Priscilla Oppenheimer wrote: > For a large campus network that has a need for wireless access in conference > rooms, cafeterias, etc., would it be overkill to require wireless clients to > use VPN IPSec software to access the campus network? This is for a customer > who is paranoid about security and understands the tradeoff of ease-of-use > versus security. > > There are othere downsides with requiring VPN software, of course, including > the usual issues of incompatibility with some apps, the lack of support for > protocols other than IP, and the lack of support for multicast applications > (from what I understand). Also, we have to consider the scalability of the > current VPN solution and whether it can support numerous transient wireless > users, but we think it can. There are many advantages with IPSec too, like > support for encryption that actually works... > > What do you all think? Do any of you require your campus wireless users to > use VPN software? > > Sorry if it's a stupid question. > > Priscilla > **Please support GroupStudy by purchasing from the GroupStudy Store: > http://shop.groupstudy.com > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > I'll take a swing: It Depends.
Really, I think it does. This campus network may have wireless access in areas where traffic should be encrypted (is there a health clinic? think HIPAA; will HR or Finance be using wireless from these conference rooms?). But there may also be many areas, if not most, where it is overkill. Security is always a balancing act between convenience/ease of use and the cost incurred if information is somehow violated (lost, compromised, kidnapped--it can happen, heavens--it has). If the wireless is being added for low-value use and convenience, I don't see a need for IPSec, though I would certainly be careful to segregate the wirelss from the wired and control wireless access into significant segments of the wired network. I would look very hard at the design issues of what apps and what data will be transiting where, and protect those areas which carry sensitive data. And I would pay especial attention to Layer 8 issues [grin]. Annlee Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73991&t=73988 -------------------------------------------------- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
