Home page logo
/

basics logo Security Basics mailing list archives

Re: Wireless Guest Access
From: Wade Mackey <wmackey () comcast net>
Date: Thu, 13 Dec 2007 19:46:51 -0500

Depends,

If it's a modern wireless switch system (Cisco[ the Airspace version, not Aeronet], Aruba, Trapeze etc...) then this shouldn't be an issue as the switches were designed with this in mind. I don't really have an opinion on the port blocking, but I would suggest content filtering to the same standards as internal.

As to SSID, not broadcating does nothing for security and will make some client side cards not work.

Wade Mackey
CISSP, CISA, CWNA and CWSP

roberticoles () gmail com wrote:
Greetings,
Does anyone else see a problem with hosting multiple vlans on the same access point, one being guest access (open) and 
the other being company data (wpa2).
The installer claims that because it's using lwap to a wism controller in our dirty dmz, it's secure.  This comes from 
the same installer who claims non-broadcasting the ssid is a great security measure.
A username and password is requested via a splash screen from the wism controller when a web browser is opened and 
makes a request to the Internet.  However, they give the same id and password to a bunch of consultants and only change 
it every 30 days.
This same guest vlan access is wide open (no port blocking).  It does use a pat'ed address on the edge (IP address is 
from the same block from our ISP).
What about being blacklisted if something malicious occurs?
How about vlan hopping?
Other security risks?
Thank you in advance for any feedback provided.





  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]