The strategies I've seen employed and discussed are (you'll have to talk to
your vendor about implementing specific solutions):
1. treat the wireless AP like an internet gateway. trust no one. consider a
firewall between the AP and the internal network. anyone with 802.11b
scanning gear can and will find your network, just like the internet.
2. use another layer of cryptography. VPN client software logging into the
AP, or a VPN concentrator before the internal network. AP's use WEP, which
has been proven breakable, no matter the key length (grtz to Ian Goldberg &
friends), so do not rely on it for secure communications.
3. if you're using WEP as a 'hurdle' change the key regularly. I think cisco
can be configured to change up to every 30 seconds.
the implications of not using *strong* cryptography are essentially like
opening a door directly into your network (and any WAN link you have).
fyi...there are products coming out that integrate access control, VPN and
key management in one appliance.
here are some links to the papers I'm referring to:
http://www.cs.umd.edu/~waa/wireless.html
http://www.cs.rice.edu/~astubble/wep/wep_attack.html
http://securingwireless.intranets.com/login.asp?link=
Steve
-----Original Message-----
From: Scott Seglie [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 10, 2001 6:47 AM
To: [EMAIL PROTECTED]
Subject: Implementing a Secure Wireless Network
Hello,
I have done extensive research on the above topic and
have found no articles. I am interested in finding
out the best place to add a wireless segment to a
network, including proper security authentication
techniques. Any resources, documents, or discussion
is greatly appreciated.
Thanks
__________________________________________________
Do You Yahoo!?
Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger
http://im.yahoo.com
