process of providing a solution for an SME that currently
> employs both wired and wireless clients. I can provide rudimentary
> security for the WLAN by hardcoding MAC addresses on the AP and
> disabling DHCP amongst other methods.
>
> My question to the list is this, besides making sure that very little
> information is sent via cleartext in wireless mode to circumvent
> wireless sniffing, etc. what sorts of methods could I use to
> effectively segregate the WLAN and LAN? We are talking about a M$
> environment with winXP being the operating system on most laptops and
> workstations. Would it be easier to just have a VPN setup when clients
> are forced to use wireless as their access method?

A VPN over the WLAN and separation of wired and wireless network
segments with a filtering router between them is the *only* way to a
secure WLAN.

Regards
Ansgar Wiechers
-- 
"Those who would give up liberty for a little temporary safety
deserve neither liberty nor safety, and will lose both."
--Benjamin Franklin