Firewall Wizards mailing list archives

Re: DMZ Ideas

From: Carric Dooley <carric () com2usa com>
Date: Fri, 1 Oct 2004 09:16:29 -0400 (EDT)

I am assuming this puts the tags into some sort of database.. if so, I 
would have the 802.11 (the Symbol frequency hopping stuff, btw, is 
invisible to tools like Kismet) access points in a front-end DMZ with it's 
required data access components in a back-end DMZ. This segments the 
untrusted wireless network from your internal network, and provides access 
control TO the server/s required. Pull the data back into the network to 
sync with another database if required. Keep the rule of "don't allow 
untrusted nets to initiate connection to trusted" in mind, and u b aight. 
=)

On Thu, 30 Sep 2004 firewalladmin () bellsouth net wrote:

Hi All:

I am looking for some unique suggestions for a sitaution developing here at my place of employment. A contractor is 
being hired to set up some wireless stuff for RF tagging (bar code tracking stuff for shipping/receiving). They will 
be placing readers that send data to Wireless Access Points, which then need to terminate in a DMZ of some sort 
before it enters the LAN. We will require them to use encryption and MAC filtering along with the appropriate 
measures to secure the distance/range of the wireless signal to within the confines of the compound. My question is 
this - What would make a good DMZ for this setup? We have a few suggestions up in the air and it's all prliminary 
stuff right now. Some ideas are VLAN's (in my opinion too much management overhead, room for error and not 
necessarily very secure), seperate subnet on router, etc. The tough part is what do we filter the traffic by? There 
is no "user" to authenticate, only unmanaged readers/devices. The site is the s!

ize

  of a big college campus, so separating the devices onto a seperate backbone/subnet will be physically difficult and 
expensive as well. All suggestions are appreciated. Thanks,

Mark

Mark F.
MCP, CCNA
"You can spend your life any way you want... But you can only spend it once."

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


-- 
Carric Dooley
COM2:Interactive Media
http://www.com2usa.com


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

RE: DMZ Ideas Luke Butcher (Sep 30)
- <Possible follow-ups>
- Re: DMZ Ideas Marcus J. Ranum (Sep 30)
- Re: DMZ Ideas Kevin (Oct 01)
- Re: DMZ Ideas Carric Dooley (Oct 01)
- Re: DMZ Ideas Dale W. Carder (Oct 05)