Firewall Wizards mailing list archives
Re: Securing a wireless network
From: Andras Kis-Szabo <kisza () securityaudit hu>
Date: Fri, 29 Oct 2004 14:50:51 +0200
Hi,
At my so-called place of business, there exists a completely insecure public wireless network that I wish to lock down (ignoring WEP, Radius, and other wireless security methods).
Check the next product: AirFortress @ http://www.fortresstech.com/
I am looking for a means of forcing 'unverified' clients (by MAC address?; not at all worried about spoofing) to run a script or program of some sort before being able to interface with other network devices (to scan for viruses, check software configuration, and whatever else). The best bet at the moment seems to include VLAN's and some sort of destination NAT to a generic web server that says "hey, run this!", but I'm having trouble finding literature on the subject. Partly because I'm not entirely sure what I'm looking for.
For this enforcement user offline - some minimal protection online - rstricted access, only to VPN VPN - logon in VPN - access to the Enterpriseand the client must be up2date, have to run scripts, restricted access until he does not run the script:
use the Integrity Secure Cleint from Check Point.The key part of it the Integrity personal firewall which will enforce the enforcement policies, online/offline/VPN/personal rulesets and it can be integrated with gateways. (example: he has to use EAP to network access and when the Integrity is out-of-compliance the server can deauthorize the client at the EAP server, too. It is useful when someone comes into the Enterprise w/ a laptop and plugs it into an empty slot. He won't be able to communicate.)
- Backbone: Cisco Catalyst 6509 multilayer switch - Closets: various models of manged Catalyst switches running an enterprise IOS version - Access Points: Cisco Aironet AP350's and 1120's
This system can work together w/ AirFortress.(For the clients: the Integrity will be enough since you do not need the ISC.)
Best regards, Andras -- Andras Kis-Szabo Security Development, Design and Audit -------------------------/ Zorp, NetFilter and IPv6 kisza () SecurityAudit hu /-------------------------------------------> _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Securing a wireless network chris (Oct 28)
- Re: Securing a wireless network Claudiu Dragalina-Paraipan (Oct 29)
- Re: Securing a wireless network Mark Teicher (Oct 29)
- Re: Securing a wireless network Andras Kis-Szabo (Oct 29)
- Re: Securing a wireless network Gary Flynn (Oct 29)
- Re: Securing a wireless network Jim Seymour (Oct 29)
- Re: Securing a wireless network Kevin Sheldrake (Oct 29)
- <Possible follow-ups>
- RE: Securing a wireless network Smith, Aaron (Oct 29)
- Re: Securing a wireless network Michael H (Oct 29)
- RE: Securing a wireless network chris (Oct 29)
- Re: Securing a wireless network Tony Rall (Oct 30)
- Re: Securing a wireless network Mark D Robinson (Oct 30)
- Re: Securing a wireless network David Lang (Oct 31)
- Re: Securing a wireless network Jason Lewis (Oct 31)
(Thread continues...)
- Re: Securing a wireless network Claudiu Dragalina-Paraipan (Oct 29)