Security Basics mailing list archives

RE: wireless internal vs external

From: "David Gillett" <gillettdavid () fhda edu>
Date: Tue, 19 Jul 2005 08:39:31 -0700

  I don't understand how WHERE the wireless space connects to
your wired infrastructure dictates WHAT equipment is used.

  The Aironet 1200 offers a whole lot more than any LinkSys
product I know of.

  Regardless of security features offered by the access point,
the wireless space should be on a distinct VLAN with filtered
access to wired resources, whether internal or on the Internet.
Access-point security should focus on who can connect to the
wireless service, and where they can get to/what they can do
should be controlled separately by a gateway or firewall.

  Terminating the wireless directly on your internal LAN is
almost certainly a Bad Idea.

David Gillett

-----Original Message-----
From: William Stegman [mailto:stegmanw () comcast net]
Sent: Wednesday, July 13, 2005 9:48 AM
To: security-basics () securityfocus com
Subject: wireless internal vs external

fter researching wireless security, and testing deployment of an
internal wireless solution, that is wireless connected to the
corporate
LAN, and external wireless, an AP connected to the Internet, I’m
convinced the internal solution is the most secure. The
problem is that
the “higher ups” are not convinced. My rationale is that using eap/tls
with tkip or aes on an aironet 1200 provides much more security and
scalability than using a lniksys that sits on the Internet. I
can create
access-lists on the aironet to prevent unauthorized attempts
to the http
protocol, vlans, and it has VoIP capability. The biggest problem with
the outside wireless solution is that it is using WEP, and if I’m
connected to my LAN and then also connect to the outside, I’ve
essentially turned my laptop into a gateway that offers very little
firewall protection, zonelabs is installed on most laptops. So, does
anyone have any experience or opinion I can consider? I feel that the
“inside wireless solution” has had a sort of unjustified
boogeyman aura
to it, but perhaps someone else has some further insight.

Thank you,

/William Stegman - Network Administrator/

TransCore - Hummelstown

Current thread:

wireless internal vs external William Stegman (Jul 18)
- RE: wireless internal vs external Burton Strauss (Jul 20)
- RE: wireless internal vs external David Gillett (Jul 20)
- RE: wireless internal vs external Dean De Beer (Jul 20)