Security Basics mailing list archives

RE: Wirless LAN

From: "David Gillett" <gillettdavid () fhda edu>
Date: Mon, 23 Jun 2003 09:59:39 -0700

  There are two basic approaches to this:

1. Install one of the several GOOD "wireless switch" back-end boxes,
which handle the login and enforce per-user (by group or role) traffic
restrictions.  Some of these offer advanced features, such as allowing
users to roam from one AP to another without re-authenticating.

2. Group access points on different VLANs, according to the rights
users need.  Require some kind of login to access out of the VLAN.
This is clumsy and awkward and horrible; be aware that a few "wireless
switch" products just use the user login to group clients into VLANs,
and expect your core inter-VLAN routing access lists to do all policy
enforcement...

  [I'd prefer not to name names, but watch for boxes that boast how 
many VLANs they allow.  Oh, and note that on some boxes, roaming *may*
require proprietary APs made by the switch manufacturer.....]

David Gillett

-----Original Message-----
From: Potter, Tim [mailto:Tim.Potter () clarkconsulting com]
Sent: June 18, 2003 13:08
To: security-basics () securityfocus com
Subject: Wirless LAN


We're going to be taking the dive on a WLAN here soon.  We have two
floors and two wings on each floor.  I'm thinking of 2 access 
points per
wing.  My question, is that I'm looking for opinions on how 
best to set
this up security-wise.  I've been reading a lot about this lately, but
maybe someone on this list has set this up and give me some input.  My
Wireless knowledge is probably a 4 (out of 10).  Thanks,
-Tim

--------------------------------------------------------------

---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------

Current thread:

Wirless LAN Potter, Tim (Jun 18)
- RE: Wirless LAN Anil John (Jun 19)
- RE: Wirless LAN Flemming Harvad (Jun 19)
- RE: Wirless LAN David Gillett (Jun 24)
- <Possible follow-ups>
- RE: Wirless LAN DeGennaro, Gregory (Jun 19)
- Re: Wirless LAN Andrew Anderson (Jun 19)
- RE: Wirless LAN Charlie Winckless (Jun 20)