Ideally financial institutions should use a TS/Citrix type solution as one 'layer of the onion' to provide secure application access, rather than local application execution with confidential data traversing the networks, adding this to a wifi subnet if needed should be simple. Layered security controls are definitely more secure than any single approach.
_____ From: Christopher J. Bosak [mailto:[EMAIL PROTECTED] Sent: Monday, June 30, 2008 11:20 AM To: NT System Admin Issues Subject: RE: WiFi setup Agreed. But I’d personally keep the confidential data off the wireless all together. If Joe Employee needs his laptop to go on the internet, then he can hop on the wireless and stay off the main network. That way, his laptop never sees customer data (and why should it need to for a bank)? Christopher J. Bosak Vector Company c. 847.603.4673 [EMAIL PROTECTED] "You need to install an RTFM Interface, due to an LBNC issue." - B.O.F.H. (Merged 2 into 1) - Me From: Glen Johnson [mailto:[EMAIL PROTECTED] Sent: Monday, June 30, 2008 10:07 hrs To: NT System Admin Issues Subject: RE: WiFi setup I agree. MAC filtering is a pain to maintain and provides very little, if any, security. # 1 on George Ou’s six dumbest ways to secure wireless list. http://blogs.zdnet.com/Ou/index.php?p=43 Now granted, you’ve not said what the purpose for this wireless is so maybe you don’t need much security. If it is for guests to web surf, put it on a separate vlan, give it internet access and be done with it. If it is for users and confidential credit union data, secure it as much as possible. Good luck. From: James Kerr [mailto:[EMAIL PROTECTED] Sent: Monday, June 30, 2008 10:54 AM To: NT System Admin Issues Subject: Re: WiFi setup I was messing around with cracking APs and its pretty easy to clone the MACs of devices connected to the AP to gain access when they are using MAC filtering. ----- Original Message ----- From: David W. McSpadden <mailto:[EMAIL PROTECTED]> To: NT System Admin Issues <mailto:[email protected]> Sent: Monday, June 30, 2008 10:08 AM Subject: Re: WiFi setup I have been getting the MAC's from all the other devices on the WAN. We are greating VLAN 127. It is the default vlan and will get to the internet only. If you don't have a MAC on the ACL you get a 127 dhcp address and pumped to the internet only. It isn't fully functional yet but it is coming. ----- Original Message ----- From: Steve Ens <mailto:[EMAIL PROTECTED]> To: NT System Admin <mailto:[email protected]> Issues Sent: Monday, June 30, 2008 10:06 AM Subject: Re: WiFi setup And use MAC address filtering... On Mon, Jun 30, 2008 at 9:01 AM, Erik Goldoff <[EMAIL PROTECTED]> wrote: and for security in a credit union environment, segment the wifi and use VPN from there to get in to the resources on the wired subnet (among other security measures) _____ From: David W. McSpadden [mailto:[EMAIL PROTECTED] Sent: Monday, June 30, 2008 9:51 AM To: NT System Admin Issues Subject: WiFi setup I get to build a whole new datacenter for the Credit Union. Yeah. I am pretty good on everything with the exception that the new datacenter will have to have WiFi built in I am looking at 802.11g for now but I thought n was coming out. Does anyone have any comments on how to WiFi a 4000sqft building with 3 floors? Data Security is everyone's responsibility. No virus found in this incoming message. Checked by AVG. Version: 8.0.101 / Virus Database: 270.4.3/1526 - Release Date: 6/30/2008 8:43 AM ______________________________________________________ This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ No virus found in this incoming message. Checked by AVG. Version: 8.0.101 / Virus Database: 270.4.3/1526 - Release Date: 6/30/2008 8:43 AM ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
