|
Firewall Wizards
mailing list archives
Re: Wireless
From: "B. Scott Harroff" <Scott.Harroff () att net>
Date: Fri, 9 Aug 2002 15:40:55 -0400
WIN Standards
a.. Wireless Access Points
a.. Directional antennas will be used where necessary to limit
wireless access point signals from extending beyond the exterior of the
building
b.. Any new wireless access point must be approved by IT
Security prior to implementation
c.. Configuration of the wireless access points will be
controlled and monitored by IT Security
d.. Wireless access points must be on the Wireless DMZ - not on
the internal network
e.. SSID will be standardized to <sanitized>; SSID's will not be
broadcast.
f.. WEP will be enabled at 128 bit encryption and Pass phrases
will be standardized to 1 to deter casual unauthorized users
g.. RADIUS will be used to authenticate users prior to being
able to access the WIN
h.. Triple DES IPSEC encryption will be used for data encryption
on the WIN
Currently approved wireless access point devices:
a.. LinkSys WAP11
b.. DLINK 713P
IT Security will perform regular internal and external audits.
Devices found that are not in compliance will the above be confiscated by IT
Security
IT Security, in conjunction with <sanitized> will evaluate
wireless assess points that offer additional security or enhanced bandwidth
abilities.
a.. Wireless Users
a.. All users accessing the wireless network must be approved by
IT Security
b.. A list of all wireless users will be maintained by IT
Security
c.. Wireless users must use Sygate Security Agent 2.2 (corporate
personal firewall) and Nortel VPN software
Currently approved wireless access cards:
a.. LinkSys Network PC card v3
b.. DLink DWL-650
b.. General
a.. The present wireless networks will be standardized and
integrated
b.. Channelization will be used for performance increases
Obtaining access to WIN
1.. Obtain approval from your manager for purchase of an
approved wireless access card (cost varies) and a personal firewall license
($49.95)
2.. Ask your manager send an email to <sanitized> with a
subject of "Wireless Access" requesting access to the wireless network. for
you. Please be sure to include your <sanitized> username and the cost
center that the personal firewall will be charged to.
3.. Contact the administrator of the wireless access point you
will be using as your primary access point. They will assist in installing
and configuring the the wireless access card and necessary software.
a.. Conference Rooms - <sanitized>
b.. Executive and International Areas - <sanitized>
c.. IT Security will setup your permissions on the Nortel VPN
and RADIUS servers.
----- Original Message -----
From: "Paul Robertson" <proberts () patriot net>
To: <firewall-wizards () honor icsalabs com>
Sent: Friday, August 09, 2002 2:02 PM
Subject: [fw-wiz] Wireless
How are people starting to deal with hunting down and killing rogue
Wireless Access Points (WAPs)[1]? It seems pretty easy in environments
where wireless isn't allowed at all, but is anyone dealing with the
situation in
an environment where there are sanctioned wireless networks?
Thanks,
Paul
[1] I'm thinking a lot about the built-in laptop WAPs, people bringing in
802.11b-enabled hubs, and only slightly about the cleaning folks hiding
one in the ceiling tiles.
--------------------------------------------------------------------------
---
Paul D. Robertson "My statements in this message are personal
opinions
proberts () patriot net which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
 By Date 
By Thread
Current thread:
- Wireless Paul Robertson (Aug 09)
- Re: Wireless R. DuFresne (Aug 09)
- Re: Wireless B. Scott Harroff (Aug 09)
| 
Intro
