Normally putting the AP outside the firewall and treating wireless users as telecommuters and forcing them to VPN in is an acceptable solution, however this implies that the firewall is actualy doing what it is supposed to.
Ken
Lile Elam wrote:
Hi folks,
So I have a client who had an AP on their internal business network
which was completely open... no password or WEP was enabled. Needless
to say, anyone could connect to any machine on their network from
the street.
I suggested that we put the AP on the outside of their firewall and leave it open. We tried this but it turns out that access to
inside machines was still available.
So we turned on WEP and set a password on the AP for the network.
Now I was talking with a few network geeks in a hottub about this
and we were discussing what the best configuration would be... the majority of response was that I should move the AP back into
the internal network and leave WEP on.
This was a surprise... I would have thought that you would want
to keep the AP in the DMZ zone... and not on the internal network.
Also, I am wondering why people could see the internal network machines from the DMZ... was the router not really protecting the
internal network?
Ideally I would like to set up such clients with AP's in the DMZ
zones that are completely open so that there will be more public
access points.
Would love to hear folks comments on the above... and ideas on what the best config would be.
thanks,
-lile
hacker artist
GeekMaids.Com - Creating Order out of Chaos... Cleaning and Beyond!
--
general wireless list, a bawug thing <http://www.bawug.org/>
[un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
-- general wireless list, a bawug thing <http://www.bawug.org/> [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
