Security Basics mailing list archives
RE: wireless internal vs external
From: "Dean De Beer" <ddb () plazacollege edu>
Date: Mon, 18 Jul 2005 11:00:38 -0400
Hi William, I guess it really depends on what the wireless access is to be used for. If it's only for web access for guests, etc... a linksys might be fine but if an individual uses your AP and broadband connection to attack another location, site, etc.. your company can be liable for any losses that the other company might occur. Liability reasons alone should be enough to convince the "higher ups" that it is better to have more control over access and usage. At the very least if you have to go with this solution use WPA/WPA2 and not WEP. I had a similar problem a while back and by putting togther a list of the pros and cons of both solutions managed to convince the company that the additional security provided by a raduis server, vlans, etc... was the better option. Listing the attacks against wireless (DOS, eavesdropping, masquerading and more) and the options for mitigation also helped. It also depends on the scale of your implementation, what the wireless access is for, who will be using it, budget, etc...? If you would like details of the implementation just email me off list. Cheers Dean -----Original Message----- From: William Stegman [mailto:stegmanw () comcast net] Sent: Wednesday, July 13, 2005 12:48 PM To: security-basics () securityfocus com Subject: wireless internal vs external fter researching wireless security, and testing deployment of an internal wireless solution, that is wireless connected to the corporate LAN, and external wireless, an AP connected to the Internet, I'm convinced the internal solution is the most secure. The problem is that the "higher ups" are not convinced. My rationale is that using eap/tls with tkip or aes on an aironet 1200 provides much more security and scalability than using a lniksys that sits on the Internet. I can create access-lists on the aironet to prevent unauthorized attempts to the http protocol, vlans, and it has VoIP capability. The biggest problem with the outside wireless solution is that it is using WEP, and if I'm connected to my LAN and then also connect to the outside, I've essentially turned my laptop into a gateway that offers very little firewall protection, zonelabs is installed on most laptops. So, does anyone have any experience or opinion I can consider? I feel that the "inside wireless solution" has had a sort of unjustified boogeyman aura to it, but perhaps someone else has some further insight. Thank you, /William Stegman - Network Administrator/ TransCore - Hummelstown
Current thread:
- wireless internal vs external William Stegman (Jul 18)
- RE: wireless internal vs external Burton Strauss (Jul 20)
- RE: wireless internal vs external David Gillett (Jul 20)
- RE: wireless internal vs external Dean De Beer (Jul 20)