Re: [PEN-TEST] Penetrating Wireless Networks

[mirza sahib <wasim () EXPERTSYSTEMS NET>]

On Fri, 9 Mar 2001, Anton Rager wrote:

We have deployed a very similar mechanism as highlighted below in a
network now. I haven't started testing the strength of the solution but
the VPN-1 from Nortel seems to work pretty well, except for all the dammed
filters.

## We're recommending that security minded customers put
## their wireless AP in their DMZ, and use an IPSec
## client from the wireless workstation into a VPN
## appliance for internal network access. This setup puts
## the wireless traffic outside the private network, and
## only allows access into it via IPSec tunnels.  It also
## prevents wireless users from accessing your internal
## network un-encrypted.
##
## So -- worst case: someone can snoop/inject traffic
## into your wireless network, but they will only get
## internet access. More paranoid users could create an
## additonal zone  [2nd DMZ] with just the wireless AP
## and a VPN server in it. This would limit
## snooping/injection to just that isolated network
## zone.....unless they supply the proper IPSec
## credentials.
##
## My pitch is a Nortel Networks Contivity VPN Switch
## with our Contivity extranet client, but I'm a bit
## biased;)  Other VPN solutions could accomplish the
## same thing.

--
wasim () expertsystems net - islamabad, pk - gsm +92300508070 - pgp 0x2EF7F636