Security Basics mailing list archives
RE: wireless internal vs external
From: "David Gillett" <gillettdavid () fhda edu>
Date: Tue, 19 Jul 2005 08:39:31 -0700
I don't understand how WHERE the wireless space connects to your wired infrastructure dictates WHAT equipment is used. The Aironet 1200 offers a whole lot more than any LinkSys product I know of. Regardless of security features offered by the access point, the wireless space should be on a distinct VLAN with filtered access to wired resources, whether internal or on the Internet. Access-point security should focus on who can connect to the wireless service, and where they can get to/what they can do should be controlled separately by a gateway or firewall. Terminating the wireless directly on your internal LAN is almost certainly a Bad Idea. David Gillett
-----Original Message----- From: William Stegman [mailto:stegmanw () comcast net] Sent: Wednesday, July 13, 2005 9:48 AM To: security-basics () securityfocus com Subject: wireless internal vs external fter researching wireless security, and testing deployment of an internal wireless solution, that is wireless connected to the corporate LAN, and external wireless, an AP connected to the Internet, I’m convinced the internal solution is the most secure. The problem is that the “higher ups” are not convinced. My rationale is that using eap/tls with tkip or aes on an aironet 1200 provides much more security and scalability than using a lniksys that sits on the Internet. I can create access-lists on the aironet to prevent unauthorized attempts to the http protocol, vlans, and it has VoIP capability. The biggest problem with the outside wireless solution is that it is using WEP, and if I’m connected to my LAN and then also connect to the outside, I’ve essentially turned my laptop into a gateway that offers very little firewall protection, zonelabs is installed on most laptops. So, does anyone have any experience or opinion I can consider? I feel that the “inside wireless solution” has had a sort of unjustified boogeyman aura to it, but perhaps someone else has some further insight. Thank you, /William Stegman - Network Administrator/ TransCore - Hummelstown
Current thread:
- wireless internal vs external William Stegman (Jul 18)
- RE: wireless internal vs external Burton Strauss (Jul 20)
- RE: wireless internal vs external David Gillett (Jul 20)
- RE: wireless internal vs external Dean De Beer (Jul 20)