Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: wireless internal vs external

From: "Dean De Beer" <ddb () plazacollege edu>
Date: Mon, 18 Jul 2005 11:00:38 -0400
Hi William,

I guess it really depends on what the wireless access is to be used for. If
it's only for web access for guests, etc... a linksys might be fine but if
an individual uses your AP and broadband connection to attack another
location, site, etc.. your company can be liable for any losses that the
other company might occur.  Liability reasons alone should be enough to
convince the "higher ups" that it is better to have more control over access
and usage. At the very least if you have to go with this solution use
WPA/WPA2 and not WEP. 

I had a similar problem a while back and by putting togther a list of the
pros and cons of both solutions managed to convince the company that the
additional security provided by a raduis server, vlans, etc... was the
better option. Listing the attacks against wireless (DOS, eavesdropping,
masquerading and more) and the options for mitigation also helped.

It also depends on the scale of your implementation, what the wireless
access is for, who will be using it, budget, etc...? 

If you would like details of the implementation just email me off list.

Cheers

Dean



-----Original Message-----
From: William Stegman [mailto:stegmanw () comcast net] 
Sent: Wednesday, July 13, 2005 12:48 PM
To: security-basics () securityfocus com
Subject: wireless internal vs external


fter researching wireless security, and testing deployment of an internal
wireless solution, that is wireless connected to the corporate LAN, and
external wireless, an AP connected to the Internet, I'm convinced the
internal solution is the most secure. The problem is that the "higher ups"
are not convinced. My rationale is that using eap/tls with tkip or aes on an
aironet 1200 provides much more security and scalability than using a
lniksys that sits on the Internet. I can create access-lists on the aironet
to prevent unauthorized attempts to the http protocol, vlans, and it has
VoIP capability. The biggest problem with the outside wireless solution is
that it is using WEP, and if I'm connected to my LAN and then also connect
to the outside, I've essentially turned my laptop into a gateway that offers
very little firewall protection, zonelabs is installed on most laptops. So,
does anyone have any experience or opinion I can consider? I feel that the
"inside wireless solution" has had a sort of unjustified boogeyman aura to
it, but perhaps someone else has some further insight.

Thank you,

/William Stegman - Network Administrator/

TransCore - Hummelstown
Previous By Date Next
Previous By Thread Next

Current thread: