Firewall Wizards mailing list archives
Re: Wireless
From: Dave Piscitello <dave () corecom com>
Date: Mon, 19 Aug 2002 13:56:43 -0400
Moving off topic from "identifying rogue APs" but... Like every other security "problem", best practices is layered defenses.1) Strong authentication - companies like netmotion, columbitech, funk have solutions in this space 2) higher level encryption (than WEP) - netmotion and columbitech use application stream proxies (SSL, for example), 3) access controls - bluesocket and vernier et. al. have wireless firewalls, with various mac and IP level ACLs. these also support IPsec
But you need desktop/laptop security measures as well.You've talked only about APs (infrastructure mode); if you're really worried, you have to think about Bob, your power user who runs wireless in a peer-to-peer mode at home for "Internet sharing" then comes to the office, and connects with his 10BaseT PC card to your network, and is just smart enough to have enabled forwarding on Win2K or whatever he runs.
I just completed a white paper on the "best practices" subject for a client; when they release it for public consumption I'll post the URL.
At 03:31 PM 8/9/2002 -0400, Paul Robertson wrote:
On Fri, 9 Aug 2002, John McDermott wrote: > So what is the Best Practice approach to securing a wireless subnet? > Given a WAP and n known cards, what is the best way to deal with MAC > spoofing, wandering unauthorized users, etc. to prevent access to all > lan resources for unauthorized users? Treat it like the Internet and a VPN- encrypt everything going to any node, put a layer 3 device between the WAP and the wireline/fiber network, put PC firewalls on the PC nodes, and have the layer 3 device do strong authentication and decryption for allowed users to selected internal resources. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
David M. Piscitello Core Competence, Inc. & 3 Myrtle Bank Lane Hilton Head, SC 29926 dave () corecom com 843.689.5595 www.corecom.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Wireless Paul Robertson (Aug 09)
- Re: Wireless R. DuFresne (Aug 09)
- Re: Wireless B. Scott Harroff (Aug 09)
- <Possible follow-ups>
- RE: Wireless Scott, Richard (Aug 09)
- RE: Wireless ejb3 (Aug 09)
- Re: Wireless Jeff Newton (Aug 09)
- Re: Wireless R. DuFresne (Aug 09)
- Re: Wireless Jeff Newton (Aug 09)
- RE: Wireless ejb3 (Aug 09)
- Re: Wireless John McDermott (Aug 09)
- Re: Wireless Paul Robertson (Aug 09)
- Re: Wireless Dave Piscitello (Aug 19)
- Re: Wireless ejb3 (Aug 09)
- Re: Wireless R. DuFresne (Aug 09)
- RE: Wireless Paul Robertson (Aug 09)
- RE: Wireless R. DuFresne (Aug 09)