You use NMAP to do network scans to determine what is accessible and what isn't.
-----Original Message----- From: Joe Tinney [mailto:jtin...@lastar.com] Sent: Wednesday, June 09, 2010 3:04 PM To: NT System Admin Issues Subject: RE: OTish: Wireless network configuration I wasn't involved in the implementation, so I really couldn't say how it was done here. I know that I can't get to any of our 'protected' network segments but I haven't done any scientific pen testing. -----Original Message----- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, June 09, 2010 2:18 PM To: NT System Admin Issues Subject: Re: OTish: Wireless network configuration Understand that - how do you verify it that it works as designed? On Wed, Jun 9, 2010 at 06:33, Joe Tinney <jtin...@lastar.com> wrote: > Access control and routing is done by our core firewall and router for all of > our networks. This is the configuration that Phil is referring to. > > -----Original Message----- > From: Kurt Buff [mailto:kurt.b...@gmail.com] > Sent: Tuesday, June 08, 2010 10:34 PM > To: NT System Admin Issues > Subject: Re: OTish: Wireless network configuration > > I wonder how you verify the security of such an arrangement? > > On Tue, Jun 8, 2010 at 19:20, Joe Tinney <jtin...@lastar.com> wrote: >> While I'm not the one that configured them, our Cisco wireless access points >> are configured with two SSID's: one on a VLAN that goes to our transparent >> proxy and without access to our other networks and the other on a VLAN that >> functions just like our client wired network segment. The first one is an >> open Guest network and the latter is WPA2 secured. >> >> I'm not sure what your network devices would enable you to do but this has >> been rock solid configuration for us. >> >> -----Original Message----- >> From: Kurt Buff [mailto:kurt.b...@gmail.com] >> Sent: Tuesday, June 08, 2010 7:29 PM >> To: NT System Admin Issues >> Subject: OTish: Wireless network configuration >> >> All, >> >> We've got a decent wireless network at $WORK, but I'm dissatisified with it, >> because it lacks good guest access. >> >> We have 18 Cisco 1240ag WAPs talking with 3 HP POE switches, which currently >> are in our HP 3400cl layer 3 switch on our production network. There's a >> single SSID across all of them, and I've got them all configured on a single >> VLAN. Works great, but as mentioned there is no guest access. >> >> I could just stick them all physically outside our firewall, and give the >> wireless users an IPSec VPN client, but I really would prefer not to do that. >> >> I've been doing some reading, but don't have a good handle on how to move to >> a configuration that would work well - without the VPN, that is. >> >> I'm casting about for ideas - anyone have a solution they like? >> Preferably without spending tons of money, of course. >> >> Kurt >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ >> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ >> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
