Re: Off Topic: 802.11 Dongles

["Victor B. Williams" <vbwilliams () essvote net>]

Well,

I can answer your last question.

The Cisco VPN clients work like that...as long as you have a 3000
series concentrator or a PIX acting as the VPN server.  The provide
the same access for Linux and Windows hosts.  The Linux client isn't
GUI like the Windows one...but all the settings are identical, and the
operation is identical.  We have both deployed and it's been the only
solution that satifies all OS'es.  There's also a MAX OS X client.

Crispin Cowan said:
> TSimons () Delphi-Tech com wrote:
>
> > This is a little off topic, but something that could benifit all...
> > Our
> > laptop users are pushing for wireless, we'd rather not have to
> > support every
> > dongle thats out there.  We're thinking compromize, we buy the dongle
> > and
> > set it up, the end user matches the WEP setting on their WAP.
> I'm not sure what you mean by "dongle", other than "brand of WiFi
> card"
> perhaps?
>
> In any case, WEP is useless; easy to crack.
>
> What we deployed:
>
>     * put the WAP outside the firewall, on its own subnet where it
> can't
>       sniff DMZ traffic
>     * no WEP
>     * casual drive-by users can access the internet, but only have
> about
>       as much leverage on our LAN as Internet users in Bombay
>     * for access to internal LAN services, make the wireless users use
> a
>       VPN, just like remote users do
>
> This network architecture seems to surprise a lot of people, who keep
> wishing for a level 2 security solution that will work. Conversely,
> I've
> always been surprised at the desire for level 2 security: I always act
> as if the attacker is clamped to my personal ethernet port, and only
> send encrypted traffic if it matters at all. Use level 3 crypto if it
> matters.
>
> Of course, that does raise a problem that we haven't solved: what is a
> good VPN/IPSec solution that works for both Windows and Linux clients?
> I
> know, FreeSWAN, but it's flaky, and taking up a lot of our admin's
> time
> trying to debug it.
>
> Crispin
>
> --
> Crispin Cowan, Ph.D.           http://immunix.com/~crispin/
> Chief Scientist, Immunix       http://immunix.com
>             http://www.immunix.com/shop/
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () honor icsalabs com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


"Real men don't even use monitors! I've just got a guy that can draw
real fast."

Victor Williams
Network Architect
Election Systems & Software
http://www.essvote.com
vbwilliams () essvote com
(402) 970-1100

CONFIDENTIALITY NOTICE:
This e-mail transmission and any documents, files or previous e-mail
messages attached to it may contain information that is confidential,
protected by the attorney/client or other privileges, and may
constitute non-public information. It is intended to be conveyed only
to the designated recipient(s) named above. Any unauthorized use,
reproduction, forwarding, distribution or other dissemination of this
transmission is strictly prohibited and may be unlawful. If you are
not an intended recipient of this e-mail transmission, please notify
the sender by return e-mail and permanently delete any record of this
transmission. Your cooperation is appreciated.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards