Re: Wireless SSIDs (was Re: WEP)

[Willis Marti <wmarti () TAMU EDU>]

 Graham wrote:
> Willis Marti wrote:
> > we force wireless users through a VPN - achieving enryption and authenticati
> on.
> >
> Thr trouble with VPNs is that unless you take special steps, the machine
> is then effectively
> on the inside of your firewall - and often it is a machine that is
> uncontrolled and at a high
> risk of virus infection etc.
>
> Choices available are:
> 1) security client on the portable to verify integrity (hah) before
> allowing connection
> 2) VPN terminates *outside* your network and clients still have to go
> through firewall
> 3) No VPN, and only allow encrypted protocols to call in to your campus
> network through
> your firewall, such as SSH and Remote Desktop (which is supposed to be
> encrypted although
> I've never seen a good analysis of it and don't yet trust it completely)

We terminate the VPN inside our firewall and they are no more controlled than
any system in a University environment. :) But, we do know the user identity
to track them down or disable the account. Plus we put a NetSQUID box just
inside to slow down Bad Things (tm). ( http://netsquid.tamu.edu/ )

--
Cheers,
 Willis Marti
 Associate Director for Networking
 Computing & Information Services
 Texas A&M University