WLAN DMZ Ideas

[<firewalladmin () bellsouth net>]

Just wanted to thank everyone who answered with ideas. The main theme, based on the large campus-like environment, was 
VLANs. The proposal I suggested then was to implement 3DES encryption and MAC filtering on the WLAN (which goes without 
saying, of course). The AP's are then placed on a VLAN which is connected to the default VLAN through a Cisco Router 
with a very restrictive access list. This is made simpler based on the proprietary ports used to talk with the 
Management station, no standard http or netbios stuff needs to cross VLANs, which means that all the standard 
exploitable ports will be closed. In addition, physical security is excellent. The "campus" is highly secured and 
restricted with gates/security guards, the LAN equipment is further secured in restricted access buildings, rooms and 
cabinets. In addition we are a "secured" area within a larger "secured" campus, which really helps limit the 
eavesdropping on the WAPs. Anything else to consider? Thanks!
Mark

Mark F.
MCP, CCNA
"You can spend your life any way you want... But you can only spend it once."

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards