Firewall Wizards mailing list archives
(In)security of wireless LANs and the Cisco Wireless Security Sui te
From: "Stewart, John" <johns () artesyncp com>
Date: Mon, 3 Nov 2003 17:49:27 -0600
I've been getting a lot of heat from management at one of our sites to implement wireless networking. I've been adamant in the past that it would not be feasible due to the inherent insecurities with WEP under 802.11. My opinion has been that if they want to use wireless LANs, we can set up a seperate leg on the firewall, treat it like a completely untrusted network, and they can VPN in to get access to internal networks. However, of course the pointy-hairs in that office want to be able to walk around with their laptops as if they were wired. I don't know why it would be so hard to plug the laptop into the wall in the conference room, but I do understand that it would be "nice to have". I use a WAP at home, and like it. Anyhow, the Cisco offering in this area does look to be somewhat promising at ameliorating the risks involved with wireless. Here is their white paper on their Wireless Security Suite offering: http://www.cisco.com/en/US/products/hw/wireless/ps430/products_white_paper09 186a00800b469f.shtml It does sound like they're doing some good things, and I'm wondering what the opinion is from you wizards on it. Anyone used it? Is it Good Enough? While I understand that adding wireless access points, even when done properly, is inherently adding security risk that I did not have before, my job (of course) is to balance business need versus security. I guess the question is, with this product, am I taking a larger risk than I am with, say, some of these other issues which would not be necessary in an ideal, secured, world: - Allowing VPNs from users' PCs (a software firewall is required in that case, but certainly this is riskier than not allowing it) - HTTP access to everywhere from the internal (Windows) desktops - Email on Outlook/Exchange. While we disallow executable attachments, and run virus/trojan scanners on the server and desktop, this is certainly another worrisome vector of attack. So, with this "Wireless Security Suite" on some Aironet access points, is a wireless LAN (connected to our internal network) really a bigger risk than these other risks, necessitated by our business requirements? thanks! johnS _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- (In)security of wireless LANs and the Cisco Wireless Security Sui te Stewart, John (Nov 04)
- Re: (In)security of wireless LANs and the Cisco Wireless Security Sui te R. DuFresne (Nov 04)
- Re: (In)security of wireless LANs and the Cisco Wireless Security Sui te John Adams (Nov 04)
- Re: (In)security of wireless LANs and the Cisco Wireless Security Sui te R. DuFresne (Nov 05)
- Re: (In)security of wireless LANs and the Cisco Wireless Security Sui te John Adams (Nov 04)
- RE: (In)security of wireless LANs and the Cisco Wireless Security Sui te Ben Nagy (Nov 04)
- Re: (In)security of wireless LANs and the Cisco Wireless Security Sui te David Wagner (Nov 05)
- Problem with TCP 1433, conduits and ACLs... Wes Noonan (Nov 26)
- RE: Problem with TCP 1433, conduits and ACLs... Andy Lyakhovetskiy (Nov 28)
- Re: (In)security of wireless LANs and the Cisco Wireless Security Sui te David Wagner (Nov 05)
- Re: (In)security of wireless LANs and the Cisco Wireless Security Sui te R. DuFresne (Nov 04)
- Re: (In)security of wireless LANs and the Cisco Wireless Security Suite Mikael Olsson (Nov 04)
- <Possible follow-ups>
- RE: (In)security of wireless LANs and the Cisco Wireless Security Sui te Sloane, David (Nov 04)