Educause Security Discussion mailing list archives
Re: Wireless SSIDs (was Re: WEP)
From: Willis Marti <wmarti () TAMU EDU>
Date: Wed, 13 Jul 2005 10:22:15 -0500
Graham wrote:
Willis Marti wrote:we force wireless users through a VPN - achieving enryption and authentication.Thr trouble with VPNs is that unless you take special steps, the machine is then effectively on the inside of your firewall - and often it is a machine that is uncontrolled and at a high risk of virus infection etc. Choices available are: 1) security client on the portable to verify integrity (hah) before allowing connection 2) VPN terminates *outside* your network and clients still have to go through firewall 3) No VPN, and only allow encrypted protocols to call in to your campus network through your firewall, such as SSH and Remote Desktop (which is supposed to be encrypted although I've never seen a good analysis of it and don't yet trust it completely)
We terminate the VPN inside our firewall and they are no more controlled than any system in a University environment. :) But, we do know the user identity to track them down or disable the account. Plus we put a NetSQUID box just inside to slow down Bad Things (tm). ( http://netsquid.tamu.edu/ ) -- Cheers, Willis Marti Associate Director for Networking Computing & Information Services Texas A&M University
Current thread:
- Re: Wireless SSIDs (was Re: WEP) Jeff Kell (Jul 13)
- <Possible follow-ups>
- Re: Wireless SSIDs (was Re: WEP) Willis Marti (Jul 13)
- Re: Wireless SSIDs (was Re: WEP) Information Security (Jul 13)
- Re: Wireless SSIDs (was Re: WEP) Information Security (Jul 13)
- Re: Wireless SSIDs (was Re: WEP) Willis Marti (Jul 13)
- Re: Wireless SSIDs (was Re: WEP) Christopher E. Cramer (Jul 13)
- Re: Wireless SSIDs (was Re: WEP) Dean De Beer (Jul 13)
- Re: Wireless SSIDs (was Re: WEP) Koerber, Jeff (Jul 15)
- Re: Wireless SSIDs (was Re: WEP) Mark S. Bruhn (Jul 15)
- Re: Wireless SSIDs (was Re: WEP) Dean De Beer (Jul 15)
- Re: Wireless SSIDs (was Re: WEP) Jeff Kell (Jul 15)
- Re: Wireless SSIDs (was Re: WEP) Koerber, Jeff (Jul 18)