Firewall Wizards mailing list archives
Re: DMZ Ideas
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Thu, 30 Sep 2004 21:04:12 -0400
firewalladmin () bellsouth net wrote:
My question is this - What would make a good DMZ for this setup? We have a few suggestions up in the air and it's all prliminary stuff right now. Some ideas are VLAN's (in my opinion too much management overhead, room for error and not necessarily very secure), seperate subnet on router, etc. The tough part is what do we filter the traffic by? There is no "user" to authenticate, only unmanaged readers/devices.
Can you buy an 802.1X/802.1aa capable switch to use as a mezzanine network for your wireless? Then you can authenticate the user reasonably well. The software side for Windows is in XP service pack 2, and more devices are handling it all the time... Lisa Phifer has a pretty good article on this stuff on http://www.wi-fiplanet.com/tutorials/article.php/3073201 mjr. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: DMZ Ideas Luke Butcher (Sep 30)
- <Possible follow-ups>
- Re: DMZ Ideas Marcus J. Ranum (Sep 30)
- Re: DMZ Ideas Kevin (Oct 01)
- Re: DMZ Ideas Carric Dooley (Oct 01)
- Re: DMZ Ideas Dale W. Carder (Oct 05)